NYP Computer Quarantine Network Security Policy and Procedures by benbenzhou


More Info
									                                                                      23 July 2002 

NYP Computer Quarantine Network Security Policy
and Procedures


The purpose of this document is to establish procedures to ensure the
appropriate protection of New York Presbyterian (NYP) Hospital’s data servers
during setup and testing.


This policy applies to all employees, contractors, consultants, temporaries, and
other workers at New York Presbyterian Hospital, including those workers
affiliated with third parties who access NYP information systems and networks.
Throughout this policy, the word "worker" will be used to collectively refer to all
such individuals. The policy applies to all computer and data communication
systems owned by and/or administered by NYP.


All data servers employed at or by NYP must be set up in a quarantined network
environment. Before those servers can be placed in production, they must pass
testing for known network security fallibilities. By default, data servers at NYP
will use ip addresses that leave them unreachable from the Internet (“private ip
addresses”). Devices that serve purposes which require accessibility from the
Internet will continue to be assigned public ip addresses (and these may include
data servers, determined on a case-by-case basis).


The Department of Core Resources shall administer the Quarantine Networks at
NYP. The Security Officer shall administer and evaluate the network security
testing of servers.

                                             Page 1 
                                                                     23 July 2002 


Vendors and server administrators or custodians may only assemble and set up
new servers either standing alone (no network connection at all) or connected to
a network port on a quarantined network. Quarantined ip addresses will be in
the form, 10.120.x.x and the specific address appropriate for the location where
the server is being set up physically should be obtained Core Resources IP
Admin following the usual procedures for applying for an ip address. The
Quarantined network for a given location will be on VLAN 999.

 By default, all data processing services which would be delivered via the
network (e.g. Simple Network Management Protocol service) are not delivered
into a Quarantine network. While setting up and configuring a server, the
administrator may need certain services to be brought into the Quarantine
network for testing. Requests for these services for testing must be forwarded to
the Core Resources Security Admin. The requests must be narrowly defined,
noting the source and destination ip addresses and the TCP port number used.
Network Time Protocol and Netware Core Protocol are exceptions; those services
will be routinely allowed into the Quarantined networks.

When its administrator believes that the server is ready to go into production, the
server will be scanned – tested for known network security fallibilities. Any
security holes identified by the scan must be fixed before the server may be
moved off the quarantined network. The scan also generates warnings. These
will be pointed out to the administrator but do not require action. When a scan
shows no security holes, the server may be moved to a production network.

The server administrator applies to Core Resources IP Admin for a production ip
address and gets the port changed from the Quarantine VLAN to a production
VLAN. By default, servers will be assigned a private ip address (10.112.x.x or
10.115.x.x on the West Campus) but if the administrator chooses to make the case
for the server’s needing to reach or be reached over the Internet, a public ip
address will be assigned.

Immediately after the server has moved onto a production network, it will be
scanned again. If this scan turns up security holes for any reason, its network

                                             Page 2 
                                                                       23 July 2002 

connection will be broken (by disabling the port) until all holes are fixed. This
may require moving the server back into quarantine.

All scan results for the server will be collected and saved by the Security Officer
as a baseline measure of that server’s security.


NYP acknowledges that under rare circumstances, certain workers will need to
employ systems that are not compliant with this policy. All such instances must
be approved in writing and in advance by the Information Security Officer.
 It will not be easy to persuade the Information Security Officer that the
appropriate circumstances have actually come to pass.


NYP workers who willingly and deliberately violate this policy will be subject to
disciplinary action up to and including termination and civil and/or criminal

                                              Page 3 

To top