3. Application examples policy
Password policy: They are one of the most important policies, because usually the passwords are the first and perhaps only way authentication, and therefore the only line of defense against attacks. They establish who the assigned password, what length should have, what format should follow, how to be communicated, and so on.
Access Control Policy: Specifies how users access the system, from where and how to authenticate. Examples:
All users must access the system using a program that allows a secure and encrypted communication.
Proper Use Policy: Specify what is considered appropriate or inappropriate use of the system by users as well as what is allowed and what is prohibited within the computer system.
It is strictly forbidden programs that attempt to guess passwords housed in the tables of users local machines or remote
Backs Policy: Specifies what information should be supported, with what frequency, what means of support used, how the information should be restored, where the backups should be stored, etc.. Examples:
The system administrator is responsible for making regular backups of information Every thirty days must be made a full backup of the system and each day should be supported all the files that were modified or created
The information should be stored backed into a safe place away from the work site
E-mail policy: Provides both appropriate and inappropriate use of email service, the rights and obligations you must fulfill and enforce the matter. Examples:
The user is the only person authorized to read your own post, unless he expressly authorized another person to do so, or that your account is involved in a computer security incident.
Physical Access Control
It is one of the main controls to restrict access to physical devices (servers and workstations) Components are often found:
Ensure the building .- Ensure all doors not essential for access from the outside requires a key or a card.
A security camera security camera system that allows monitoring of the entrances to the building can be an effective barrier and the recorded evidence of someone who crosses illegally.
Security guards Security guards .- to validate the input of all employees and visitors.
Padlocks .- Using computer hardware specialist restrict access to keyboards, monitors, mice and drivers.
Access Control Internal:
Basic Authentication based on Usernames and Passwords
Global Access Control.
What is it? The GACF can be used to establish access policies in a comprehensive way to Web servers using the configuration file in NCSA httpd servers and derivatives of it as the apache server, it is called access. configuration file located in the subdirectory configuration server.
You can also use the GACF to segregate public and private areas in line with the web server some criteria, and request a user name and password for access to private areas.
How is this done?
An example:
# Anyone in the group staff can reach the highest level of personal tree.
AuthType Basic
Only staff AuthName
AuthUserFile / usr / local / etc / httpd / userpw (full path of the password file)
AuthGroupFile / usr / local / etc / httpd / ourgroup
Require group staff