The History Of The Techconsultants Ltd

Published Date: 02 Nov 2017

Introduction

In this task research will be conducted on various aspects of network security. This will tent to explain each topic and state why it would be considered for implementation in the organization for network security purposes.

Access Control

Is a security control feature, being of either software or hardware associated with computer security in which client users are either being allowed access to the company’s network resources. It outlines when they will be granted access and the activities that they will be permitted to take whilst given this access pass. Access Control can be used to control the distribution and access of different levels of data, control which peripherals would be available for client use and the type of software/programs that they will be able to execute.

Access control is assisted by authentication methods such as biometric system scanners, electronic key systems or usernames and passwords which co-operates with access control in granting or declining admittance into the system.

The basic function of an access control system is to;

Figure out ways to secure the network’s resources.

Ensure the network is not subjected to any security attacks.

Ensure that cookies do not cause problems in the security of the system.

Help determine what characteristic is needed in the firewall for that particular system.

Protect the network from spam and secure the wireless system.

Access control determines this admittance a by matching the user’s credentials to directory of users that are registered for access. The host or server is usually responsible for performing this search by the person who is controlling the system. This is known as and lookup functions and controllers or control features.

User Authentication

Networks usually uses two (2) correlated methods for verifying the individuals who would be granted access to the network resources attributes. These two security methods are known as user authentication and user authorization. User Authentication is the procedure in which the identity of the person who is trying to gain access to the network is confirmed using a series of identifiers known as credentials, such as a username, password, an ID or biometric scanners. These features help in the securing of networks to ensure that unauthorized persons would not be able to force an entry into a private network.

User Authentication is also assisted by user authorization. User authorization is the activity in which decision is made to conclude whether the users would be given permission to access the network resources such as its hardware devices e.g. printers, scanners or any other network devices.

User Authentication and Authorization is controlled by a number of restricted controlling affiliates e.g. an intranet which requires a user login.

In the majority of networks at organizations the verification and authentication of the user is not the only issue to determine whether a user would have unlimited granted access. The access rights that the user or employee has to the network is usually decided upon their job function and operations that they would have to perform within that organization. For example an employee who is handling accounts should have access to financial records and data relating to accounting as opposed to someone who is working in the IT department who would not be permitted to access these files.

User Authentication and authorization although they are closely joined with the similar systems that promote authentication functions they also serve a great responsibility of determining the limits of access a particular user has to a particular resource while granted access.

Firewall

Firewalls are either a piece of software or hardware which serves the purpose of acting as a wall to control access. It function is to prevents unauthorized persons intruding on the network, viruses, trojans, worms or any other form of malicious security threat from gaining access to computers on a network by guidelines provided by the owner. It controls all the incoming and outgoing data traffic to ensure that the activities are authorized before it can get pass the network wall. Some routers and server have built in firewalls that carried out some firewall functions. Firewalls are also able to allow secure encrypted communication with its ability to break down virtual private sessions to prevent potential attacks from hackers.

Firewalls use various methods in order to promote protection. Some of these are;

Packet-filtering- inspects the data packets, allowing or denying each individual packets access on the conditions of instructions set up to regulate the addresses where the packets will be allowed to pass, in respect to authentication process of the identification of person attempting to access the system verifying the address that they are requesting to send the packets to.

Proxy firewalls - Performs the activity of setting up an interceptor for requests from users by establishing an additional connection to the system and then the proxy makes its decision if the packet is safe to allow through.

Stateful inspection firewall – Inspects the packets, registers the address of the port that is being utilized for the connection, and then terminates the ports as soon as the connection is ended.

Some examples of firewall software are Zone Alarm and Kerio. An example of a hardware firewall is Linksys.

Virus Protection

Viruses are pieces of code or a program that has the ability to duplicate itself and corrupt other files on a computer .Virus protection is a program that is constructed to block malicious threats such as viruses, worms and Trojan horses from gaining access to a computer whilst you browse the internet, upload or download files or working online. Virus protection software also has the functionality to remove already infected programs and prevent infection to other applications on your network.

