Skip to main content

Network Acceptable Use Policy

Katie Gibson
Updated

Overview

Elodyn’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Elodyn’s established culture of openness, trust and integrity. Elodyn is committed to protecting Elodyn's employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. Wavelength is a property of Elodyn.

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Elodyn. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations.

Effective security is a team effort involving the participation and support of every Elodyn employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

Purpose

 The purpose of this policy is to outline the acceptable use of computer equipment at Elodyn. These rules are in place to protect the employee and Elodyn. Inappropriate use exposes Elodyn to risks including virus attacks, compromise of network systems and services, and legal issues.

Scope

This policy applies to the use of information, electronic and computing devices, and network resources to conduct Elodyn business or interact with internal networks and business systems, whether owned or leased by Elodyn, the employee, or a third party. All employees, contractors, consultants, temporary, and other workers at Elodyn and its subsidiaries are responsible for exercising good judgment regarding appropriate use of information, electronic devices, and network resources in accordance with Elodyn policies and standards, and local laws and regulation. Exceptions to this policy are documented in the "Exceptions" section.

This policy applies to employees, contractors, consultants, temporaries, and other workers at Elodyn, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Elodyn.

General Use and Ownership

  • Elodyn proprietary information stored on electronic and computing devices whether owned or leased by Elodyn, the employee or a third party, remains the sole property of Elodyn.  You must ensure through legal or technical means that proprietary information is protected.
  • You have a responsibility to promptly report the theft, loss or unauthorized disclosure of Elodyn proprietary information.
  • You may access, use or share Elodyn proprietary information only to the extent it is authorized and necessary to fulfill your assigned job duties.
  • Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies on personal use, and if there is any uncertainty, employees should consult their supervisor or manager.
  • For security and network maintenance purposes, authorized individuals within Elodyn may monitor equipment, systems and network traffic at any time.
  • Elodyn reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
  • Elodyn will review this policy no less than yearly.
  • Individual access, especially administrative access, will be reviewed yearly.
  • Elodyn will review or terminate access when an employee is terminated or changes positions. 

Security and Proprietary Information

Passwords

Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or the Cisco network. This guideline provides best practices for creating secure passwords.

All user-level and system-level passwords must conform to the following guidelines:

Password Creation

  • Strong passwords have the following characteristics:
    • Contain at least 12 alphanumeric characters.
    • Contain both upper and lower case letters.
    • Contain at least one number (for example, 0-9).
    • Contain at least one special character (for example,!$%^&*()_+|~-=\`{}[]:";'<>?,/).
  • Poor, or weak, passwords have the following characteristics:
    • Contain less than eight characters.
    • Can be found in a dictionary, including foreign language, or exist in a language slang, dialect, or jargon.
    • Contain personal information such as birthdates, addresses, phone numbers, or names of family members, pets, friends, and fantasy characters.
    • Contain work-related information such as building names, system commands, sites, companies, hardware, or software.
    • Contain number patterns such as aaabbb, qwerty, zyxwvuts, or 123321.
    • Contain common words spelled backward, or preceded or followed by a number (for example, terces, secret1 or 1secret).
    • Are some version of “Welcome123” “Password123” “Changeme123”

Password Protection

  • You should never write down a password. Instead, try to create passwords that you can remember easily. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase, "This May Be One Way To Remember" could become the password TmB1w2R! or another variation.
  • Users must not use the same password for Elodyn accounts as for other non-Elodyn access (for example, personal ISP account, option trading, benefits, and so on).
  • Where possible, users must not use the same password for various Elodyn access needs.
  • User accounts that have system-level privileges granted through group memberships or programs such as sudo must have a unique password from all other accounts held by that user to access system-level privileges.
  • Where Simple Network Management Protocol (SNMP) is used, the community strings must be defined as something other than the standard defaults of public, private, and system and must be different from the passwords used to log in interactively. SNMP community strings must meet password construction guidelines.
  • Users must update their account credentials from the default setting when implementing a new account.

