Home | Web Design | Web Hosting | IT Security | Infrastructure | IT Management
Site Search
WAF - Spacer Image
WAF - Upper Left Page Border Image WAF - Upper Right Page Border Image
Services
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image

If you are like most business owners, you do not want to deal with IT details. You want to focus your attention on achieving your long-term business objectives and managing your day-to-day business operations. You need a business partner like WAF Enterprises to manage part or all of your IT needs. Our services include:
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image
WAF Enterprises - Bookmark This Site!
WAF - Upper Left Page Border Image WAF - Upper Right Page Border Image
SSL Secured
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image

Our site is 256 bit SSL SECURED. SSL (Secure Socket Layer) is the industry standard for viewing and sending sensitive information on an internet browser. Click on the SSL image below to browse our site safely with SSL.

WAF Enterprises - SSL Security Logo
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image
WAF - Upper Left Page Border Image WAF - Upper Right Page Border Image
Hit Counter
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image

Visitors
www.reliablecounter.com
Free Hit Counter
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image
WAF - Upper Left Page Border Image WAF - Upper Right Page Border Image
Security Policy
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image

Notice on Cyber Attacks and Online Theft

WAF Enterprises takes cyber attacks and online theft seriously. If you are reported and verified as a cyber attacker or online theft, all relevant details will be reported to the Internet Crime Complaint Center (IC3) and all applicable authorities. The IC3 shares information with the FBI and other agencies for the purpose of investigating all aspects of cyber crimes. Punishment can be up to 5, 15, 20, or 30 years in federal prison, plus fines. In addition, punishments for the unlawful use of "means of identification" were strengthened in 1028A ("Aggravated Identity Theft"), allowing for consecutive sentences under specific enumerated felony violations.

 Introduction


WAF Enterprises is committed to protecting the privacy and security of customers on our website. This Security Policy will advise you about our guidelines concerning the use of your personal information, including, without limitation, the reasonable efforts we make to protect your personal information in accord with these guidelines, and about what choices you have concerning our use of such information.

Please read this policy carefully. We may need to change this policy from time to time in order to address new issues and reflect changes on our website. We will post those changes here so that you will always know our policies regarding what information we gather, how we might use that information, and whether we will disclose that information to anyone. Please refer back to this policy regularly. If you have any questions or concerns about our Security Policy, please send an email to .

This Security Policy applies to your use of the website and services owned or operated by WAF Enterprises (collectively "we, " "us, " or "our"), including www.WAFEnterprises.com, WAF Enterprises and any other retail or website we may own or operate currently or in the future (collectively, the "Site" or "Sites"). Unless we say otherwise, all references to the Sites in this policy include all such sites. This policy does not apply to your use of sites to which any of the Sites link too. This policy covers only information collected on the Sites and does not cover any information collected offline by us.

 Intent


The intent of this Security Policy is to ensure that all systems installed on the WAF Enterprises network are maintained at appropriate levels of security while at the same time not impeding the ability of WAF Enterprises users and support staff to perform their work. The purpose is:
  • to define where equipment is to be placed on the network;
  • to define who may access network equipment;
  • to define how access to this equipment is to be controlled; and,
  • to define how data traveling over the network is to be protected.
 Applicability


This policy applies to:
  • any IP networks (existing and future) to which WAF Enterprises network equipment is connected;
  • all equipment connected to the networks mentioned above
  • any IP networks across which WAF Enterprises data travels;
  • data in transit over any of the above-mentioned networks;
  • network administrators managing the equipment;
  • project leaders requiring new equipment to be connected to the network; and,
  • all users utilizing equipment that is connected to the network.
This includes but is not limited to:
  • the User LAN
  • the SERVER LAN
  • the Backup SERVER LAN
  • remote sites.
This policy will also apply to all equipment connected to the networks mentioned above, and all WAF Enterprises employees using any of this equipment.

 Position


The security policy is based on the principles and guidelines described in the WAF Enterprises Information Security Framework document. All WAF Enterprises network equipment (routers, servers, workstations etc) shall be classified according to the standard WAF Enterprises classification scheme and placed in a network segment appropriate to its level of classification. Access to these segments must be controlled in an appropriate manner. Whenever data travels over a network segmentation of a lower security classification then the data shall be protected in manner appropriate to its classification level.

 Classification


In accordance with the WAF Enterprises Information Security Framework document, all users, hosts and data must be classified as security level 1 (unclassified), 2 (shared), 3 (company only) or 4 (confidential). All physical network segments, IP subnets and other IP traffic carriers must be classified in the same way. All data travelling on an IP network must be classified, and all users using network equipment or requesting data over the network must be assigned a level of clearance according to the same system.

It is the function of the person designated as the equipment owner to have all equipment under his or her control classified. The owner is defined as the head of division installing the equipment. Classification is done in consultation between the owner (or an assigned representative) and the Security Officer, but the final decision shall lie with the Security Officer.

For a description of the WAF Enterprises system of security level classification, the concept of ownership and the role of the Security Manager, refer to the WAF Enterprises Information Security Framework document.

