Differences

This shows you the differences between two versions of the page.

--- wiki:policies:network [2021/11/17 17:15]
katcow
+++ wiki:policies:network [2024/01/24 21:24] (current)
katcow
@@ Line 11: / Line 11: @@
 ==== III. Wireless Connection Policy ====
-Wireless network acceptable practices are based on data classification. Public data may be accessed on any network. Internal Nested Knowledge data, confidential data, and restricted data may only be accessed on secure networks. All personnel accessing non-public data must avoid the use of public, high-risk networks.
+Wireless network acceptable practices are based on the data classification system. Public data may be accessed on any network. Internal Nested Knowledge data, confidential data, and restricted data may only be accessed on secure networks. All personnel accessing non-public data must avoid the use of public, high-risk networks.
 === Home Network Procedures: ===
-All employess and contractors will be provided with guidance on procedures for safely using home networks, which includes practices such as using strong passwords, eliminating guest networks, securing IoT devices, and frequently updating devices.
+All employees and contractors are provided with guidance on procedures for safely using home networks, which includes practices such as using strong passwords, eliminating guest networks, securing IoT devices, and frequently updating devices.
 ====== Network Security Policy ======
@@ Line 29: / Line 29: @@
 ==== III. Network Security Policy ====
-Nested Knowledge, a fully remote company, does not maintain any networks. In a scenario where Nested Knowledge operates an on-site network, we will update our security plan to include regular monitoring for malicious activity.
+Nested Knowledge, a fully remote company, does not maintain any internal networks for employees.
-==== Security protocols for the transmission of data across the network====
+The Nested Knowledge cloud application, marketing site, and wiki run in an isolated, private network (AWS Virtual Private Cloud, "VPC"). Only front-end servers are exposed to the internet via gateway; backend services and databases are unreachable outside the VPC. Access to the VPC is provided by a bastion host via SSH key authentication. All access attempts to the VPC are logged with IP address, port/protocol, and time of access and periodically reviewed for unexpected or malicious activity and retained for a period of 1 year.
- (e.g., use of SSH and HTTPS)
-====Firewall management====
+==== Security protocols for the transmission of data across the network ====
-(i.e., admin access, configuration settings, log maintenance
-==== Network change management procedures====
+All communications from the VPC are encrypted by SSH (developers) or HTTPS (users of the application). Within the VPC, communcations between all services and the database are encrypted via TSL.
- (i.e., change request, approval, testing, deployment) In addition, define a process to review and approve the policy on at least an annual basis.
-===== Revision History  =====
+==== Network change management procedures ====
+When network architecture changes, a review by the technical lead, Karl Holub, must be processed. Additionally, the technical lead will perform annual review of this policy and ongoing compliance.
+===== Revision History =====
 ^Author^Date of Revision/Review^Comments|
-|K. Cowie|11/15/2021|Initial draft partially complete|
+|K. Cowie|01/24/2024|Reviewed|
-|K. Kallmes| | |
+|K. Holub|11/7/2022|Review|
-|K. Holub| | |
+[[:wiki:policies|Return to Policies]]

Nested Knowledge

User Tools

Site Tools

Differences

Page Tools