Contact Us |
Info for students | Our Courses | About Us  
 

 

Remote Access Policy
 

 

1.0 PURPOSE

The purpose of this policy is to define standards for connecting to ASCL's network from any host. These standards are designed to minimize the potential exposure to ASCL from damages, which may result from unauthorized use of ASCL resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical ASCL internal systems, etc.

2.0 SCOPE

This policy applies to all ASCL employees, students, consultants, licensees, lessees, franchisees, vendors, customers, agents and affiliates with an ASCL-owned or personally-owned computer or workstation used to connect to the ASCL network. This policy applies to remote access connections used to do work on behalf of ASCL, including reading or sending email and viewing intranet web resources.

Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc.

3.0 POLICY

3.1 General

  1. It is the responsibility of ASCL employees, students, consultants, licensees, lessees, franchisees, vendors, customers, agents and affiliates with remote access privileges to ASCL's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to ASCL.

  2. General access to the Internet for recreational use by immediate household members through the ASCL Network on personal computers is not permitted. The ASCL employee is responsible to ensure the family member does not violate any ASCL policies, does not perform illegal activities, and does not use the access for outside business interests. The ASCL employee bears responsibility for the consequences should the access be misused.

  3. Users shall directly access only those services that they are specifically authorized to use. The route from the user terminal to the network resource shall be defined.

  4. Networks shall be segregated and access to resources shall be controlled on the basis of privileges allotted to users. The connection and capability of users is further defined in the Access Control Policy. Access of users shall be subject to authentication of passwords, Call back, Challenge Handshake etc.

  5. Users shall access only dedicated services available on specified remote ports. No user shall use un-specified ports for making any connections.

  6. For additional information regarding ASCL's remote access connection options, including how to order or disconnect service, cost comparisons, troubleshooting, etc., enquire with the ASCL Information Security Department.

3.2 Requirements

  1. Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass-phrases. For information on creating a strong pass-phrase see the Password Policy.

  2. At no time should any ASCL employee provide their login or email password to anyone, not even family members.

  3. ASCL employees and contractors with remote access privileges must ensure that their ASCL-owned or personal computer or workstation, which is remotely connected to ASCL's corporate network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.

  4. ASCL employees and contractors with remote access privileges to ASCL's corporate network must not use non-ASCL email accounts (i.e., Hotmail, Yahoo, VSNL), or other external resources to conduct ASCL business, thereby ensuring that official business is never confused with personal business.

  5. Routers for dedicated ISDN lines configured for access to the ASCL network must meet minimum authentication requirements of CHAP.

  6. Reconfiguration of a home user's equipment for the purpose of split-tunneling or dual homing is not permitted at any time.

  7. Frame Relay must meet minimum authentication requirements of DLCI standards.

  8. Non-standard hardware configurations must be approved by the ASCL Information Security Department for access to hardware.

  9. All hosts that are connected to ASCL internal networks via remote access technologies must use the most up-to-date anti-virus software, this includes personal computers. Third party connections must comply with requirements as stated in the Third Party Agreement.

  10. Personal equipment that is used to connect to ASCL's networks must meet the requirements of ASCL-owned equipment for remote access.

  11. Organizations or individuals who wish to implement non-standard Remote Access solutions to the ASCL production network must obtain prior approval from the ASCL Information Security Department.

4.0 ENFORCEMENT

Any person bound by this policy who intentionally and/or knowingly violates this policy shall be subject to action deemed fit by the Governing Board of the Asian School of Cyber Laws and shall also be liable to pay adequate and prompt compensation. Such action shall not preclude adequate civil and / or criminal remedy as per the applicable law.

5.0 DEFINITIONS

  1. Cable Modem: Cable companies such as AT&T Broadband provide Internet access over Cable TV coaxial cable. A cable modem accepts this coaxial cable and can receive data from the Internet at over 1.5 Mbps. Cable is currently available only in certain communities.

  2. CHAP: Challenge Handshake Authentication Protocol is an authentication method that uses a one-way hashing function. DLCIData Link Connection Identifier ( DLCI) is a unique number assigned to a Permanent Virtual Circuit (PVC) end point in a frame relay network. DLCI identifies a particular PVC endpoint within a user's access channel in a frame relay network, and has local significance only to that channel.

  3. Dial-in Modem: A peripheral device that connects computers to each other for sending communications via the telephone lines. The modem modulates the digital data of computers into analog signals to send over the telephone lines, then demodulates back into digital signals to be read by the computer on the other end; thus the name "modem" for modulator/demodulator.

  4. DSL: Digital Subscriber Line (DSL) is a form of high-speed Internet access competing with cable modems. DSL works over standard phone lines and supports data speeds of over 2 Mbps downstream (to the user) and slower speeds upstream (to the Internet).

  5. Frame Relay: A method of communication that incrementally can go from the speed of an ISDN to the speed of a T1 line. Frame Relay has a flat-rate billing charge instead of a per time usage. Frame Relay connects via the telephone company's network.

  6. ISDN: There are two flavors of Integrated Services Digital Network or ISDN: BRI and PRI. BRI is used for home office/remote access. BRI has two "Bearer" channels at 64kbit (aggregate 128kb) and 1 D channel for signaling info.

  7. Remote Access: Any access to ASCL's corporate network through a non-ASCL controlled network, device, or medium.

  8. Split-tunneling: Simultaneous direct access to a non-ASCL network (such as the Internet, or a home network) from a remote device (PC, PDA, WAP phone, etc.) while connected into ASCL's corporate network via a VPN tunnel. VPN Virtual Private Network (VPN) is a method for accessing a remote network via "tunneling" through the Internet.

6.0 REVISION HISTORY

This document is created on 12-02-2002 and has been last updated on 22-02-2003. Please note that this document is updated on a regular basis and the latest version can be obtained from:

Some relevant policies

 

 


Press Room | Information Security | Info for students | Our Courses | About Us | Contact Us
© 2007 Asian School of Cyber Laws. All rights reserved.
  Reprint Permission | Privacy Policy | Disclaimer