Security Policies

Flashcards based on the lecture notes about network defense and countermeasures, focusing on security policies.

What is the role of policies in technology usage?

Policies designate how technology can be used, by whom, and for what purpose.

What areas should effective user policies cover?

Passwords, Internet use, e-mail attachments, software installation/removal, IM, and desktop configuration.

What are the key aspects of password policies?

Never write down or share passwords; contact admin if compromised; trace login attempts on old passwords.

Give examples of legitimate Internet use for businesses.

Checking competitor websites, checking business ratings, and checking weather conditions for business travel.

Give examples of inappropriate Internet use on a company network.

Searching for a job, pornographic use, violating laws, conducting personal business.

Give examples of 'gray' areas in Internet use policies.

Online shopping or reading news during breaks.

Under what conditions is it acceptable to open an e-mail attachment?

If expected, or if from a known source and appears legitimate.

List scenarios when you should never open an e-mail attachment.

From unknown source, active code/executable, animation/movie, or illegitimate-looking e-mail.

What are some software installation and removal policies businesses can enforce?

Limit user privileges, scan and approve installations, and optionally remove optical drives.

What are the key aspects of instant messaging policies?

Prohibit if not necessary; if necessary, restrict to business issues; no confidential information.

Why should desktop personalization be controlled through policies?

Potential virus risks and the ability to configure harmful system settings.

What are best practices for implementing user policies?

Require sign-off, clearly define policies, and clearly define consequences.

What events may require different system administration policies?

New employees, leaving employees, change requests, and security breaches.

What policies should be in place for new employees regarding system access?

Document access granting, require a signed RTA from an authorized manager, and file the request.

What steps should be taken when an employee leaves the company?

Disable accounts, return keys, shut off access, cancel mainframe accounts, and search workstation hard drive.

What steps should be included in a change control process?

Manager approval, IT verification, security issue identification, implementation plan, and scheduled notification.

List some examples of security breaches.

Virus infection, denial of service attacks, and intrusion by a hacker.

What steps should be taken in response to a virus infection?

Quarantine files, scan and clean machines, log incident, bring online in stages, notify leaders, and meet with IT.

What steps should be taken in response to a denial of service attack?

Utilize firewall/IDS, deny access from originating IP, find the owner of the IP and inform them, log activities, and inform leaders.

What steps should be taken in response to an intrusion by a hacker?

Copy logs, scan for Trojans and changes, document everything, change passwords, and inform leaders.

What access control concepts should be followed?

Following the concept of 'least privileges'.

What is true about defining access control?

The need for trade-offs.

What are important aspects of developmental policies?

Check code for malware, implement error handling, follow secure communication guidelines, document port usage, and require vendors to disclose security flaws.

What areas should security policies cover?

New employees, outgoing employees, access control, emergency response, and application/website security.