Viruses are usually found in email attachments, or any type of multimedia file and can enter a system by a simple click. Anti-virus programs help protect systems by scanning and checking any files to ensure that they are not threatening. If it detects any activity that might be dangerous, it issues a warning to let the user know that it is unsafe to continue and blocks the incoming threat.

Some examples of popular anti-viruses are Bit Defender, Kaspersky and Norton. These anti-virus programs are continuously improving their defense mechanisms and becoming more effective and efficient for basic home users to large organizations.

Functions that virus protection promotes are;

To ensure the security of computers are not compromised it formulates firewalls and counteracts harmful and malicious attacks

To allow secure browsing online, and other internet activity such as the downloading or uploading of files.

To secures data stored on computers from being infected or destroyed through ad-hoc viruses or any other form of virus threats while working online.

To perform periodic scans and provide alerts on incoming threats to the system.

To provide automatic updates on virus protection programs to keep your security defense mechanism working at all times and ready to counteract any sudden threats.

Accessing the Internet

It is important when accessing the internet that users be alert and caution of their activities in order to prevent online security attacks. This is crucial in order to preserve the organization internet access, the company’s private data and resources. Privacy is always a tender issue when data is being transmitted to and from a network to various different locations. Organizations should take into consideration directing all information being sent over the internet through a centralized server. In this way all data is intercepted and monitored and can allow a control over all network traffic and protect users from electronic eavesdropping. Users must remember that carefree use of the internet can also result in serious issues such as identity theft, credit card scams or even illegal activities that can have severe penalties. It is important to promote safety for both the organization and yourself when using the internet.

Some basic measures that can be taken to promote safe internet use are;

To keep all usernames and passwords confidential at all times.

Be cautious when clicking on any unfamiliar links on e-mails or instant messages ever so often links can be the source of security threats such as viruses, worms and Trojans.

Do not enter personal information such as credit card details on websites without checking the integrity of the website.

Never send information about your account via email or instant messengers this can easily be intercepted by hackers. If you are having problems with your account information contact the IT Department or Help Desk.

Be wary of what you broadcast online always think about the impact it would have on both you and your company’s image in the present and future.

Conclusion

In this task 5 different topics were explained with regards to network security. The topics were carefully explained and its important features were illustrated for consideration for the organization’s security procedure for their network.

TASK 2

A user in your company calls to report that she’s unable to log on to e-mail. You respond with a couple of quick questions. Because you know that no one else is using the network right now, you cannot determine if the problem is unique to her machine or if the problem affects the entire network. Probing further, you also learn that she’s unable to print. You decide this problem is probably easier to troubleshoot from the user’s computer.

Using the structured troubleshooting method, outline the things that you must check and the questions you must ask when you arrive at the user’s office. Based on the possible responses to your questions, describe the actions that you will take to correct the potential causes.

INTRODUCTION

In task 2 it is required that the structured troubleshooting method be used to correct the problems that the user is having logging on to e-mail and printing. A group of questions to ask to user is to be prepared and based on the answers received actions are to be taken to correct the potential cause of these problems.

Questions

Determining the problem definition and scope

Are any of the other clients having the same problems?

Is the problems occurring in other departments in the building as well?

Have you been able to access other net applications or does the problem solely occur with logging on to your email?

Have you been having problems with other hardware devices such as scanners or faxes or does the problem occur only with the printer?

Have you tried using another computer to log onto the email or print? If yes does the problem still occur?

Gather Information

Have you ever in the past been able to access email or print on the system?

When did these problems start to occur?

Do these problems constantly occur or does it occasionally surface?

What are some of the normal activities taking place and applications that are running when the problems arises?

Has any modifications been made to the network example; upgrades or maintenance?

Has any changes or configurations been made to the server or router?

Has any upgrades or new drivers been installed for the printer?

Have you checked the network and printer cables to see if it has been unplugged?

Things that must be checked

3. Consider Possible Causes:-

Check to see if any cables are unplugged.

Check if the main connection in the network.

Check the hub to ensure that it has power and is working.

Check to see if any upgrades has been made to the client systems and if any network protocol was changed or installed.

Devise a Solution:-

Determine if the source of the problems is the true reason why the problem is occurring and not just another consequence of the problem itself.

