Wednesday, November 6, 2019
Essay on Wireless Security Policy
Essay on Wireless Security Policy Essay on Wireless Security Policy Essay on Wireless Security PolicyWireless Security Policy OverviewThis wireless security policy pertains to all employees and to all other persons affiliated with Local Commercial Banking Organization (LCBO). This document outlines the purpose and scope of wireless security policy at LCBO, describes the applicability of this policy, lists the requirements to wireless network security and wireless network access, requirements to wireless devices, outlines the wireless standards supported by LCBO, ethical guidelines associated with the use of wireless networks in LCBO, discusses the approaches to wireless security policy enforcement and includes key terms and definitions in the end. Network security in general and the security of wireless communications is crucial for LCBO functioning and all employees as well as LCBO guests are obliged to maintain this policy.Purpose and ScopeThe purpose of this policy is to define the requirements to the security of wireless communications that are r equired for ensuring the confidentiality, availability and integrity of sensitive information transmitted in the LCBO network.ApplicabilityThis security policy is applicable to all LCBO employees, LCBO guests, all organizations and individuals using LCBO network or accessing LCBO data.Wireless Network Security RequirementsLCBO network has two zones: demilitarized zone for guests and remote access for organizations, and internal network for LCBO employees. Both users requesting guest access which is available in the demilitarized zone of the LCBO network and users accessing the internal part of the LCBO network should verify that their devices are properly protected against unauthorized access or theft, and should remove any data received from the LCBO network after they have disconnected from the network. If there is a need to store certain documents on the device for further use, this action should be authorized with the support manager on duty.All wireless devices used for accessi ng the internal part of the LCBO network should be first registered and authorized by the Network Security Department (this also involves recording of the devices internal ID and MAC address) and should pass through network security audit every 3 months.Wireless Network Access RequirementsOnly authorized users can have access to any part of the LCBO network. The users receive a specific user role, unique user password and SSID name of the access point (Earle, 2005). None of these data can be disclosed or shared in any other way with other people or stored in an easily accessible place. The users have to change passwords every 2 months basing on the password policy of LCBO. The users should ensure that they have proper anti-virus protection and firewall software installed on their wireless devices before accessing the LCBO network. In case of any questions or uncertainties, it is recommended to refer to LCBO support manager on duty.Wireless Device RequirementsLCBO network maintains a ccess for all 802.11x devices (version a, b/g/n and ac). All wireless communications in the internal LCBO network should be encrypted using at least 256-bit encryption, so the devices used inside the network should support this encryption. All internet browsers used on wireless devices should support SSL encryption and any VPN communications should support IPSec protocol. In the LCBO network, WPA2 AES protection is used, so the wireless devices should support this type of encryption to access internal network.Wireless Standards Supported by the OrganizationLCBO officially supports IEEE 802.11 standard (referred to as Wi-Fi). As for April 2014, LCBO network supports the devices working with 802.11a, 802.11 b/g/n and 802.11 ac standards.Ethical Guidelines Associated with Wireless Networks in the OrganizationIn the context of wireless network communications, the major ethical issues are: the ability of wireless devices to detect location, the use of wireless devices for personal and co rporate needs simultaneously and the ability of wireless devices to connect to outside access points. LCBO will not access or store location information provided by wireless devices as this is unethical to the user, and the same is expected from any employees or guests accessing LCBO network and from organizations accessing LCBO network. Organizations, employees and guests of LCBO should verify that the access point they are connecting to is located within the boundaries of LCBO network. Users, guests and employees are expected to remove any sensitive data from the wireless devices that they might use outside LCBO network and/or use for personal needs; this includes clearing cache, sessions and other information pertaining to LCBO network from the device. LCBO reserves the right to log internal IDs and MAC addresses of wireless devices for security purposes and ensures that these data will be used for security purposes solely and will not be disclosed to anyone outside the Network S ecurity Department.Policy EnforcementThe responsibility for maintaining and enforcing this policy is on the LCBO Network Security Officer and on Network Security Administrators. The users who fail to comply with the requirements of this policy, they might create the risks of exposing sensitive information transmitted inside the LCBO network. Any violations of network security requirements will be logged along with device ID and reported to LCBO management. Failing to comply with this wireless security policy might lead to disciplinary action up to and including terminating the rights to access LCBO network, changing access rights and in the specific cases terminating employment of an individual or breaching business relationships with an organization.Terms and DefinitionsAvailability the accessibility of information at the moment when it is needed and the opportunity to access this information timely and in the required volume (Vacca, 2006).Confidentiality the availability of sens itive information only to those people who have the right to access it (and prevention of access to this information by any other people) (Vacca, 2006).Integrity the accuracy of information in the network along with the trustworthiness and consistency of information (Vacca, 2006).MAC address media access control unique identifier assigned to the network interface (in the context of this policy to the wireless network interface) for communication with the physical layer of the network model (Earle, 2005).Sensitive information proprietary information which should only be available to certain groups of people and should never be disclosed to the public or to unauthorized people (Bensky et al., 2011).Wireless device a device that can connect to other devices in the LCBO network using a wireless technology 802.11x (Bensky et al., 2011). Commonly used wireless devices are laptops, tablets, smartphones, PDAs, etc.