1.0 OverviewConsistent standards for network access and authentication are critical to the company’s information security and are often required by regulations or third-party agreements.  Any user accessing the company’s computer systems has the ability to affect the security of all users of the network.  An appropriate Network Access and Authentication Policy reduces the risk of a security incident by requiring consistent application of authentication and access standards across the network.2.0 PurposeThe purpose of this policy is to describe what steps must be taken to ensure that users connecting to the corporate network are authenticated in an appropriate manner, in compliance with company standards, and are given the least amount of access required to perform their job function.  This policy specifies what constitutes appropriate use of network accounts and authentication standards.3.0 ScopeThe scope of this policy includes all users who have access to company-owned or company-provided computers or require access to the corporate network and/or systems.  This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network.  Public access to the company’s externally-reachable systems, such as its corporate website or public web applications, are specifically excluded from this policy.4.0 Policy4.1 Account SetupDuring initial account setup, certain checks must be performed in order to ensure the integrity of the process.  The following policies apply to account setup:• Positive ID and coordination with Human Resources are required.• Users will be granted least amount of network access required to perform his or her job function.  • Users will be granted access only if he or she accepts the Acceptable Use Policy.• Access to the network will be granted in accordance with the Acceptable Use Policy.4.2 Account UseNetwork accounts must be implemented in a standard fashion and utilized consistently across the organization.  The following policies apply to account use:• Accounts must be created using a standard format (i.e., first name last name, or first initial last name, etc.)• Accounts must be password protected (refer to the Password Policy for more detailed information).• Accounts must be for individuals only.  Account sharing and group accounts are not permitted.• User accounts must not be given administrator or ‘root’ access unless this is necessary to perform his or her job function.• Occasionally guests will have a legitimate business need for access to the corporate network.  When a reasonable need is demonstrated, temporary guest access is allowed.  This access, however, must be severely restricted to only those resources that the guest needs at that time and disabled when the guest’s work is completed.• Individuals requiring access to confidential data must have an individual, distinct account.  This account may be subject to additional monitoring or auditing at the discretion of the IT Manager or executive team, or as required by applicable regulations or third-party agreements.4.3 Account TerminationWhen managing network and user accounts, it is important to stay in communication with the Human Resources department so that when an employee no longer works at the company, that employee’s account can be disabled.  Human Resources must create a process to notify the IT Manager in the event of a staffing change, which includes employment termination, employment suspension, or a change of job function (promotion, demotion, suspension, etc.).4.4 AuthenticationUser machines must be configured to request authentication against the domain at startup.  If the domain is not available or authentication for some reason cannot occur, then the machine should not be permitted to access the network.4.5 Use of PasswordsWhen accessing the network locally, username and password are an acceptable means of authentication.  Usernames must be consistent with the requirements set forth in this document, and passwords must conform to the company’s Password Policy.4.6 Remote Network AccessRemote access to the network is not permitted.4.7 Screensaver PasswordsScreensaver passwords offer an easy way to strengthen security by removing the opportunity for a malicious user, curious employee, or intruder to access network resources through an idle computer.  For this reason, screensaver passwords are encouraged.4.8 Minimum Configuration for AccessAny system connecting to the network can have a serious impact on the security of the entire network.  A vulnerability, virus, or other malware may be inadvertently introduced in this manner.  For this reason, users must strictly adhere to corporate standards with regard to antivirus software and patch levels on their machines. Users must not be permitted network access if these standards are not met. This policy will be enforced with a product that provides network admission control.4.9 EncryptionIndustry best practices state that username and password combinations must never be sent as plain text.  If this information were intercepted, it could result in a serious security incident.  Therefore, authentication credentials must be encrypted during transmission across any network, whether the transmission occurs internal to the company network or across a public network such as the Internet.4.10 Failed LoginsRepeated login failures can indicate an attempt to ‘crack’ a password and surreptitiously access a network account.  In order to guard against password-guessing and brute-force attempts, the company must lock a user’s account after 5 unsuccessful logins.  This can be implemented as a time-based lockout or require a manual reset, at the discretion of the IT Manager.In order to protect against account guessing, when login failures occur the error message transmitted to the user must not indicate specifically whether the account name or password was incorrect.  The error can be as simple as “the username and/or password you supplied were incorrect.”

x

Hi!
I'm Erica!

Would you like to get a custom essay? How about receiving a customized one?

Check it out