Is there an effective way of testing the solution?

What are the consequences and outcomes of implementing this solution?

Would it be necessary to acquire additional to devise the solution.

Save all configuration files for all devices.

Record and back up all the current workstation configurations.

Document all the wiring closet configurations, device location and patch cable connections.

Conduct an overall check comparing both the old and new results. This is important if a system restore becomes necessary.

Actions that must be taken to correct the potential cause

Set up the router.

Check its standalone operation by evaluating each interface.

Connect the router to the entire network.

Check all the various parts of the network to ensure it is working.

Check the pathway selections by using the Trace Route command-line feature.

Install and configure the hub.

Configure workstation addresses.

Confirm connection in the network.

Plug in the router to the switch.

Confirm that you ping the router from each computer unit.

Confirm that you can communicate other networks from the computer units.

Formulate a baseline of new network sections.

Test the solution implemented.

Document the solution that was used to correct the problem.

Formulate a preventative measure to prevent the problem from resurfacing.

Conclusion

In the task the structured troubleshooting method was used to correct two network problems a user was having which was logging on to email and printing. A group of questions was formulated to ask the client and then based on the answers a corrective method was devised.

TASK 3

For an Internet-connected local area network (LAN) with which you are familiar (for example your company or college network);

Determine whether the LAN is connected to the internet through a firewall. If so, determine the manufacturer and model number of the firewall; what are the security features available in the Firewall. If no firewall is in place, research 3 Firewall products and report with its manufacturer and model number and features.

Give reasons for the appropriateness of a particular firewall for your organization.

Introduction

For task 3 researches was to be conducted on three (3) firewall products and a report with its manufacturer, model number and the features and then give its suitability to the particular organization it will be applied to.

Firewall Product #1

NETGEAR ProSecure

Unified Threat Management Firewall

Model : UTM9S

Netgears UTM9S hardware is one of the latest firewall technologies available on the market. It amazing all in one security gateway security made up of the best stream scanning technology protects your network from network threats via email, or the web. It fights attacks from hackers, denial of service, spam, viruses or any other threating content.

UTM brings together unimaginable top class performance meshed into the most advance security mechanism. Its rigid modular software architecture stream scanning technology works at an unbelievable speeds scanning files and streaming data up to five times more than other methods.

The ProSecure UTM will without doubt triumph over any other firewall or router in addition to it being one of the most simple firewall products to set up and manage with a 10 step set up procedure and wizard to assist you through every step. UTM provides all in one protection over any type of security breech and will guarantee a secure network for your organization.

Basic Specifications

Manufacturer's Number

UTM9S-100EUS

Product Description

NETGEAR ProSecure Unified Threat Management Firewall UTM9S - security appliance

Device Type

Security appliance

Weight

2.6 kg

Dimensions (WxDxH)

33 cm x 28.6 cm x 4.3 cm

Manufacturer Warranty

Limited lifetime warranty

VoIP Protocols

SIP

Features

DMZ port, routing, NAT support, PAT support, load balancing, LDAP support, VLAN support, Syslog support, Stateful Packet Inspection (SPI), DoS attack prevention, content filtering, ALG support, VPN passthrough, Intrusion Prevention System (IPS), URL filte

Data Link Protocol

Ethernet, Fast Ethernet, Gigabit Ethernet

Enclosure Type

External - 1U

Remote Management Protocol

SNMP 2c, HTTP, HTTPS

Capacity

Concurrent connections : 16000 ¦ Virtual interfaces (VLANs) : 255 ¦ VPN tunnels (site-to-site) : 10 ¦ Simultaneous VPN peers : 5 ¦ Malware signatures : 1200000 ¦ Maximum number of users : unlimited

Network / Transport Protocol

PPTP, PPPoE, FTP, POP3, IMAP, SMB

Ports Qty

4

Flash Memory Installed (Max)

2 GB

RAM Installed ( Max )

512 MB

Performance

Antivirus throughput : 21 Mbps ¦ Stateful throughput : 130 Mbps ¦ VPN throughput : 50 Mbps

