Access Control Policies:
We have a strict policy in place in regard to attempted exploitation by various Individuals and Organizations connected to the internet. This has facilitated the need to create ACL's to limit their attempted exploitation of our Hardware, Bandwidth and System resources.
The most perturbing fact that the attempted exploitations are on the rise and is largely due to ill trained Administrators, Companies with bad Network Policy, Junkmailers, uninformed end users and poorly written Software, that allow their Host Systems and resources to be used as weapons to endanger / damage other networks.
Common courtesy and responsibility appears to be on the wane, thus forcing us to Publish and apply strict rules to traffic entering and leaving our Networks. This Policy covers all traffic services and protocols currently available on the Internet, that may access our network. Certain types of attempted unauthorized access is considered more of a nuisance, than others which are attempted intrusion attempts.
The following services are monitored at a Packet layer level :
The following attempted abuse of our Systems will be blocked by IP, Network or Protocol from accessing our Network:
- Port Scanning.
- Infected Hosts and Networks.
- Unsolicited email.
- Badly configured mailservers with no reverse lookup
- Hosts running with unauthorized services.
- Mail from misconfigured mail servers.
- We do not accept mail from mail servers that do not have, proper reverse records.
- Direct MX from dialup and DSL / Cable IP's are no longer acceptable - only from legitimate, authorized mail servers, as published in properly configured DNS servers.
In the event a person cannot access our network on the allowable services, they need to change their provider. their providers lax security policy has in fact been the cause of the limiting of what is available to be accessed. The most common reasons is the lack of response from their ISP to curtail attempted abuses originating from their network.