Đang tải... (xem toàn văn)
Sample Email and Virus Security Policy It is the responsibility of everyone who uses the network to take reasonable measures to protect that network from virus infections. The attached document, provided by The Computer Guy, outlines how various viruses can infect the network, how the IT department tries to prevent andor minimize infections, and how the network users should respond to a virus if they suspect one has infected the network.
Sample E-mail and Virus Security Policy Version 1.0 Published Nov 13,2004 By William Loring, The Computer Guy Email and Virus protection policy Prohibited use Users shall not use Internet or e-mail services to view, download, save, receive, or send material related to or including: • Offensive content of any kind, including pornographic material • Promoting discrimination on the basis of race, gender, national origin, age, marital status, sexual orientation, religion, or disability • Threatening or violent behavior • Illegal activities • Commercial messages • Messages of a religious, political, or racial nature • Gambling • Sports, entertainment, and job information and/or sites • Personal financial gain • Forwarding e-mail chain letters, jokes, or stories • Sending business-sensitive information by e-mail or over the Internet • Dispersing corporate data to Company’s customers or clients without authorization • Opening files received from the Internet without performing a virus scan • Downloading and installing programs, especially spyware or ad-ware, on the workstation How viruses can infect a network There are actually three various types of computer viruses: true viruses, Trojan horses, and worms True viruses actually hide themselves, often as macros, within other files, such as spreadsheets or Word documents When an infected file is opened from a computer connected to the network, the virus can spread throughout the network and may damage A Trojan horse is an actual program file that, once executed, doesn't spread but can damage the computer on which the file was run A worm is also a program file that, when executed, can both spread throughout a network and damage to the computer from which it was run Viruses can enter the network in a variety of ways: E-mail—By far, most viruses are sent as e-mail attachments These attachments could be working documents or spreadsheets, or they could be merely viruses disguised as pictures, jokes, etc These attachments may have been knowingly sent by someone wanting to infect [organization name]'s network or by someone who does not know the attachment contains a virus However, once some viruses are opened, they automatically e-mail themselves, and the sender may not know his or her computer is infected Forwarding jokes to friends is a very common vector for email viruses Whenever you send, reply or forward a message, your email address is included in the message When the recipient forwards the message to someone else, and they forward it to someone else, your email address can end up on hundreds of pc’s If any one of those pc’s gets infected by a virus, they can send a virus to your e-mail address, even though you may never have directly emailed them The virus will send a copy of itself to any address in their computer, including spam addresses, so now you are getting viruses, and spam With most new e-mail viruses, there is no way to trace who sent it, because the source address is forged Be careful who you give your email address to and who you email Disk, CD, Zip disk, or other media—Viruses can also spread via various types of storage media As with e-mail attachments, the virus could hide within a legitimate document or spreadsheet or simply be disguised as another type of file Software downloaded from the Internet—Downloading software via the Internet can also be a source of infection As with other types of transmissions, the virus could hide within a legitimate document, spreadsheet, or other type of file Instant messaging attachments—Although less common than e-mail attachments, more viruses are taking advantage of instant messaging software These attachments work the same as e-mail viruses, but they are transmitted via instant messaging software How the IT department prevents and/or minimizes virus infections Removing Emailed program files at the firewall-Most email viruses hide themselves in program files These types of program files are removed at the firewall, i.e exe, com, bat These are the most common types of files to have email viruses, and in the normal workday, an employee has no need of emailing these types of files If the transfer of these types of files is necessary, please contact the IT department Why we block programs files from Email transmission? A virus can sweep the internet much faster than an Anti Virus vendor can update their software, by preventing these types of files from ever entering our network, we are proactively preventing infection by new viruses that are not detected by anti virus software Email Server Anti virus-The email server has an anti virus program that scans all messages and removes viruses before the email message gets to the users desktop Scanning Internet traffic—All Internet traffic coming to and going from our network must pass through company servers and other network devices Only specific types of network traffic are allowed beyond the organization’s exterior firewalls Many types of program downloads will be blocked Running server and workstation antivirus software—All servers run antivirus scanning software This software scans our file-sharing data stores, looking for suspicious code Antivirus protection software is also installed on all organization workstations This software scans all data written to or read from a workstation's hard drive If it finds something suspicious, it isolates the dubious file on the computer and automatically notifies the help desk Routinely updating virus definitions—Every morning, the server virus scanning programs check for updated virus definitions These definition files allow the software to detect new viruses If a new virus definition file is available, the virus scanning software is automatically updated, and then the system administrator is informed When end users turn on their computers at the beginning of the workday, the workstation virus protection program checks with a server on the network for updates The workstation program will then download and install the update automatically, if one exists How to respond to and report a virus Even though all Internet traffic is scanned for viruses and all files on the company’s servers are scanned, the possibility still exists that a new or well-hidden virus could find its way to an employee’s workstation, and if not properly handled, it could infect [Company]'s network The IT staff will attempt to notify all users of credible virus threats via e-mail or telephone messages Because this notification will automatically go to everyone in the organization, employees should not forward virus warning messages On occasion, wellmeaning people will distribute virus warnings that are actually virus hoaxes These warnings are typically harmless; however, forwarding such messages unnecessarily increases network traffic As stated, it is the responsibility of all [Company] network users to take reasonable steps to prevent virus outbreaks Use the guidelines below to your part: 1) Do not open unexpected e-mail attachments, even from coworkers or someone you know 2) Never open an e-mail or instant messaging attachment from an unknown or suspicious source 3) Never download freeware or shareware