Saturday 22nd of November 2008 - 2:57 AM

Maximizing Your Business Online

• Home
• About Us
• Contact Us
• Portfolio
• Articles
  • Internet Marketing
  • Risk Management
  • Security
  • Privacy
  • Ethics
  • Hosting
  • Domain Names
  • Web Design
  • Broadband
• Products
  • Secure Credit Card Payment Script
  • Coming Soon - Web Policy Kit
  • Coming Soon - Weblite Instant Websites
• Services
  • Website Development
  • Web Consultancy
  • Keynote Speaker
  • Project Management
  • Marketing Analysis
  • Search Engine Optimisation

Security Policy

Table of Contents

---

1. Develop User Structure
   
2. General Information & Objectives
   
3. Responsible Organisation Structure
   
4. Security Standards
   
5. Confidentiality:
   
6. Authorisation:
   
7. Domain Services
   
8. Authentication:
   
9. Password Standard:
   
10. Personnel Departure:
    
11. Web Server Operation
    
12. Web Server Maintenance
    
13. Updates:
    
14. Backup:
    
15. Anti Virus:
    
16. Firewall:
    
17. Physical Security
    
18. Web Directory Structure on Drive c:
    
19. Penalties

Develop User Structure

Administrator Full Access to System
Mark Van Laarhoven Full Access to System
IUSR_EZWEBS Guest Account for Internet, no other access
Runserver Runs webserver, no other access
 

General Information & Objectives

This policy outlines the strategies used to ensure the security of the web server and the system on which it exists. This is not a technical specification of how the security measures are implemented, rather a plan of how the measures are to be implemented.
 

Responsible Organisation Structure

As this is a project web server it is only necessary to have one person with responsibility for the security, namely, Mark Van Laarhoven.
 

Security Standards

Confidentiality: All care is taken to keep the login name and password secret
Authorisation: Access to the system is disabled without an appropriate login.
 

Domain Services

Authentication: Access to the domain is disabled without an appropriate login.
Password Standard: Strong passwords are required, password must contain at least one upper and lowercase character, number and a non-alphanumeric symbol, and must be at least 8 characters in length.
Personnel Departure: Users must logout when leaving the system.
 

Web Server Operation

Web server will not run without an appropriate login, when users logout they should leave system running login using runserver.
 

Web Server Maintenance

Updates: Vulnerabilities are regularly identified by Microsoft, these are resolved by patches that Microsoft releases as fixes are developed. The system will be configured to automatically receive these updates, to maximize the security of the environment.
 
Backup: The entire system will have a full backup every Thursday afternoon, and Incremental daily backups. A copy of the weekly backups will be burnt on DVD and stored off-site.
 
Anti Virus: AVG Anti-Virus version 7 will be installed on the system and will automatically receive updates as they are released by Grisoft. The software will configured so that at 4amdaily(Slack-Time) the AVG Anti Virus will run a full system scan.
 
Firewall: Kerio Enterprise Firewall will be installed to ensure that all unused ports are closed, and only traffic that matches the acceptable use rules will be permitted on open ports.
 

Physical Security

The system must never be left in an unlocked and unattended room. The room shall be locked and alarmed when unattended, only authorised people will have access to the key and alarm control.
 

Web Directory Structure on Drive c:

Directory Structure

From Root	WebRoot	Websites	User	Access
Inetpub	wwwroot	webmarketer	Mark Van Laarhoven	Full
			IUSR_EZWEBS	Read Only
		Cms	Mark Van Laarhoven	Full
			IUSR_EZWEBS	Read Only
		AngelineCMS	Mark Van Laarhoven	Full
			IUSR_EZWEBS	Read Only
		Nelsonarch	Mark Van Laarhoven	Full
			IUSR_EZWEBS	Read Only
		Osc2nuke	Mark Van Laarhoven	Full

 

Penalties

Penalties for infringement of the Security Policy

Incident	Penalty
Attempt to access content you are not authorized to access	Warning from Management & Your Network activity will be monitored
2nd Attempt to access content you are not authorized to access	Warning from Management & Your Network activity will be monitored. Restrictions will be placed upon your network account.
3rd Attempt to access content you are not authorized to access	Instant Dismissal
Successfully access content you are not authorized to access	Instant Dismissal, Legal Action.
Deliberate acts of Sabotage (Virus infection or Data loss/corruption)	Instant Dismissal, Legal Action, Compensation for losses and/or cost of repair/data recovery.
Impersonation (Using another persons login)	Warning from Management & Your Network activity will be monitored. Restrictions will be placed upon your network account.
Fraudulent Data Manipulation	Instant Dismissal, Legal Action, Compensation for losses and/or cost of repair/data recovery.

"Use truth and knowledge to help logical left-brain customers understand why your offering is the smart choice for them.".

Doug Hall from Meaningful Marketing p70

Newsletter

Your Email:

Subscribe:

webmarketer.com.au © 2004               Privacy | Ethics | Security | Trading

xhtml   css   cc   508   aaa