Network Security Policy, AUP, and Equipment Guidelines for ACME

Verified

Added on 2023/03/30

AI Summary

This report provides a comprehensive analysis of network security policies and equipment guidelines for ACME, a real estate company with over 100 employees and two data centers. It addresses issues related to data access and internet access for contractors and salespeople and plans for future expansion. The report outlines key security policy components, including extranet policies, minimum requirements for network access, router and switch security, server security, acceptable usage policies (AUP), and access control policies (ACP). It emphasizes the importance of AUP and ACP in securing the company's data and systems, detailing how these policies should be implemented to manage access levels and prevent cyber-attacks. Furthermore, the report provides network equipment security guidelines to protect against physical and cyber threats, including securing network devices, restricting access, and preventing the use of personal devices on the network. The recommendations aim to enhance ACME's overall network security posture and safeguard its business processes and data.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: Networking 0
Networking
Report
STUDENT NAME

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Networking 1
Task 1:
A network security policy is a set of rules, which are used to access data in the company. ACME
has more than 100 employees over two floors in the same building and it is working in the real
estate industry, which is having a lot of data and business information. Therefore, the company
implemented two data centers to secure their data and information and store a large volume of
data. In addition, the company is already having DMZ to manage different types of issues related to
HTTP servers in a virtual server farm. The company faced data access and internet access issues
from contractors, and salespeople, which is not secure for a complete system. Now, the company
wants to expand its business and grow by 30-50 employees in their team. The company wants to
move over VoIP in order to eliminate the separate PABX systems, which are used as a legacy
system.
Security Policy Components
There are two types of components in a governing policy, which are technical policies and End-User
Policies1. In addition, information security policies are necessary to implement the proper access
level. The company should implement different information security policies to overcome risks and
threats from malware and other cyber-attacks2.
There are few things, which should have potential security policies in a network, which areas:
 Extranet policy: the company should define policy for access to the network by contractors and
salespeople. Third party person always accesses only limited things and cannot enter in a private
section of the company, such as data center, databases, and many others.
 Minimum requirements for network access policy: the company must define standards for
devices to access the network of the company, such as updated antivirus, patches for operating
systems, and many others.
1 Paquet Catherine , "Network Security Concepts and Policies", 2013, accessed June 5, 2019,
http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3
2Dosal Eric, "5 Common Network Security Problems and Solutions". 2018, June 5, 2019,
https://www.compuquip.com/blog/5-common-network-security-problems-and-solutions

Networking 2
 Network access standards: the company should define standards for wired and wireless
network access ports to secure them from third party people.
 Router and switch security policy: the company should define the minimal security
configuration standards for different types of internetworking devices, such as hub, routers,
bridge, brouters, and switches.
 Server security policy: the company should define the minimal security configuration standards
for servers inside a company, which is used in the company network.
 Accept usage policy: employees cannot use the company network for their personal usages,
such as download songs, movies, and others3.
 Access control policy: the company should define access controls for a different level of
employees and third-party people to secure data centers and network.
Task 2:
As mention in task one AUP and ACP are most important security policy for ACME.
Acceptable usage policy (AUP)
One of the maximum commonplace general policies within a network security policy is an acceptable
usage policy (AUP), which specifies how personnel can make use of organization computer sources, and
instructs them on how to guard enterprise assets and personal facts. There can also be separate sections
in the network protection coverage handling electronic mail utilization, , passwords, the use of private
devices and phones, document retention and acceptable software programs. The coverage will generally
cowl each physical community and statistics4.
3 Hayslip Gary, "9 policies and procedures you need to know about if you’re starting a new security
program", March 16, 2018, accessed June 5, 2019, https://www.csoonline.com/article/3263738/9-
policies-and-procedures-you-need-to-know-about-if-youre-starting-a-new-security-program.html
4
Beaver Kevin, "Top 5 Common Network Security Vulnerabilities that Are Often Overlooked". 2013,
accesses June 5, 2019, https://www.acunetix.com/blog/articles/the-top-5-network-security-
vulnerabilities/

