Multi-Tech Systems RF600 ユーザーズマニュアル
Chapter 2 – Installation
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
21
Chapter 2 – Installation
Pre-Installation Planning
Planning and Establishing the Corporate Security Policy
Having an organization-wide security policy is the first, and perhaps most, important step in general security planning.
Organizations without a well-devised top-level security policy will not have ready answers to questions such as:
Organizations without a well-devised top-level security policy will not have ready answers to questions such as:
•
Who is allowed access to which servers?
•
Where are the backups stored?
•
What is the recovery procedure for a security breach?
These questions must be answered in terms of security costs, usability, compatibility with internal "culture", and
alignment with your site's legal requirements.
Putting a security policy in place and keeping abreast of new security issues as they arise are paramount to securing
your network.
alignment with your site's legal requirements.
Putting a security policy in place and keeping abreast of new security issues as they arise are paramount to securing
your network.
Contents of a Corporate Internet Security Policy
The policy statements should be clear, easy to understand, and supported by management.
All enterprises should have a carefully planned security policy that protects their network. Your security policy
should define both what should be protected as well as how it should be protected. A comprehensive, clear, and
well-communicated security policy is an important first step in protecting any network from the many threats
associated with the power of the Internet.
All enterprises should have a carefully planned security policy that protects their network. Your security policy
should define both what should be protected as well as how it should be protected. A comprehensive, clear, and
well-communicated security policy is an important first step in protecting any network from the many threats
associated with the power of the Internet.
A corporate Internet security policy should cover at least 6 major areas, including:
1.
Acceptable Use – Define the appropriate use of the network and other computing resources by any and all
users. This should include policy statements like: “password sharing is not permitted"; "users may not share
accounts"; and "users may not make copies of copyrighted software.”
users. This should include policy statements like: “password sharing is not permitted"; "users may not share
accounts"; and "users may not make copies of copyrighted software.”
2.
Remote Access – Outline acceptable (and unacceptable) means of remotely connecting to the internal
network. Cover all of the possible ways that users remotely access the internal network, such as dial-in, ISDN,
DSL, cable modem, Telnet, and others. Specify who is allowed to have remote access as well as how users
may obtain remote access. The security policy must also address who is allowed high-speed remote access
and any extra requirements associated with that privilege (e.g., all remote access via DSL requires that a
firewall be installed). You will also want to define users' email security here (e.g., in MS Outlook at Tools >
Options > Security > Zone Settings > Security Settings).
network. Cover all of the possible ways that users remotely access the internal network, such as dial-in, ISDN,
DSL, cable modem, Telnet, and others. Specify who is allowed to have remote access as well as how users
may obtain remote access. The security policy must also address who is allowed high-speed remote access
and any extra requirements associated with that privilege (e.g., all remote access via DSL requires that a
firewall be installed). You will also want to define users' email security here (e.g., in MS Outlook at Tools >
Options > Security > Zone Settings > Security Settings).
3.
Information Protection – Provide guidelines to users that define the use and transmission of sensitive
information to ensure the protection of your enterprise’s key elements of information (e.g., set a standard for
encryption level (such as 3DES) for information sent over the Internet).
information to ensure the protection of your enterprise’s key elements of information (e.g., set a standard for
encryption level (such as 3DES) for information sent over the Internet).
4.
Firewall Management – Define how firewall hardware and software are managed. This includes change
requests and approval, periodic review of firewall configurations, and firewall access privilege settings.
requests and approval, periodic review of firewall configurations, and firewall access privilege settings.
5.
Special Access – Provide guidelines for any special, non-standard needs for access to specialized networks
or systems.
or systems.
6.
Network Connection – Establish policies for adding new devices and new users to the network, with an
approval process, along with the associated security requirements.
approval process, along with the associated security requirements.