INTERNET CONNECTION POLICY 1

Internet Connection Policy

Alyssa Evans
University of Advancing Technology
INTERNET CONNECTION POLICY 2

Internet Connection Policy

Overview:
This internet connection policy has a user compliance policy and an internal IT policy.

These policies specify how users are able to connect to the internet, requires the approval from

the IT department to connect to the internet, and specifies the approved modes of connection.

This internet connection policy requires users to use the internet for business purposes

only, and to not visit sites that may be malicious and could compromise security. User’s internet

activity may be logged, monitored and activity on the network will be logged to a certain extent.

It specifies what will be used to prevent unauthorized internet usage, to log internet activity,

whether a proxy server will be used, and how the network will be protected.

Purpose:
This policy was designed to help prevent malicious threats from entering through easy

open doors through insecure connection points. It is to secure and protect the information that the

user inputs into device. These devices include computer devices, networks, and other electronic

information systems to accomplish goals and initiatives. It was designed to prevent unauthorized

and unprotected connections to the internet which may allow unsafe content to enter the network

and compromise the entire network.

Scope:
All employees, contractors, consultants, temporary, and other workers, including all

personnel affiliated with third parties that maintain a device with an internet connection must

adhere to this policy. This applies to all devices that connect to the network or reside onsite

where an internet connection is provided to an endpoint devices.

INTERNET CONNECTION POLICY 3

Policy:
All connections to the internet or private network shall be authorized and approved by the

IT department. Most users will gain access to the internet via their office, and any additional

connections must be approved by the IT department. These additional connections may include,

but are not limited to:

1. Modem connection from an endpoint device which may all a connection to the network.

2. Any devices which have both a phone and network connection must be inspected and

approved by the IT department.

3. Wireless access points and devices capable of wireless connection are not allowed unless

approved by the IT department.

Additional internet connections not provided by the IT department must be evaluated and

approved by the IT department. Any additional connections will require:

1. An IT department approved firewall operating at all times and configured properly/

2. Encryption that may be subject to review by the IT department.

A system operating the network must have the following capabilities:

1. The ability to prevent users from visiting any site that is not related to their goals,

mission, or initiative of the organization.

2. The ability to log user internet activity including:

1. Time of activity

2. Duration of activity

3. The website visited

4. Data and type of data downloaded

INTERNET CONNECTION POLICY 4

5. Whether the system will cache web pages on increase internet connection

(requires a proxy server).

3. The system will require a login ID or it will use the current network login to identify

users.

To prevent users from visiting inappropriate sites that are not approved for business,

the system used shall be ______. This same system will not require an additional login ID

and will use Active Directory to identify internet users. This system shall be able to log user

internet activity as specified above.

Policy Compliance:
Improper use of endpoint devices can bring in malicious software which may destroy the

integrity of the network, its systems, and the prevention of these events is critical to the security

of the organization. The IT department will verify compliance of this policy through various

methods, including but not limited to, monitoring, business tool reports, audits, and feedback to

the policy owner. Any exception to the policy must be approved by the IT department in

advance. All users that do not adhere to this policy may be subject to disciplinary action (such as

training up), up to and including dismissal.

INTERNET CONNECTION POLICY 5

References

Internet Connection Policy. (n.d.). Retrieved December 6, 2015, from

http://www.comptechdoc.org/independent/security/policies/internet-connection-

policy.html This contains an example of an internet connection policy. It includes the

details of an internet connection policy that are needed. I used these details for the main

content of my policy.

Wireless Communication Policy. (2014, June 1). Retrieved December 7, 2015, from

https://www.sans.org/security-resources/policies/network-security/pdf/wireless-

communication-policy This contains a template for a wireless connection policy. It goes

into details as to why it exists, what purpose it serves, who it would affect, the policy

itself, and the consequences of not adhering to the policy. I used this to ensure that I

included as much detail as possible for my policy in addition to the format of the policy.

Wireless Use Policy. (n.d.). Retrieved December 6, 2015, from

http://www.comptechdoc.org/independent/security/policies/wireless-policy.html This

contains an example of a wireless use policy. It goes into details of why it was created,

the purpose, who is affected, the risk of wireless use and how it would be assessed, all the

components of wireless, and how the policy would be enforced. I used this to have

another example of how policies are formatted and the amount of detail required for each

section of the policy.