Networking 3
Access control Policy
The ACP outlines the get right of entry to available to employees with reference to a company’s records
and records systems5. Some topics, which are generally protected in the policy, get right of entry to
control standards together with NIST’s access control. The company should implement all the hierarchy
for access control of network devices and systems as well. All things can be managed using standards,
such as ISO/IEC 27001, and many other frameworks.
There are different levels of access to a company based on their needs. The administrator can access all
the things, but employees can access only their module and intranet for different work. The company
should implement an access control policy to overcome different technical issues and prevent the
system from many risks, which can be created because of less necessary actions.
In addition, the company should consider both policies to maintain different levels of the company. It
makes secure all the business process of the company as well as data and information of the company.
Moreover, the company can manage their access level through hardware devices as well.
5 Dunham Ray, "Information Security Policies: Why They Are Important To Your Organization" 2018,
June 5, 2019, https://linfordco.com/blog/information-security-policies/

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Networking 4
Task 3: “Network Equipment Security Guidelines”
In an organization, there are different types of network tools are used for network
implementation. ACME has data centers and more than 100 personal computer system. ACME
has implemented a network setup in two floors of the same building and connects all the
systems from internetworking devices, such as a hub, switch, router, and many others. It
informs customers, staff, and executives in their obligatory requirements for shielding
technology and facts assets6. The company should implement network equipment security
policies to avoid any cyber-attack, such as a denial of devices7. Therefore, a try and use a hard
and fast of safety gear inside the absence of at the least an implied safety policy is meaningless.
These are some basic guideline to secure network equipment, which areas:
 Secure network devices from physical damages
 Network devices should be in custody to secure them from physical attacks
 The company should provide physical security to the network equipment, such as
lockdown internetwork devices
 Employees cannot use their personal devices in the network with different
internetworking devices.
 The network administrator can access all network equipment only.
 No one can use network equipment for personal uses.
6 Cobb Michael, " ISO 27001 SoA: Creating an information security policy document" 2010, accessed
June 5, 2019, https://www.computerweekly.com/tip/ISO-27001-SoA-Creating-an-information-security-
policy-document
7 Jacobs David, "Network fault management in today's complex data centers", may 2016, accessed June
5, 2019, https://searchnetworking.techtarget.com/tip/Network-fault-management-in-todays-complex-
data-centers.

Networking 5
References:
Kevin, BIBLIOGRAPHY Beaver, "Top 5 Common Network Security Vulnerabilities that Are Often
Overlooked". 2013, accesses June 5, 2019, https://www.acunetix.com/blog/articles/the-top-5-network-
security-vulnerabilities/
Michael, Cobb, " ISO 27001 SoA: Creating an information security policy document" 2010, accessed June
5, 2019, https://www.computerweekly.com/tip/ISO-27001-SoA-Creating-an-information-security-policy-
document
Eric, Dosal, "5 Common Network Security Problems and Solutions". 2018, June 5, 2019,
https://www.compuquip.com/blog/5-common-network-security-problems-and-solutions
Ray, Dunham, "Information Security Policies: Why They Are Important To Your Organization" 2018, June
5, 2019, https://linfordco.com/blog/information-security-policies/
Gary, Hayslip, "9 policies and procedures you need to know about if you’re starting a new security
program", March 16, 2018, accessed June 5, 2019, https://www.csoonline.com/article/3263738/9-
policies-and-procedures-you-need-to-know-about-if-youre-starting-a-new-security-program.html
David, Jacobs, "Network fault management in today's complex data centers", may 2016, accessed June
5, 2019, https://searchnetworking.techtarget.com/tip/Network-fault-management-in-todays-complex-
data-centers.
Catherine, Paquet, "Network Security Concepts and Policies", 2013, accessed June 5, 2019,
http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3