An IP Network Security Policy

.

Intent Statement

This policy is to ensure that all systems installed on the apache network are maintained at appropriate levels of security 

Applicability

The policy is for:

• Apache IP networks 
• all equipment connected to the networks mentioned above;
• data in transit over any of the above-mentioned networks;
• network administrators managing the equipment;
• all users utilizing equipment that is connected to the network.

Statement of Apache's Position

The security policy is based on the principles and guidelines described in the Apache 

Network Segmentation

The Network will have a Firewall which will only allow inside traffic to go out.

There will be a IDS which will be active inside the network.

Additional firewalls will be placed on servers and PC.

All users will have strong passwords to access servers and their PC.

All laptops and PC will use security locks so they cannot be removed.

Company security will go around and confiscate any PC left unsecured.

Company servers will be in a locked room along with the Firewall and the room will be secured. The Room will have a special room so no one can gain entry through the false ceiling. The wiring coming in should be sealed for fire protection.

All site to site info going over the internet will use IPSEC VPN.

Users connecting from remote sites will use IPSEC VPN with authentication when they are allowed in the protected network.