Sample Security Policy?

[travelingregbaker at yahoo.com (Gregory Baker)]

David,


The SANS Reading room has a number of different sample VPN policies
Perhaps one of these can get you started.

www.sans.org/resources/policies/Virtual_Private_Network.doc
www.sans.org/resources/policies/Virtual_Private_Network.pdf
www.sans.org/reading_room/whitepapers/vpns/881.php
www.sans.org/info/27959

Regards 

--- On Fri, 10/2/09, David A. Gershman <dagershman_dgt at dagertech.net> wrote:

> From: David A. Gershman <dagershman_dgt at dagertech.net>
> Subject: [Pauldotcom] Sample Security Policy?
> To: "PaulDotCom Security Weekly Mailing List" <pauldotcom at mail.pauldotcom.com>
> Date: Friday, October 2, 2009, 11:24 PM
>
> Hi All,
>
> I have a 'demo' network made up of HW from different
> vendors.? Each
> vendor wants to VPN in to their equipment.? All the
> equipment (which has
> pretty much no security) is linked together by a switch
> (which also has
> pretty much no security...not my doing).
>
> I want to draft a security policy for the vendors to sign
> prior to
> connection releasing 'my employer' from liability should
> one vendor's
> VPN client get infected as a result of another vendor's VPN
> client.
> (i.e. using the demo network as a bridge)
>
> Anyone know where I can find sample security policies
> (hopefully not 10s
> of pages long) which may include such type clauses
> (releasing all
> liability)?
>
> Thanks.
>
> ----------------------------------------
> David A. Gershman
> gershman at dagertech.net
> http://dagertech.net/gershman/
> "It's all about the path!" --d. gershman
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com