Password Change

  • All system-level passwords (for example, root, enable, NT admin, application administration accounts, and so on) must be changed on at least a quarterly basis.
  • All user-level passwords (for example, email, web, desktop computer, and so on) must be changed at least every six months. The recommended change interval is every four months.
  • Password cracking or guessing may be performed on a periodic or random basis by the Elodyn or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it to be in compliance.

Password Protection

  • Passwords must not be shared with anyone. All passwords are to be treated as sensitive, Confidential Elodyn information. Corporate Information Security recognizes that legacy applications do not support proxy systems in place. Please refer to the technical reference for additional details.
  • Passwords must not be inserted into email messages, Alliance cases or other forms of electronic communication.
  • Passwords must not be revealed over the phone to anyone.
  • Do not reveal a password on questionnaires or security forms.
  • Do not hint at the format of a password (for example, "my family name").
  • Do not share Elodyn passwords with anyone, including administrative assistants, secretaries, managers, co-workers while on vacation, and family members.
  • Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on a computer system or mobile devices (phone, tablet) without encryption.
  • Any user suspecting that his/her password may have been compromised must report the incident and change all passwords.

Application Development

Application developers must ensure that their programs contain the following security precautions:

  • Applications must support authentication of individual users, not groups.
  • Applications must not store passwords in clear text or in any easily reversible form.
  • Applications must not transmit passwords in clear text over the network.
  • Applications must provide for some sort of role management, such that one user can take over the functions of another without having to know the other's password.

Application developers may only access source code that is directly relevant to performing their business duties.

Passphrases

Passphrases generally are used for public/private key authentication. A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known only to the user. Without the passphrase to unlock the private key, the user cannot gain access.

A passphrase is similar to a password in use; however, it is relatively long and constructed of multiple words, which provides greater security against dictionary attacks. Strong passphrases should follow the general password construction guidelines to include upper and lowercase letters, numbers, and special characters (for example, TheTrafficOnThe101Was*&!$ThisMorning!).

All of the rules above that apply to passwords apply to passphrases.

  • Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.
  • All computing devices must be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less. You must lock the screen or log off when the device is unattended.
  • Postings by employees from a Elodyn email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Elodyn, unless posting is in the course of business duties.
  • Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malware.
  • Full-Disk Encryption
    • All devices used to access the Network shall be configured with full disk encryption (FDE) software. This includes Elodyn laptops as well as mobile phones, tablets, or PDAs.
    • Acceptable FDE solutions include Windows Bitlocker, Apple FileVault 2, iOS Data Protection, and Android System Encryption.
    • Other solutions will be evaluated as necessary.
    • All devices used to access the Network shall be configured to require a password prior to access.
  • Unauthorized Devices
    • Employees should not connect any device to the Network that is not authorized by Elodyn.
    • Elodyn information and materials shall not be copied to, stored on, processed or transmitted using unauthorized devices.

Remote Access Policy

It is the responsibility of Elodyn employees, contractors, vendors and agents with remote access privileges to Elodyn's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Elodyn.

General access to the Internet for recreational use through the Elodyn network is strictly limited to Elodyn employees, contractors, vendors and agents (hereafter referred to as “Authorized Users”).  When accessing the Elodyn network from a personal computer, Authorized Users are responsible for preventing access to any Elodyn computer resources or data by non-Authorized Users. Performance of illegal activities through the Elodyn network by any user (Authorized or otherwise) is prohibited.  The Authorized User bears responsibility for and consequences of misuse of the Authorized User’s access.

Authorized Users will not use Elodyn networks to access the Internet for outside business interests.

