منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين
علمت أن رزقي لن يأخذه غيري فاطمأن قلبي

قم وذق طعم الصلاة في دجى الليل الطويل

قم وجاهد في الحياة ان مثوانا قليل

منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين

من أفضل مدارس قطر
 
الرئيسيةمكتبة الصوربحـثالتسجيلدخولاليومية
قال الامام احمد بن حنبل: إن لنا إخوان لانراهم إلا مره كل سنه , نحن اوثق بمودتهم ممن نراهم كل يوم .أسعد الله قلوبا طاهره إن وصلناها شكرت وإن قصرنا عذرت
من العظماء من يشعر المرء فى حضرته أنه صغير ولكن العظيم بحق هو من يشعر الجميع في حضرته بأنهم عظماء
كم في المقابر من يحسدونك على هذه الأيام والليالي التي تعيشها يتمنون لو تسبيحة أو استغفار ينفعهم عند ربهم أو سجدة تنير قبورهم أو صدقة تظلهم بين يدي الملك الجبار .. فقط تذكر .. ولا تضيع الفرصة التي بين يديك

شاطر | 
 

 Wireless Use Policy

اذهب الى الأسفل 
كاتب الموضوعرسالة
ghostpc



Posts : 85
أهمية العضو : 0
Join date : 18/11/2008

مُساهمةموضوع: Wireless Use Policy   الثلاثاء ديسمبر 02, 2008 1:25 pm

Wireless Use Policy


This is an example wireless use policy. A wireless use policy is necessary to computer security since there is demand for wireless equipment in every organization today. The wireless use policy may specify that no wireless equipment should be used but this would not be very good since that may cause some to violate the policy. It is best to set conditions and specify equipment that is approved for wireless use in order to minimize security risk associated with wireless.

1.0 Overview :

This wireless use policy defines the use of wireless devices in the organization and specifies how wireless devices shall be configured when used.

2.0 Purpose :

This policy is designed to protect the organizational resources against intrusion by those who would use wireless media to penetrate the network.

3.0 Scope :

This policy applies to all wireless devices in use by the organization or those who connect through a wireless device to any organizational network.

4.0 Risk Assessment :

The use of wireless technology has historically been a serious security risk to organizations. This is because it can be an easy access point to gain access to an organizational network. In addition data sent across it may be readable sometimes even when it is encrypted due to some of the vulnerabilities of the encryption schemes used. Therefore this policy requires a risk assessment any time a new type of wireless device is added to the network. Several items must be assessed including:

  • Is this a new technology?

  • Does this device use encryption and if so how well tested is the encryption protocol?

  • What is the cost of implementing a secure encryption protocol?

  • Has this type of device been used on our network before?

  • Can this device be configured to only allow authorized users to access it or the network through it?

  • How easy will it be for an attacker to fool this device into allowing unauthorized access? What methods may be used?

  • What secure authentication schemes are available and what cost or overhead is associated with their implementation and maintenance?

  • How practical is wireless use considering the cost, potential loss, and added convenience?


4.1 Authentication :

The authentication mechanisms of all approved wireless devices to be used must be examined closely. The authentication mechanism should be used to prevent unauthroized entry into the network. One authentication method shall be chosen. The following must be considered.

1. How secure is the authentication mechanism to be used?

2. How expensive is the authentication mechanism to be used?

4.2 Encryption :

The encryption mechanisms of all approved wireless devices to be used must be examined closely. The encryption mechanism will be used to protect data from being disclosed as it travels through the air. The following must be considered.

1. How secure is the encryption mechanism?

2. How sensitive is the data traveling through the wireless device?

3. How expensive is the encryption mechanism?

4.3 Configuration :

The SSID of the wireless device shall be configured in sucy manner so it does not contain or indicate any information about the organization, its departments, or its personnel including organization name, department name, employee name, employee phone number, email addresses, or product identifiers.

4.4 Access Points :

All wireless access points and wireless devices connected to the organizational network must be registered and approved by the designated IT department representative. All wireless devices are subject to IT department audits and penetration tests without notice.

5.0 Authority :

The acting CIO or highest level member of IT management shall have final authority over the management and security of wireless devices and wireless networking. This person may delegate these authorities as they see fit. It is strongly recommended that this person has significant experience and training in the IT field along with a substantial understanding of computer security concepts. This person should be responsible for the operation of the network.

6.0 Network Separation :

This policy requires that parts of the network containing and supporting wireless devices directly (the wireless network) be separated from the part of the network that does not support wireless connections. The part of the network supporting wireless devices or connections shall be considered less trusted than the part of the network that does not. All file servers and internal domain controlling servers shall be separated from the wireless network using a firewall. One or more intrusion detection devices shall monitor the wireless network for signs of intrusion and log events. The type of logged events will be determined by the network administrator.

7.0 Allowable Wireless Use :

1. Only wireless devices approved by make and model shall be used.
2. All wireless devices must be checked for proper configuration by the IT department prior to being placed into service.
3. All wireless devices in use must be checked monthly for configuration or setup problems.

8.0 Enforcement :

Since improper use of wireless technology and wireless communications can open the network to additional sniffing and intrusion attacks, authorized and proper use of wireless technology is critical to the security of the organization and all individuals. Employees that do not adhere to this policy may be subject to disciplinary action up to and including dismissal.
الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو
A.Tamimi
Admin
avatar

Posts : 1593
أهمية العضو : 16
Join date : 13/11/2008
Age : 33
Location : Jordan

مُساهمةموضوع: رد: Wireless Use Policy   الجمعة ديسمبر 05, 2008 2:50 pm

الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو http://falcons.aforumfree.com
M.ALS3OD

avatar

Posts : 854
أهمية العضو : 0
Join date : 13/09/2009
Age : 24
Location : AMMAN

مُساهمةموضوع: رد: Wireless Use Policy   السبت سبتمبر 19, 2009 7:24 pm

يـــعـــطـــيـــك الـــعـــافـــيـــة

_________________
فــي تــوقــيــع بــس ......
الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو
 
Wireless Use Policy
الرجوع الى أعلى الصفحة 
صفحة 1 من اصل 1
 مواضيع مماثلة
-
» System Lockdown Policy
» برنامج فك تشفير الوايرلس وإظهار الباسوورد WirelessKeyView
» MIMO System Technology for Wireless Communications

صلاحيات هذا المنتدى:لاتستطيع الرد على المواضيع في هذا المنتدى
منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين :: ----§§§§ المنتديات التقنية والبرمجية §§§§---- :: قسم نظم التشغيل واللينكس-
انتقل الى: