2007/07/24

Developing a Standard AUP

Developing an Acceptable Usage Policy (AUP) requires organizations to utilize a process that can ensure their AUP, once implemented, is as effective as possible. One popular method for this sort of Management Assessment is called RISK, an acronym that stands for requirements, identify, select and know. Employing RISK to build an effective AUP is important whether an organization is publicly or privately held. Even family-owned businesses need an AUP if their employees have access to the Internet.

RISK

The requirement of their RISK policy includes understanding that the company’s reputation and assets could be endangered by employee abuse or misuse of the company’s network or computers. When a company understands that email, instant messaging, peer-to-peer and web surfing technology can leave them vulnerable to exploitation or network and system damage, they have identified the key elements around which they must design their AUP.

Once the basic requirements have been identified, the next step is to construct a policy that will protect both their network security and the company’s reputation. Since breaches in computer network security can lead to substantial regulatory fines judicial settlements that can cost billions and negative media attention that can seriously damage a company’s reputation, the design of a comprehensive and relevant AUP is more important than ever.

Design & Educate

First of all, the AUP should be explicitly written and clearly presented to all employees. It should be comprehensive, covering all rules, polices and procedures appertaining to P2P, Internet, Instant Messaging and email activities. The use of any vague language should be strictly avoided in an effective AUP. For example, stating that email is to be used for business purposes can leaves wiggle room for an employee to state he was using his email for business when he actually means “personal” business rather than correspondence pertaining to his job.

Instead, the AUP should detail exact use and abuse terms. For example, the company should detail that downloading music, video and other copyrighted materials is expressly forbidden. Employees should be notified that all communications whether of a personal or business nature are monitored and stored. The need for such monitoring should be explained as well as the penalty for employee abuse. Employees should be made to understand that use of company computers and protocols such as email, IM and P2P are not rights, but rather privilege given to them by the company.

Penalties ranging from written warnings all the way up to termination should be clearly explained. The comprehensive nature of the policies and procedures should be updated regularly in order to govern developing concerns such as blogging. New technologies and communication protocols are appearing daily – a company’s best acceptable usage policy should be flexible enough to accommodate these emerging threats.

Monitor & Enforce

Developing the AUP and educating employees is only the first step. The implementation system should also include how the company will monitor and enforce their internal AUP. In an ideal world, simply telling an employee to not exercise bad judgment might be enough. But employees can be mislead themselves and endanger a host network security system despite good intentions.

Whether a company chooses a hardware or software solution will affect how well they are able to monitor and enforce their AUP. Although the education of employees will assist in the enforcement of the AUP because the judicial system could find that a corporation has made a reasonable effort to keep their corporation free of hostility, harassment and other abusive behaviors, it will not be enough to keep your networks safe from outside intrusion, whether intentional or not

The AUP will reduce the vicarious liability that a company may endure but the vicarious liability factor is further protected when the written AUP is enforced through disciplinary actions and filtering solutions. A filtering solution can prevent employees from accessing sites, software and other connections that may violate the company’s AUP and endanger its networks and systems. This will eliminate employee error on many levels.

Whatever the chosen filtering solution, it should also monitor behavior in order to provide for disciplinary action on the part of the company as needed. As previously mentioned, disciplinary action can be applied in stages from written warnings to suspensions to termination of employment. These rules should be detailed specifically in the AUP and presented clearly to the employees so that expectations and rulings are clearly defined prior to any action being taken.

The Solution is the Solution

Defining the AUP requires identifying the risk management issues, key software vulnerabilities and required employee behavior. When an effective AUP is combined with disciplinary action that is clearly stated and effectively enforced, companies are protecting their employees, networks and finances. However, an AUP’s ultimate success will hinge a great deal on the type of filtering solution a company chooses.

A filter that not only enforces the AUP, but also monitors the behavior of the employees provides a double layer of protection.. A powerful and effective filtering solution is the final piece of the puzzle to developing, maintaining and enforcing the company AUP.

iPrism internet filters and web filters provide internet monitoring and network security. http://internet-filters.stbernard.com

2007/07/20

Wireless Network Security

Speed is of the essence. Typically, one thing matters to new users of wireless, getting connected and browsing that first website. While wireless connectivity can accomplish this, it’s best to set up your wireless connection securely before venturing out into cyberspace. Below are some tips to help secure your wireless network.

It seems that more and more home users are going with wireless networks rather than the tradition wired networks with wires hanging everywhere and running wild around the house and in the crawlspace. What seems like a good idea quickly turns into a nightmare if you don’t vamp up the security of your wireless network.

Change the default admin password. Admin passwords are easily figured out by attackers when they are left as the default. Not changing your wireless admin password opens your network to attack and can lead to many problems depending on the attacker’s agenda.

Another wireless security measure you will need to take is turning on encryption. Enabling WEP encryption on your wireless network will help you protect your privacy and all your info won’t be floating around outside your home waiting to be picked up by a passerby. It’s important to remember that all your devices on the wireless network will need to have the same encryption. So find the strongest encryption possible that will work on all devices of the wireless network.

Stop the auto-connect feature. Do not allow your devices to auto-connect. Allowing auto-connect may connect to a network that you don’t particularly want. Example, you don’t want your laptop connecting to your neighbor’s network and sending info.

It’s also a good idea that you install firewalls on all devices that connect to the wireless network. Even if the wireless router is firewalled, it’s important to also install firewalls on all computers that are connected to the wifi network. It’s important that these firewalls be set up correctly and block any intrusions that may compromise your wifi network.

Position your wireless router close to the center of your home. Although the reach of wifi networks can vary greatly, it’s important to not allow the signal to float around great distances from the main access point. It virtually impossible to stop all leakage from exiting your home. But minimizing the risk to your wifi network will help to protect it.

Another good idea for wifi network security is to not allow broadcast of the SSID. Your router may have SSID broadcasting set up by default; however you should be able to change this setting in the configuration. This feature is only useful for mobile environments, and is not needed in home wifi networks.

These are just a few tips to securing your wifi network. It’s always a good idea to check for firmware updates to your router as new exploits and vulnerabilities arise. Some routers will have an auto update feature and it’s important to use it. Using auto update will help keep your wifi network secure without the need of remembering to check for updates.

Jake Foster writes Wifi Security articles for SX Security. Learn more about Wireless Security by visiting our website. Article Source: http://EzineArticles.com/?expert=Jake_Foster