Software Included

Drivers & Utilities

Miscellaneous

Cables Included

1 x network cable

Compliant Standards

VCCI, cUL, RoHS, FCC Part 15 A, C-Tick Class A

Form Factor

External

Ports Qty

4

Connectivity Technology

Wired

Data Link Protocol

Ethernet, Fast Ethernet, Gigabit Ethernet

Network / Transport Protocol

PPTP, PPPoE, FTP, POP3, IMAP, SMB

Routing Protocol

RIP-1, RIP-2, static IP routing

Remote Management Protocol

SNMP 2c, HTTP, HTTPS

Performance

Antivirus throughput : 21 Mbps ¦ Stateful throughput : 130 Mbps ¦ VPN throughput : 50 Mbps

Capacity

Concurrent connections : 16000 ¦ Virtual interfaces (VLANs) : 255 ¦ VPN tunnels (site-to-site) : 10 ¦ Simultaneous VPN peers : 5 ¦ Malware signatures : 1200000 ¦ Maximum number of users : unlimited

Encryption Algorithm

DES, Triple DES, RSA, MD5, ARCFOUR, IKE, SHA-1, TLS 1.0, SSL 3.0, PKI, 128-bit AES, 192-bit AES, 256-bit AES

Authentication Method

RADIUS, LDAP, Active Directory

Device Type

Security appliance

Expansion Slot(s)

2 (total) / 2 (free) x Expansion Slot

Interfaces

4 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45 ¦ 2 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45 ( WAN ) ¦ 1 x USB

Power Device

Power supply - internal

Firewall Product #2

NETGEAR ProSafe 8-port Gigabit VPN Firewall - Router – 8 port switch - Gigabit LAN – desktop

Model Number: FVS318G

Netgear’s FVS318G firewall product is specially built to deal with all your network security problems. It features comprises of a synchronized 5 IPsec VPN tunnels for secure remote access, contains a hacker protection feature enabled by its SPI firewall, DoS protection against threats and attacks, DMZ ports for hardware set up ,and several VPN.

Some of the remarkable security features that are embedded into this product enables it to provide email reporting, SYSLOG and network monitoring features such as SNMP.IKE that assists in securing the network against unauthorized VPN access as well as encryption features for the protection and safeguarding of private data and to ensure that your network is secure at all times against threats.

This product is also very reliable because it has been tested and evidently demonstrated its functions. It is also very user-friendly which makes it quite easy to use with its Auto Detect which connects to ISP within a few seconds. This hardware is quite easy to install with its Web-base ProSafe Control Center screen and its IPsec VPN Wizard automatically configures and provides security and simplicity when connecting to several sites.

NETGEAR provides a genuine firewall that also be customized to do as the user pleases while promoting high-performance with multiple user access simultaneously with limited no interference.

NETGEAR

ProSafe 8-port Gigabit VPN Firewall

Specifications & Features

Manufacturer's Number

FVS318G-100EUS

Product Description

NETGEAR ProSafe 8-port Gigabit VPN Firewall FVS318G - router - desktop

Device Type

Router - 8-port switch (integrated)

Dimensions

19 cm width x 12.5 cm depth x 3.5 cm Height

Features

DMZ port, DHCP support, NAT support, Stateful Packet Inspection (SPI), DoS attack prevention, content filtering, VPN passthrough, URL filtering, firmware upgradable, IPSec passthrough, DHCP server, DNS proxy

Data Link Protocol

Ethernet, Fast Ethernet, Gigabit Ethernet

Routing Protocol

RIP-1, RIP-2, static IP routing

Capacity

VPN tunnels : 5

Network / Transport Protocol

TCP/IP, UDP/IP, NTP, ICMP/IP, IPSec, PPPoE

Performance

Firewall throughput : 25 Mbps

Software Included

Drivers & Utilities

Cables Included

1 x network cable

Connectivity Technology

Wired

Data Link Protocol

Ethernet, Fast Ethernet, Gigabit Ethernet

Performance

Firewall throughput : 25 Mbps

Capacity

VPN tunnels : 5

Network / Transport Protocol

TCP/IP, UDP/IP, NTP, ICMP/IP, IPSec, PPPoE

Routing Protocol

RIP-1, RIP-2, static IP routing

Encryption Algorithm

Triple DES, MD5, IKE, SHA-1, PKI, 128-bit AES, 256-bit AES

Processor

1 x 250 MHz

RAM

32 MB - SDRAM

Flash Memory

8 MB

Expansion / Connectivity

Interfaces

WAN : 1 x 10Base-T/100Base-TX/1000Base-T - RJ-45 ¦ LAN : 8 x 10Base-T/100Base-TX/1000Base-T - RJ-45

