David,
The SANS Reading room has a number of different sample VPN policies Perhaps one of these can get you started. www.sans.org/resources/policies/Virtual_Private_Network.doc www.sans.org/resources/policies/Virtual_Private_Network.pdf www.sans.org/reading_room/whitepapers/vpns/881.php www.sans.org/info/27959 Regards --- On Fri, 10/2/09, David A. Gershman <[email protected]> wrote: > From: David A. Gershman <[email protected]> > Subject: [Pauldotcom] Sample Security Policy? > To: "PaulDotCom Security Weekly Mailing List" <[email protected]> > Date: Friday, October 2, 2009, 11:24 PM > > Hi All, > > I have a 'demo' network made up of HW from different > vendors. Each > vendor wants to VPN in to their equipment. All the > equipment (which has > pretty much no security) is linked together by a switch > (which also has > pretty much no security...not my doing). > > I want to draft a security policy for the vendors to sign > prior to > connection releasing 'my employer' from liability should > one vendor's > VPN client get infected as a result of another vendor's VPN > client. > (i.e. using the demo network as a bridge) > > Anyone know where I can find sample security policies > (hopefully not 10s > of pages long) which may include such type clauses > (releasing all > liability)? > > Thanks. > > ---------------------------------------- > David A. Gershman > [email protected] > http://dagertech.net/gershman/ > "It's all about the path!" --d. gershman > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
