Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


Return to article

Drafting an Internet Policy Document
From the November 1996 Edition
of Windows IT Pro
November 01, 1996
Philip Carden
Charles Kelly
Feature
InstantDoc #2821
Windows IT Pro
 

An effective way to mitigate the risk of connecting to the Internet is to make sure your network security policy is up to date and security procedures are working correctly. So before you connect your business systems to the Internet, draft an Internet policy document that states how employees may use the Internet and explains the responsibilities of users and the IS department for maintaining security. This document needs to state

  • who may use the company's Internet resources
  • how employees may and may not use the Internet (with examples)
  • who is authorized to grant access and approve use
  • who has firewall system-administration privileges

The policy draft needs to begin by explaining why Internet security and control are important. For example,

Any connection between the ACME corporate network and the Internet presents the opportunity for non-ACME employees to attempt to access corporate systems and information. It is therefore extremely important that such a connection is secure, controlled, and monitored. It is also important that employees use the Internet to increase productivity rather than for nonbusiness purposes that may adversely affect the responsiveness of critical business systems on the network.

The policy also needs to clearly state that, after a trial period, no connection to the Internet is permitted except via the firewall (e.g., no dial-up PPP connections to ISPs) and any use not expressly permitted is prohibited. The policy also needs to inform users that IS will log and audit Internet use to ensure compliance.

After drafting the Internet policy document, IS needs to let user representatives give feedback on the policy before IS selects a firewall product. This process ensures that IS clearly understands user requirements and, more important, lets IS clearly set expectations for the Internet capabilities they will make available to users.

Users are often surprised to learn about limits on the types of Internet access they can have. However, try to accommodate valid business needs for Internet access. Table A gives examples of the permitted and prohibited uses of four typical Internet services. Note that the policy elements address not only security but also performance issues.

TABLE A: Permitted and Prohibited Internet Services (Example)
Email

Permitted uses
  • Sending and receiving email messages with enclosures (file size less than 2MB) for business purposes
  • Sending and receiving short text messages with no enclosures for nonbusiness purposes

Prohibited uses
  • Forwarding email chain letters
  • Sending or arranging to receive mail enclosures greater than 2MB
  • Sending or arranging to receive mail enclosures for personal reasons
  • Sending sensitive information by email over the Internet
  • Opening files received from the Internet without performing a virus scan
 FTP Downloads

Permitted uses
  • Any user approved to download files from a particular site may download files from that site if such files are scanned for viruses, IT has approved any software installed on user's workstation, and purchase of any required software license is approved
Prohibited uses
  • Downloading any file from a nonapproved FTP-site; permission to download files is granted on a site-by-site basis, and permission will be granted only for trusted, major commercial sites
  • Downloading software without approval to purchase required license
  • Downloading from any site for nonbusiness purposes at any time
Web

Permitted uses
  • Any user approved for Web access may connect to and view any Web page for well-defined business purposes
  • Any user may print Web pages

Prohibited uses
  • Installation of Web server software on any PC attached to the corporate network without written permission from IS
  • Connection to Web sites related to sex, illegal drugs, criminal skills, hate speech, online gambling, sports, entertainment, online merchandising, humor, or job search
  • Connection to any site for nonbusiness reasons during business hours
 USENET Newsgroups

Permitted uses
  • Any user with approved access to Usenet newsgroups may access newsgroups that have been previously requested and approved, if such access is for business purposes

Prohibited uses
  • Accessing any newsgroup for nonbusiness reasons
  • Submitting messages to newsgroups
  • Accessing newsgroups related to sex, illegal drugs, criminal skills, hate speech, online gambling, sports, entertainment, online merchandising, humor, or job search




ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement