Remote System Access Policy

Description

The Remote System Access Policy establishes rules and procedures for any employee, vendor or partner who is given remote access to the corporate computer network.  The policy is available as a Microsoft Word document and can be easily customized to meet the specific needs of your business.

Read on below for excerpts from the actual tool:

Scope

This policy applies to all vendors, partners, and other users authorized by _COMPANY to establish remote access connections to the corporate network.

Policy

The following rules define _COMPANY’s policy regarding remote system access:

1. Extended user authentication systems required for dial-up computer communications. This policy requires extra system access controls for every inbound connection with the public switched telephone network (PSTN).  In order to positively identify a calling party attempting to establish a dial-up connection with a _COMPANY computer, all inbound dial-up connections with _COMPANY’s internal computer data network must employ extended user authentication.
2. Only authorized users may install and/or use modems on workstations connected to internal networks.  Modem connections on workstations are prohibited except when expressly approved and authorized by the IT Department according to internal standards and procedures.
3. Workstation modems in AutoAnswer mode are prohibited.  Without approval by the Information Systems Security Department, users must not leave modems connected to personal computers in AutoAnswer mode such that they are able to receive in-coming dial-up calls.
4. In-coming dial-up calls must not be answered until after multiple rings, as defined by standards.  To discourage unauthorized access, no _COMPANY dial-up modem may answer in-coming calls on the first ring.
5. Criteria for connecting _COMPANY networks to third party networks.  Dial-up connections to internal systems and networks may be established by developers, system administrators, and others as long as they are fully consistent with published internal standards.  Before dial-up connections are turned on, the manager of the department making the installation must make sure that these standards have been followed.  All deviations from these standards must be approved in advance by the manager of the Information Systems Security Department.
6. Maximum permissible attempts for dial-up users.  Authentication via dial-up lines must be established within limits established by internal standards.  After multiple unsuccessful attempts, the connection must be terminated.