Service & Support

NETGEAR lifetime warranty

Top of Form

NETGEAR ProSafe VPN Firewall

Model: FVS318

Firewall Product #2

Netgear’s FVS318 Prosafe firewall is the ultimate firewall hardware for office security available at a low cost. With is 8 VPN Tunnels for encrypted remote access it is capable of providing packet inspections, Dos protection and intrusion detection, URL keyword and filtering of contents, logging features, reporting and alerts at all time. With its VPNC certification it allows a maximum of 8 IPsec VPN tunnels at the same time which allows you to save money on operating and security. This product also provides business class security such as its ability to provide alerts and email notification and report and track unauthorized access attempts.

The FVS318 is well armed to provide top class security with packet inspection, intrusion detection features, denial of service in addition to VPN for supplementary security and it doesn’t stop there , also embedded into this firewall AES encryption security to guarantee a completely secure system.

One of the most outstanding features of this firewall is addition to providing unbelievable security coverage it comes with a very friendly interface which makes it quite easy for users to use and set up in just a short space of time.

Bottom of Form

NETGEAR FVS318 ProSafe VPN Firewall

Features & Specifications

Manufacturer's Number

FVS318UK

Product Description

NETGEAR FVS318 ProSafe VPN Firewall - router - desktop

Features

Firewall protection, switching, DMZ port, DHCP support, NAT support, VPN support, manageable

Network / Transport Protocol

TCP/IP, PPTP, UDP/IP, ICMP/IP, IPSec, PPPoE

Enclosure Type

Desktop

Device Type

Router

Dimensions (WxDxH)

25.3 cm x 18.1 cm x 3.5 cm

Data Transfer Rate

100 Mbps

Weight

0.9 kg

Data Link Protocol

Ethernet, Fast Ethernet

Routing Protocol

RIP-1, RIP-2

Connectivity Technology

Wired

Data Link Protocol

Ethernet, Fast Ethernet

Data Transfer Rate

100 Mbps

Network / Transport Protocol

TCP/IP, PPTP, UDP/IP, ICMP/IP, IPSec, PPPoE

Routing Protocol

RIP-1, RIP-2

Encryption Algorithm

DES, Triple DES, SHA, MD5, IKE

Processor

1 x ARM 50 MHz

RAM

16 MB

Flash Memory

1 MB

Software Included

Drivers & Utilities

Service & Support

NETGEAR lifetime warranty

Power Device

Power adapter - external

Interfaces

8 x 10Base-T/100Base-TX - RJ-45 - 8 ¦ 1 x 10Base-T - RJ-45 - 1

Firewalls

Some of the reasons why it is important and appropriate to have a firewall for Tech Consultants Ltd may be;

To prevent the corruption and loss of valuable data. This can damage the company’s image cause the profitability margin to drop, compromise customer business relationships and even cause the organization itself to stop functioning. Firewalls can help protect customer information while preserving the confidentiality of their records.

To protect trade secrets and keep data confidential. It is important to protect the information flowing throughout the organization. If competitors or hackers were to gain access to this information they will have the insight into all your business transactions and secrets and can use them against you to plunge your organization to the ground.

To protect unauthorized person from gaining control over your network. If breaches your security and gains power over the network they would have full control over your network and be able to do as they please. They can also use your network to conduct illegal and clandestine activities or destroy and manipulate company data.

Conclusion

For task 3 researches was conducted on three firewall products detailing its features, manufacturer and model number. In conjunction reasons for the appropriateness of a firewall for Tech Consultants Ltd was formulated and then documented.

TASK 4

Create a set of Acceptable Use Policies specially customized for your organization for each of the following:

Accessing the WWW

Instant Messengers and chat room

Email Usage policy

Each of these documents should provide a set of guidelines for users which will minimize any associated security threats.