 Network Segmentation

  1. Unless otherwise stated in the security policy or in the Information Security Policy Framework document all network segments are classified Level 1 - Unclassified.
  2. The classification of network segments is given in the section of this article entitled Discussion of Classifications, which follows.
  3. A network segment can only be classified as another security level with approval of the WAF Enterprises Security Officer. Its new level of classification must be recorded in this document and all divisional heads must be notified.
  4. Wherever a network segment connects to another network segment with a different security level, then the connection between the two networks must be controlled by an approved trusted point. A trusted point is equipment capable of regulating the flow of traffic between two network segments in a manner appropriate to the classification of the networks. Trusted points are covered in detail in the section that follows.
  5. No network equipment may be connected to a network segment that is not of the same security level as the equipment itself.
  6. The WAF Enterprises Security Officer may also choose to segment two networks of the same security level.
 Trusted Points

  1. The trusted point used to segment two networks shall be appropriate for the network with the highest security level.
  2. The default behavior of a trusted point must be to deny all IP traffic between the network segments it protects.
  3. At the discretion of the WAF Enterprises Security Officer, the default behavior of the trusted point may be to allow all traffic out from the network with the higher security level whilst denying all traffic in.
  4. At the discretion of the WAF Enterprises Security Officer, the trusted point may be configured to allow specific into the network with the higher security level
  5. All trusted points must be completely under the control of the Security Officer. Access to any trusted point shall only be granted with the explicit permission of the Security Manager and under his or her close supervision.
  6. There are a number of technologies that can act as trusted points. They are divided into the following categories:
    • Network Level Control: TCP wrappers, host lists, filter routers, network-level firewalls, V-LAN switches etc.;
    • User Level Control: application proxies, user-level firewalls etc.; and,
    • Strong User-Level Control: token-based user authentication systems, certificates etc.
  7. Whenever there is a connection that skips over one security level the strong user level control must be used. Even if strong user control is used, a connection may never skip more than one security level.
 Data In Transit

  1. Data moving on the network between any two network-components is considered to be "data in transit". This also includes all control and management sessions.
  2. All network technologies are regarded as either "safe" or "unsafe" in their native state (i.e. without any encryption). The only networks regarded as safe by WAF Enterprises are Frame-Relay PVCs (as used on the WAF Enterprises backbone) and switched Ethernet LANs. All other network types are regarded unsafe.
  3. All data in transit over an unsafe network segment that has a classification lower than the classification of the data must be protected by data encryption. Data in transit over a safe network segment may be encrypted at the discretion of the Security Officer.
  4. Encryption of data in transit may take any of the following forms:
    • network encryption, in which data is encrypted at the IP layer (for example, with IPSec);
    • session encryption, in which data is encrypted at a TCP layer (for example, with SSL);
    • message encryption, in which blocks of data are encrypted before they are sent (for example, with SMIME); and,
    • data encryption, in which the entire data package is encrypted before it is transmitted (for example, with file encryption).
  5. Encryption systems used must offer strong encryption (more then 100 bit encryption keys) and use internationally recognized encryption algorithms. The choice of the crypto-algorithm is the responsibility of the Security Officer.
 Classification of Users

  1. Every user is designated as unclassified until his or her classification is explicitly changed with the written approval of the Security Officer.
  2. When a new employee joins WAF Enterprises, a request is made by the employee's manager to the Security Officer for a new level of clearance. It is the responsibility of the manager to justify the requested level of clearance.
  3. Unless there is strong justification, all new employees shall be cleared for the level WAF Enterprises Only, but only after they have signed an employment contract including acceptance of this policy and non-disclosure forms.
  4. The Security Officer is responsible for managing and controlling the record of clearance levels for all personnel.
  5. It is the responsibility of all system owners and system administrators to determine the security level of a given user before granting that user access to any system.
  6. It is the responsibility of the user to know his or her own clearance level and to understand the rights and limitations associated with that clearance.
 Classification of Equipment

  1. All computing equipment must be given a classification by the Security Officer.
  2. Classifications for existing and future equipment are as follows:
    • all user workstations, file-servers, print-servers etc should be classified as Company Only;
    • all LAN servers and other hosts used in the management of the WAF Enterprises backbone infrastructure or WAF Enterprises internal network infrastructure will be classified as Confidential;
    • all backbone equipment (including switches, remote access servers, ADSL chassis etc) that are not located on WAF Enterprises premises will be classified as Shared; and,
    • all equipment used in the transfer of data to and from the Internet will be classified as Shared.
  3. The Security Officer must maintain a complete list of the classifications of all computing equipment in the WAF Enterprises network and in the WAF Enterprises backbone.
 Classification of Networks


The WAF Enterprises Security Officer must classify every network segment that constitutes part of the WAF Enterprises infrastructure. A complete list of the classifications of all network segments in the WAF Enterprises network and in the WAF Enterprises backbone is maintained by the Security Officer. Classifications for existing WAF Enterprises network segments are as follows:
  • The WAF Enterprises User LAN located is classified as Company Only.
  • The SERVER LAN & backup SERVER LAN are classified as Confidential.
  • The WAF Enterprises Frame-Relay Backbone is classified as Shared.
  • The Remote sites are classified as Shared.
  • The SERVER LAN and the Portal Segment are classified as Shared.
 Classification of Data


Any WAF Enterprises user with legitimate access to WAF Enterprises data may, with sufficient justification, change the classification of the data. The user may only change the classification of data if there is sufficient, justifiable reason to do so. Users will be held strictly responsible for these decisions.

