This chapter provides a thorough guide to many security issues. The authors encourage writing strong enforcement statements of acceptable use policies (AUPs) and provide examples of wordings and a best practices checklist. They cover how to limit authority and separate duties and how to pinpoint accountability. The chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg and Keith Strassberg; ISBN:0-072-22697-8, McGraw-Hill/Osborne, 2003.
AUP enforcement is not just a matter of writing strong words and meting out punishment. Enforcement also means detecting the abuse and proactively stopping infractions from occurring. Products such as Websense (www.websense.com) and SurfControl (www.surfcontrol.com) use filtering technologies to block access to sites or even to block keywords that an organization has deemed unacceptable. Filtering products may also filter e-mail for regulated topics. Other products may take a more passive approach such as simply recording every page visited and allowing reports to track user activity on the Internet. In either case, all Internet access must pass through a control point such as a firewall or proxy server. A product is integrated with these control points and configured to meet the demands of the company. Attempts and successes are logged, and if the product is set to block, access is blocked.
The Websense product is backed by a constantly updated master database of more than four million sites organized into more than 80 categories. This database makes it possible, for example, to block access to gambling, MP3, political, shopping, and adult content sites. An additional Websense product can manage employee use of media-rich network protocols, instant messaging, streaming media, and so forth, allowing access when bandwidth permits and blocking access when the organization needs that capability for business-related activity.
Remember: this chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg and Keith Strassberg (McGraw-Hill/Osborne, ISBN 0-072-22697-8, 2003).