Introduction

In this task a set of Acceptable Use Policies will be formulated with regards to the categories stated above in the bullets. Acceptable Use Policies are rules and codes of conduct that is set up by an owner of a network in order to prevent and reduce the possibilities of the illegal use of the internet and minimize the risk of security breaches that can cause harm to the network and company’s information.

Acceptable Use Policies

User Responsibilities

This document contains the rules and regulations that are put in place by this organization for the purposes of governing activities with regards to users utilizing the company’s internet resources. All users should take careful note of the rules stated below. Employees who refuse to abide by these rules and regulations will be held liable for any form of damages made.

………………………………………………………………………………………………………

Accessing the WWW

Internet access is provided by the organization for the purpose of assisting employees in carrying out their job functions. For that reason it should be used for the purposes of looking up details relating to those functions only. Employees should obey the company’s laws regarding the network resource usage and apply good judgment when using the Internet.

Communication via the internet would be acceptable only under the circumstances of discussing information with regards to business purposes only. The use of the internet for communicating personal conversations prohibited during work hours.

It should not be used for any employee’s personal reasons.

Employees handling accounts on behalf of the company should act responsibly and professional to promote a positive company image and shun any activities that might harm the reputation of the company.

The use of the internet to conduct any online cash transactions is strictly prohibited. Users should note that the company will not be held liable if anyone stores private information such as credit card numbers or private keys and is subjected to loss of property or private information.

Employees should only access Internet after he/she has been authorized by senior management in charge of that particular department and this shall be stated in writing.

Employees should only keep the use of the Internet to a minimum level.

Employees should verify & validate if the information found on the Internet is accurate and up-to-date.

Employees should abide by laws of copyrighting and licenses regarding with legal protections to software and data.

Any data that is created, transferred and/or received via the company’s computers are deemed the property of the organization.

Employees should use the Internet with responsibility and be cautious of unusual activities or occurrences. If any unusual activities occur while using the employee should report it to the I.T Department right away.

Accessing sites that contain pornographic, obscene, racist, illegal activity or harassing materials is strictly prohibited.

The downloading and transmission of content that contains any pornographic, obscene, racist, illegal activity or harassing materials is strictly prohibited.

Do not download any material that is irrelevant or not work related.

The downloading and installation of any type of software is strictly prohibited.

Employees should not use the computers to gain unauthorized access to any other network unless it is permitted by senior management.

Do not use company’s Internet resources for the purpose of false identity representation.

All downloaded materials must be scanned with virus detection software to prevent viruses or other harmful security threats to the network.

Employees should not use the internet for participation in any social networking media such as blogs, instant messaging, facebook, twitter or myspace.

Websites and or materials that are considered to be unsafe, harmful or not linked to business activity may be blocked or restricted to users.

The use of the company’s computers to commit fraud, software, and music or movie piracy is prohibited.

Material contained on the network should remain within the organization and kept confidential.

The altering of files or records while on the network should be approved by senior management before it is saved to the company’s database.

In the case of employment termination regardless of the situation of department transfer or contract completion, internet access will be terminated or discontinued until prior notice from senior management.

Instant Messengers and chat rooms

Electronic messaging should be used for the when conducting business related activities only.

Employees that are authorized by the organization to use instant messaging programs will be allocated a business user screen name and password. This should be kept confidential and the employee should be fully responsible for safeguarding the information on this account and would be held liable for the information distributed over this media.

Employees are only allowed to conduct business transactions from the account appointed to them by the company and should not by any circumstance use a personal account to conduct these transactions.

All messages that are composed on the company’s computer resources must abide by the communication standards which are acceptable in the company’s policy.

Employees are not permitted to download or use any IM software that is not authorized by the company e.g. (MSN Instant Messenger, Yahoo) for the transmission of any messages across the company network.

The company has right to monitor and keep a log of all IM conversations over the company’s network without prior notice. Employees should note that all information transmitted over the network is the property of the organization and will be treated as business records. Employees are not entitled to any privacy privileges with regards to this information.

