Network Access Control. The VISION Web Site and the Distribution Support Services Web Site (the “DST Web Sites”) are protected through multiple levels of network controls. The first defense is a border router which exists at the boundary between the DST Web Sites and the Internet Service Provider. The border router provides basic protections including anti-spoofing controls. Next is a highly available pair of stateful firewalls that allow only HTTPS traffic destined to the DST Web Sites. The third network control is a highly available pair of load balancers that terminate the HTTPS connections and then forward the traffic on to one of several available web servers. In addition, a second highly available pair of stateful firewalls enforce network controls between the web servers and any back-end application servers. No Internet traffic is allowed directly to the back-end application servers. The DST Web Sites equipment is located and administered at DST’s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. All services and functions within the DST Web Sites are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Sites are disabled, except those ports required to transfer files. All “listeners,” other than listeners required for inbound connections from the load balancers, are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated.
Network Access Control. A computer referred to as a “firewall” is located between the Internet backbone connection and the Internet accessible application hosting equipment (“web servers”). The purpose of the firewall is to control the connectivity to the web servers at the port level. This equipment is located in a secure and environmentally controlled data center. Changes to the configuration of this computer are administered by authorized ALPS’s IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the web servers to the suite of hyper-text transfer protocols (“HTTP”) transmissions. Ports on the router are configured to be consistent with ports on the web servers. All other ports on the router other than those configured for the web servers are not accessible from the Internet. The web servers utilize adequate and appropriate software and hardware. All services and functions within the web servers’ operating system are deactivated with the exception of services and functions which support AVA. The general purpose of this feature is to prevent external users from entering commands or running processes on the web servers. All ports on the web servers, except those required by AVA, are disabled. Directory structures are “hidden” from the user. Services that provide directory information are also deactivated. ALPS’s administrators gain access to the web servers through a directly connected physical console or through the internal network via ALPS Secure ID. AVA is programmed to terminate the session/transaction between the shareholder and the application if data authentication fails. All successful and unsuccessful sessions are logged.
Network Access Control. A computer referred to as a “firewall router” is located between the Internet backbone connection and the ALPS IVR Processing server. The purpose of the router is to control the connectivity to the server at the port level. This equipment is located at ALPS’ Denver data center. Changes to the configuration of this computer are administered by authorized IT staff. Ports on the router are configured to be consistent with ports on the ALPS IVR Processing server. Access to the IVR Processing server is blocked from all areas outside the ALPS network. The ALPS IVR server utilizes a standard operating system. All services and functions within the operating system are deactivated with the exception of services and functions that support TA IVR. The general purpose of this feature is to prevent external users from entering commands or running processes on the ALPS IVR server. All ports on the ALPS IVR server, except those required by TA IVR, are disabled. Directory structures are “hidden” from the user. Services that provide directory information are also deactivated. ALPS administrators gain access to the ALPS IVR server through the physical console connected to the ALPS IVR server.
Network Access Control i. Contractor’s users shall only be provided with access to the services that they have been specifically authorized to use;
Network Access Control. Access to internal, external, Provider and public network services that allow access to Supplier Information Processing Systems shall be controlled. Supplier will:
Network Access Control. The design of the Flo Recruit’s internal and external networks demonstrates a commitment to secure networking. The design is documented and updated as needed. External connections are managed carefully; connections to networks for third parties are created after security due diligence has been completed.
Network Access Control. Only authorised IT staff must have access to network equipment, configuration and software.
Network Access Control. Access to internal, external, and public network services that allow access to Information Processing System(s) will be controlled. In order to mitigate the risk of unauthorized access, TRUECAR will:
Network Access Control. Access to internal, external, Provider and public network services that allow access to Xxxxx.xxx Information Processing Systems shall be controlled. Xxxxx.xxx will:
Network Access Control. The IT department is responsible for ensuring that network access is granted in accordance with access policy. Users should only have access to the services they are authorised for. The access to privileged accounts and sensitive areas should be restricted. Users should be prevented from accessing unauthorised information.