All newly created data must be classified Company Only until it is reclassified by a user, who does so on his or her own prerogative. Users are held solely responsible for any data whose classification they change. Classifications for existing WAF Enterprises data are given below:
  • WAF Enterprises business information (memos, financial documents, planning documents etc) should be classified as Company Only;
  • WAF Enterprises customer data (contact details, contracts, billing information etc) should be classified as Company Only;
  • network management data (IP addresses, passwords, configuration files, etc.) should be classified as Confidential;
  • human resources information (employment contracts, salary information, etc.) should be classified Confidential;
  • Published information (pamphlets, performance reports, marketing material, etc.) should be classified Shared;
  • E-mail between WAF Enterprises employees should be classified Company Only; and,
  • E-mail between WAF Enterprises employees and non-WAF Enterprises employees should be regarded as Unclassified.
 Classifications: Roles and Responsibilities

  1. It is the responsibility of the user to:
    • know his or her own clearance level and to understand the rights and limitations associated with that clearance;
    • ensure all the data he or she works with is correctly classified;
    • ensure that he or she understands the restrictions associated with the data he or she is working with; and,
    • ensure all the data he or she works with is housed and protected appropriately.
  2. It is the responsibility of all system owners and system administrators to:
    • determine the security level of a given user before granting that user access to any system;
    • verify the classification of the equipment they manage; and,
    • verify that the equipment is installed and protected in accordance with its classification.
  3. It is the responsibility of each divisional manager to:
    • obtain clearance for employees in his or her divisions;
    • clarify the classification of data on systems under his or her control;
    • clarify the classification of equipment under his or her control and to ensure that those systems are correctly installed; and,
    • ensure all employees in that division understand and implement this policy.
  4. It is the responsibility of the Security Officer to:
    • approve all classifications;
    • maintain a list of all classifications;
    • control and manage all trusted points; and,
    • determine the type of cryptographic protection to be used for data in transit.
 Compliance

  1. Any user accessing a data, equipment or a physical location with insufficient clearance can face disciplinary action, dismissal and criminal or civil prosecution.
  2. Any user allowing access to a system that he or she controls for someone with insufficient clearance can face disciplinary action, dismissal and criminal or civil prosecution.
  3. Any person connecting equipment that is not classified to the network or connecting equipment to an inappropriate part of the network or in an inappropriate location can face disciplinary action, dismissal and criminal or civil prosecution.
  4. Any person transmitting data over any network without the appropriate cryptographic protection for that data can face disciplinary action, dismissal and criminal or civil prosecution.
  5. Any person changing the classification of data in a way that is reckless, irresponsible or in any damaging to WAF Enterprises, their share holders or any of their clients can face disciplinary action, dismissal and criminal or civil prosecution.
 Points of Contact and Supplementary Information


For a description of the WAF Enterprises system of security level classification, users should refer to the WAF Enterprises Information Security Framework document. For enquiries regarding the classification of data, equipment, network segments or physical locations or the clearance level of users, interested parties should be directed to contact the WAF Enterprises Security Officer.

Last Updated:  June 1, 2017

WAF - Back Page Button WAF - Home Page Button WAF - Top Page Button
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image
WAF - Upper Left Page Border Image WAF - Upper Right Page Border Image
Hosting Services
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image

Free Domain Name Free Domain Name
Get a free .com, .net, .org, .biz, or .info domain free with the purchase of an annual hosting plan.
Smarter Email Email & FTP
500 email accounts with powerful spam filtering features.
Smarter Website Statistics Smarter Stats
Track and monitor your websites traffic and activity.
IP Blocking IP Blocking
Stop unwanted traffic from IP Addresses from known cyber criminals.
SpamExperts Spam Filtering
Secure your mail server from spam, virus, phishing and malware attacks.
SSL Certificate SSL Certificate
256 bit industry standard encryption.
Hosting Plans Hosting Plans
Has one of highest levels of availability in the industry.
Compare Hosting Plans Compare Plans
and select the plan to meet all your needs.
Network Infrastructure Infrastructure Features
Resilient network infrastructure built to eliminate any single point of failure.
24x7x365 Support Hosting Support
Expert technical support via phone, or email.
WAF - Lower Left Page Border Image WAF - Lower Right Page Border Image
WAF - Spacer Image
Vendors and Partners
Copyright © 2004-2017
About Us | Contact Us | Terms | Privacy | Security | Links | Sitemap
All Rights Reserved