from the Internet without express permission of the IT department 4) If a file you receive contains macros that you are unsure about, disable the macros Notify the IT department of suspicious files If you receive a suspicious file or e-mail attachment, not open it Call [Company]'s help desk at extension [insert extension number] and inform the support analyst that you have received a suspicious file The support analyst will explain how to handle the file If the potentially infected file is on a disk that you have inserted into your computer, the antivirus software on your machine will ask you if you wish to scan the disk, format the disk, or eject the disk Eject the disk and contact the help desk at extension [insert extension number] They will instruct you on how to handle the disk After the support analyst has neutralized the file, send a note to the person who sent/gave you the file notifying them that they sent/gave you a virus (If the file was sent via e-mail, the antivirus software running on our e-mail system will automatically send an e-mail message informing the sender of the virus it detected.) If the file is an infected spreadsheet or document that is of critical importance to [Company], the IT department will attempt to scan and clean the file The IT department, however, makes no guarantees as to whether an infected file can be totally cleaned and will not allow the infected file to be used on [Company] computers 5 NarrowCast Group, LLC ●●● 111 West Washington St Suite 300 ●●● Louisville, KY 40202 Terms and Conditions Thank you for participating in IT Business Edge’s Knowledge Network, a professional community providing users with high-quality, useful information, documents, tools, and templates (collectively "Works" and individually a "Work") to support your business’ success (collectively ITBusinessEdge.com and the Knowledge Network shall be referred to as the "Service") By using the Service, you agree to the following terms and conditions of use and any changes or modifications made and published online from time to time without notice to you All downloaded Works are exclusively for the personal or professional use of the individual or company that downloads the Works No part of any Work on the Knowledge Network may be reproduced, distributed, or resold in any form, by any means, without the express permission of the copyright holder Works uploaded to the Knowledge Network must be uploaded by the copyright holder or a designated representative of the copyright holder By uploading a Work to the Knowledge Network, you represent and warrant that you hold the copyright to the Work or have the express permission of the copyright holder to upload the Work By uploading a Work, you further agree to indemnify, defend, and hold harmless IT Business Edge and its subsidiaries and affiliates and their respective directors, officers, shareholders, employees, agents, clients and contractors from and against any loss, claim, demand, cost and expense (including reasonable legal fees) asserted by any third party due or arising from or in connection with the uploaded Work IT Business Edge reserves the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, which shall not excuse your indemnity obligations All persons who upload Works to the Knowledge Network grant to IT Business Edge an irrevocable, perpetual, world-wide, royalty-free, and non-exclusive license to redistribute those Works through the Knowledge Network and other interactive channels Any user who creates a derivate Work based on a Work on the Knowledge Network hereby assigns the copyright to the derivative Work to the original copyright holder Documents or materials created explicitly for direct marketing campaigns should not be submitted the Knowledge Network Any Work known to be violating this policy will be removed immediately Users that knowingly upload Works for which they not own the copyright are subject to removal from the Knowledge Network It is the IT Business Edge’s policy to respond to notices of alleged copyright infringement that comply with applicable intellectual property law, including but not limited to the Digital Millennium Copyright Act If your copyright is infringed: If you believe that material posted on this site violates your copyright, or provides references or links to any other websites which contain allegedly infringing materials, please immediately provide IT Business Edge’s Copyright Agent with a written statement (“Notification of Copyright Infringement”) IT Business Edge reserves the right to evaluate complaints of abusive behavior, including profanity and threatening language, in all of our interactive user experiences, including the Knowledge Network Any content determined to be abusive may be removed, and users found to be engaged in abusive conduct may have their subscription to the IT Business Edge, including but not limited to access to the ITBusinessEdge.com website and the Knowledge Network, revoked DISCLAIMER OF WARRANTIES IT Business Edge will use its best efforts to moderate all uploaded Works for quality and technical veracity before they are published for use by the Knowledge Network community Nevertheless, THE KNOWLEDGE NETWORK AND ASSOCIATED CONTENT ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS AND YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK IT BUSINESS EDGE EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY OR OTHER VIOLATIONS OF RIGHTS YOU UNDERSTAND AND AGREE THAT ANY OF THE MATERIAL AND/OR OTHER DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF SERVICE IS DONE AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOADING OF SUCH MATERIAL OR DATA NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM IT BUSINESS EDGE OR THROUGH THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THE TERMS OF SERVICE LIMITATION OF LIABILITY YOU EXPRESSLY UNDERSTAND AND AGREE THAT IN NO EVENT SHALL IT BUSINESS EDGE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, CONTENT OR OTHER INTANGIBLE LOSSES (EVEN IF IT BUSINESS EDGE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), RESULTING FROM (I) THE USE OR INABILITY TO USE THE SERVICE (INCLUDING, BUT NOT LIMITED TO DELETION OR LOSS OF CONTENT, DEFECTS OR DELAYS IN TRANSMISSION, OR ANY FAILURE OF A SERVER, OR THE INTERNET), (II) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES RESULTING FROM THE COST OF ANY GOODS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE SERVICE, (III) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA, (IV) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICE OR, (V) ANY OTHER MATTER RELATING TO THE SERVICE IF YOU ARE DISSATISFIED WITH THE SERVICE, THE MATERIALS AVAILABLE ON OR THROUGH THE SERVICE, OR WITH ANY OF THE TERMS OF SERVICE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USE OF THE SERVICE Again, thanks for subscribing to ITBusinessEdge.com and being part of the Knowledge Network Copyright © 2003-2008 NarrowCast Group, LLC All rights reserved http://www.itbusinessedge.com ... infection by new viruses that are not detected by anti virus software Email Server Anti virus- The email server has an anti virus program that scans all messages and removes viruses before the email message... Edge and its subsidiaries and affiliates and their respective directors, officers, shareholders, employees, agents, clients and contractors from and against any loss, claim, demand, cost and expense... e-mail viruses, but they are transmitted via instant messaging software How the IT department prevents and/ or minimizes virus infections Removing Emailed program files at the firewall-Most email viruses