Assignment: Define a Comprehensive Acceptable Use Policy

Assignment: Define a Comprehensive Acceptable Use Policy.

Learning Objectives and Outcomes

• Identify inappropriate activity on a network and develop a basic AUP that describes the handling of such incidents.

Assignment Requirements
Richman Investments requires the enforcement of strict ingress-egress filtering policies for network traffic. Certain traffic is expressly forbidden:

• No peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers.
• No downloading executables from known software sites.
• No unauthorized redistribution of licensed or copyrighted material.
• No exporting internal software or technical material in violation of export control laws.
• No introduction of malicious programs into networks or onto systems.
• No accessing unauthorized internal resources or information from external sources.
• No port scanning or data interception on the network.
• No denying service or circumventing authentication to legitimate users.
• No using programs, scripts, or commands to interfere with other network users.
• No sending unsolicited e-mail messages or junk mail to company recipients.
• No accessing adult content from company resources.
• No remote connections from systems failing to meet minimum security requirements.

Building on the Internet and e-mail use policy you created for Richman in a previous assignment, define a LAN-to-WAN, Internet, and Web surfing AUP that restricts usage of the company’s Internet connection and permits the company to monitor usage of the corporate Internet connection. Carefully evaluate the implications of each policy and how implementations might impact the IT infrastructure, both positively and negatively. Weigh the benefits and the disadvantages of each method. Consider whether or not a proposed solution causes an interruption to the legitimate users and how it might enhance security at the expense of preventing a perfectly legitimate activity.

Required Resources
None

Self-Assessment Checklist

• I have defined an effective LAN-to-WAN, Internet, and Web surfing AUP.
• I have evaluated the implications of each policy.
• I have carefully considered the benefits and disadvantages of each policy enforcement control.
• I have created an AUP for acceptable and unacceptable resource usage.