Discrimination of any kind is such as religion, age, sexual orientation, political or race is prohibited while commuting over IM.

Users should not use company accounts to communicate hatred, obscenity, fraud, threating or harassment of any kind.

Contents distributed over IMs and chat rooms should be free of any viruses or security threats. All content should also be scanned through relevant anti-virus software and firewall programs before it is downloaded onto the company’s system.

Employees are not permitted to use IM to communicate any restricted, proprietary, privately owned information, information that may be harmful to the company’s image and well-being.

IM’s should also not be used as a tool for employee gossip or to transfer personal information about customers, business contacts or any other third parties involved in the company.

Users should not share copyright materials of any kind, without the confirmations and rights of the owner.

Users should not use IM’s for the purpose of false identity.

Users should not discuss any unethical subjects while in a chat room. It is important to note that you would be representing the company and any negative views can impact on the company’s image.

When using IMs on behalf of the organization employees are prohibited from transmitting or receiving any materials that may consist of infringement being of copyrighting, trademarking or patent, defamation or stealing of trade secrets. IM’s should also not be us to distribute contents containing any unlawful, offensive or material of any indecent messages that may cause disorder or promote unlawful actions. Users should also not display any sexual language or unfitting behavior.

Chat rooms and IM’s should not be used for personal advertising of products and services.

While communicating on behalf of your company users should not aggravate or cause disrupt to other users.

Users should not conduct the activity of "frogging" this is the act of hopping frequently in and out of chat rooms.

Users should not circulate junk mail or advertisements which can be disruptive and waste other user’s time.

……………………………………………………………………………………………………….

Email Usage Policy

Employees should not distribute email addresses to persons who are not authorized to have access to the account. This email address and password should be properly safeguarded and should be confidential as it contents may have information that persons could use to damage or disrupt the company’s activity.

Employees must not abuse the company’s email system by distributing junk mail or any other type of unsolicited mails that can be quite unprofessional and cause a lot of time wastage. This can also cause recipients to lose trust and faith in the senders and cause them to ignore emails sent from the particular address regardless of its content.

Employees should not deliberately transmit viruses or any other security threats while using the organization’s email system. This can cause the organization to create potential enemies that might become security threats and compromise the security of the organization.

Company emails should not be used to advertise, promote personal commercials, transmit jokes, chain letters, sexually offensive materials, or any information that can be disturbing and cause damage to the company’s image.

Company E-mail users are likely to know that all e-mails that is sent from the organization’s accounts shows the character and image of the organization therefore it should be noted that all email users should comply with a professional standard while electronically communicating.

Emails sent from the company’s account are in fact property of the organization and users should have no claim over them.

Employees are not allowed to use company emails to communicate personal matters with fellow business partners or personal contacts.

Possessing or distribution of company information should only be used if it is vital for business tasks or associated to employee’s allocated duties.

E-mailing contents of unlawful, copyrighted, obscene or threatening is strictly prohibited.

Email users are not permitted to duplicate, change, or erase e-mails or accounts without permission from senior management.

Employees should not send excessively large e-mail attachments.

Emails should be contain a relevant subject and should not be over exaggerated if its content is not urgent.

Employees should not open e-mail attachments from unfamiliar addresses. The content should be scanned with relevant anti-virus software and then opened if its content is not threatening to the company’s network.

Employees should conform to all the terms and conditions of the email service provider.

Email accounts should not be used for cooperate espionage. All information seen on the company’s account should be kept confidential at all times. Emails that may contain confidential or sensitive company information should also not be forwarded to anyone without confirmation from senior management.

The organization’s email service should be used for job related reasons only it would not be used for co-workers to communicate idly during business hours.

Employees should not that all emails are logged into the company’s main server and can be used by company in any circumstance or for any reason they see fit.

Employees who are dismissed from employment have no allowance to use the company’s email again under any circumstance. It should be reported as soon as employment is terminated so the accounts can be deactivated or so that the password can be changed.

Conclusion

In task 4 a set of Acceptable Use Policies were created. These policies were formulated for the purpose to acting as guidelines or rules for the users so that they would know what actions would be acceptable when utilizing the company’s network resources and minimize the risks of any associated security threats.