For additional information regarding Elodyn's remote access connection options, contact security-abuse@elodyn.com

  • Secure remote access must be strictly controlled with encryption (i.e., Virtual Private Networks (VPNs)) and strong pass-phrases.
  • Authorized Users shall protect their login and password, even from family members.
  • While using a Elodyn-owned computer to remotely connect to Elodyn's corporate network, Authorized Users shall ensure the remote host is not connected to any other network at the same time, with the exception of personal networks that are under their complete control or under the complete control of an Authorized User or Third Party.
  • Use of external resources to conduct Elodyn business must be approved in advance by Elodyn Management.
  • All hosts that are connected to Elodyn internal networks via remote access technologies must use the most up-to-date anti-virus software, this includes personal computers.
  • Personal equipment used to connect to Elodyn's networks must meet the requirements of Elodyn-owned equipment for remote access.

Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).

Under no circumstances is an employee of Elodyn authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Elodyn-owned resources.

The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

System and Network Activities

The following activities are strictly prohibited, with no exceptions:

  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Elodyn.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Elodyn or the end user does not have an active license is strictly prohibited.
  • Accessing data, a server or an account for any purpose other than conducting Elodyn business, even if you have authorized access, is prohibited.
  • Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.
  • Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
  • Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.
  • Using a Elodyn computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.
  • Making fraudulent offers of products, items, or services originating from any Elodyn account.
  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties.
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
  • Port scanning or security scanning is expressly prohibited unless prior notification to Elodyn management is made.
  • Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty.
  • Circumventing user authentication or security of any host, network or account.
  • Introducing honeypots, honeynets, or similar technology on the Elodyn network.
  • Interfering with or denying service to any user other than the employee's host (for example, denial of service attack).
  • Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
  • Providing information about, or lists of, Elodyn employees to parties outside Elodyn.

Email and Communication Activities

Electronic email is pervasively used in almost all industry verticals and is often the primary communication and awareness method within an organization. At the same time, misuse of email can post many legal, privacy and security risks, thus it’s important for users to understand the appropriate use of electronic communications. This policy covers appropriate use of any email sent from a Elodyn email address and applies to all employees, vendors, and agents operating on behalf of Elodyn.

  • All use of email must be consistent with Elodyn policies and procedures of ethical conduct, safety, compliance with applicable laws and proper business practices. 
  • Elodyn email account should be used primarily for Elodyn business-related purposes; personal communication is permitted on a limited basis, but non-Elodyn related commercial uses are prohibited.
  • All Elodyn data contained within an email message or an attachment must be secured.
  • The Elodyn email system shall not to be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, hair color, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Employees who receive any emails with this content from any Elodyn employee should report the matter to their supervisor immediately.
  • Users are prohibited from automatically forwarding Elodyn email to a third party email system.  Individual messages which are forwarded by the user must not contain Elodyn confidential or above information.
  • Users are prohibited from using third-party email systems and storage servers such as Google, Yahoo, and MSN Hotmail etc. to conduct Elodyn business, to create or memorialize any binding transactions, or to store or retain email on behalf of Elodyn.  Such communications and transactions should be conducted through proper channels using Elodyn-approved documentation. 
  • Using a reasonable amount of Elodyn resources for personal emails is acceptable, but non-work related email shall be saved in a separate folder from work related email.  Sending chain letters or joke emails from a Elodyn email account is prohibited.
  • Elodyn employees shall have no expectation of privacy in anything they store, send or receive on the company’s email system.
  • Elodyn may monitor messages without prior notice. Elodyn is not obliged to monitor email messages.
  • The following are prohibited:
    • Unauthorized use, or forging, of email header information.
    • Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.
    • Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
    • Use of unsolicited email originating from within Elodyn's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Elodyn or connected via Elodyn's network.
    • Posting the same or similar non-business- related messages to large numbers of Usenet newsgroups (newsgroup spam).

Additionally, when using company resources to access and use the Internet, users must realize
they represent the company. Whenever employees state an affiliation to the company, they
must also clearly indicate that "the opinions expressed are my own and not necessarily those of the company". Questions may be addressed to Elodyn Management.

Policy Compliance

Compliance Measurement

The Elodyn team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions

Any exception to the policy must be approved by the Elodyn team in advance.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk