firewall policy.pdf | Firewall (Computing) | Computer Network

4 pages
31 views
of 4
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Share
Description
firewall setupvjj
Tags
Transcript
    MARYLAND DEPARTMENT OF JUVENILE SERVICES   POLICY & PROCEDURE SUBJECT: Firewall Security Policy   NUMBER: IT-01-08 (Information Technology)APPLICABLE TO: DJS Information Technology UnitEFFECTIVE DATE: June 6, 2008 Approved: “/s/signature on srcinal copy”   Donald W. DeVore, Secretary 1. POLICY.   The Department of Juvenile Services (DJS) establishes this policy to provideguidelines for the configuration and administration of the DJS Information TechnologyFirewall. DJS is committed to ensuring the Department’s information technology securityprogram is in compliance with State security policies and standards, and State and federallaws and regulations. 2.   AUTHORITY.  a.   State of Maryland Department of Budget and Management -  InformationTechnology Security Policy and Standards – Version 1.5 (January, 2007) -Sections 7.3   and 7.4.b. National Institute of Standards and Technology Special Publication 800-41 - Guidelines on Firewalls and Firewall Policy - Section C.5. 3. DEFINITIONS. a. Chief Information Officer    (CIO) means the individual responsible for managing theInformation Technology Unit.b.  Data Security Officer  means the individual responsible for ensuring the InformationTechnology Unit is in compliance with the security guidelines established byDepartment of Budget and Management (DBM).c.  Demilitarized Zone means separate interface in the firewall to protect the internalnetwork from external intrusions.d. Firewall means a network device which provides protection for the network againstunauthorized access, intrusions and security breaches.e . Firewall Administrator  means the individual responsible for managing theactivities of the firewall.f.  Information Technology Unit (IT) means individuals responsible for DJS network,applications, telecommunication and technical support.g. Intrusion Detection/Prevention (IDP) means a device that detects attacks and othersecurity violations, and detects and deals with the preambles to attacks.h.  Network  means a system containing any combination of computers, servers,printers, audio and visual display devices, or telephones inter-connected by cablesand telecommunication devices to transfer and receive information.  IT-01-08Prepared 06/05/08Firewall Security Policy - Page 2 of 3 i. Patch means software used to fix or update applications and operating systems. 4. PROCEDURES.a. General Procedures.(1) The DJS network shall be protected by a firewall which is managed by aFirewall Administrator and/or an alternate administrator designated by theChief Information Officer (CIO). The firewall will produce log files whichshall be stored in a secured location and backed up onto tape. These tapesshall be taken off-site bi-weekly for storage. Reports shall begenerated and made available to the DJS Data Security Officer for dailyreviews. (2) The DJS firewall shall be configured to block all unused ports, limitadministrative access to IP address’ or subnets assigned to administratorsof the firewall device, maintain comprehensive audit trails, and ensurepublicly accessed servers are protected against intrusion and attacks byconfiguring a separate network interface which will be designated as aDemilitarized Zone (DMZ). (3) The DJS network shall have an extra layer of protection through the use of an Intrusion Detection/Prevention (IDP) protection device. b. Firewall Administrator’s Responsibilities.(1) Ensure the firewall logs are available to be reviewed. The firewall willproduce a log file which will track all activities of the firewall. Through theuse of third-party software, the logs will generate various reports whichwill be reviewed daily by the Data Security Officer and/or alternate. (2) Investigate all firewall anomalies and determine the escalation priority.When anomalies are identified by the DJS Data Security Officer and/ordesignee, the Firewall Administrator will be notified. The FirewallAdministrator will investigate the anomaly and determine how to proceedwith addressing the issue. (3) Update the firewall operating system. The administrator is responsible forkeeping the firewall operating system patched with the applicable updatesavailable which will address newly identified vulnerabilities. (4) Store all log files off-site to removable media on a bi-weekly basis. Logfiles will be backed up onto tape and stored bi-weekly off-site. Thisbackup job will be configured as part of the backup cycle. (5) Submit reports as requested by DJS Executive Staff and approved by theDJS CIO. Periodically, reports are requested to track certain activities of the firewall. The administrator is responsible for creating the reports as  IT-01-08Prepared 06/05/08Firewall Security Policy - Page 3 of 3 requested and approved. These requests must be submitted in writing andsigned off by the CIO and requestor. c. Configuration Change Procedures.(1) The Firewall Administrator shall make all changes to the firewall asnecessary. (2) All changes and testing must be submitted to the CIO as a project plan.The approved project plan will serve as the log of changes and stored onthe server with the log files. In the case of an emergency, approval and aproject plan is not required at the time of the emergency, however, acompleted emergency project plan shall document all changes made andshall be completed within five working days of the emergency andsubmitted to the CIO. d. DJS Data Security Officer Responsibilities. The firewall reports generated from the log files will be reviewed daily by the DataSecurity Officer and/or alternate for anomalies. Anomalies are reported to theFirewall Administrator and/or alternate to be investigated. Daily findings and asummary of report reviews will be reported as a Firewall Status Report. Thisreport will be submitted to the Firewall Administrator to be stored in a securedfolder on a server for future reference. 5. DIRECTIVES/POLICIES AFFECTED.   a. Directives/Policies Rescinded - None.b. Directives Referenced - None.6. LOCAL IMPLEMENTING PROCEDURES REQUIRED. Yes.7.   FAILURE TO COMPLY. Failure to comply with a Secretary’s Policy and Procedure shall be grounds fordisciplinary action up to and including termination of employment. Appendix – None.    MARYLAND DEPARTMENT OF JUVENILE SERVICESEMPLOYEE STATEMENT OF RECEIPTPOLICY AND PROCEDURE SUBJECT: Firewall Security Policy POLICY NUMBER: IT-01-08 (Information Technology) EFFECTIVE DATE: June 6, 2008 I have received one copy (electronic or paper) of the Policy and/or Procedure as titled above. Iacknowledge that I have read and understand the document, and agree to comply with it.__________________________________ _____________________________SIGNATURE PRINTED NAME____________________________DATE (THE ORIGINAL COPY MUST BE RETURNED TO YOUR IMMEDIATE SUPERVISOR FOR FILINGWITH PERSONNEL, AS APPROPRIATE.)
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks