аЯрЁБс>ўџ /1ўџџџ.џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџьЅС% №П~bjbj%ч%ч "$GG" [џџџџџџlЌЌЌЌЌЌЌРЦЦЦ8ў,РАRR(zzzUUUбгггггг$Ъ ъhїЌUUUUUїУЌЌzzл –УУУU‚ЌzЌzбУUбУ4УїV @ЌЌбzF p•џЕbЧРЦзjM бЂxYxRA‚RбУРРЌЌЌЌйNOAO’s Network Audit Policy 1.0 Purpose The purpose of this document is to set forth a policy regarding network security and vulnerability scanning performed by the CIS Departments of NOAO. CIS shall utilize an assortment of packet, port and application scanners, (such as including Nessus, Snort, Nmap and Ethereal), to perform electronic scans of NOAO’s workstations, servers, networks, routers and/or firewalls or any other network-connected system at NOAO. Audits may be conducted to: Ensure integrity, confidentiality and availability of information and resources. Investigate possible security incidents to ensure conformance to NOAO security policies. Monitor user or system activity where appropriate.. 2.0 Scope This policy applies to all equipment and computing infrastructure that is owned or leased by NOAO or is connected to NOAO’s network infrastructure regardless of ownership. This policy also covers any computer and communications devices that are present on NOAO premises, but which may not be owned or operated by NOAO. CIS will not perform Denial of Service activities without prior notice. 3.0 Policy The CIS Departments of NOAO are hereby authorized to access NOAO network and computer infrastructure for the purpose of performing network security and vulnerability audits. This access may include: User level and/or system level access to any computing or communications device. Access to information (electronic, hardcopy, etc.) that may be produced, transmitted or stored on NOAO equipment or premises. Such access, other than as incidental to normal network and computer maintenance, will require prior approval of the NOAO Director. Access to work areas (labs, offices, cubicles, storage areas, etc.). Access to interactively monitor and log traffic on NOAO networks. 3.1 Outside Networks. In cases where NOAO does not control the network and/or Internet service is provided via a second or third party (such as the University of Arizona), these parties are required to approve scanning in writing if scanning is to occur outside of the NOAO network. By signing this agreement, all involved parties acknowledge that they authorize CIS to use their service networks as a gateway for the conduct of these tests during the dates and times specified. 3.2 Service Degradation and/or Interruption. Network performance and/or availability may be affected by the network scanning. 4.0 Revision History Updated: May 16, 2006 Updated: July 13, 2006 Updated: July 14, 2006 Updated November 19, 2006 Updated December 6, 2006     NOAO Vulnerability Scan Policy Page  PAGE 1 of  NUMPAGES 11111 *фь   $>?@>?@˜™šЬЭЯбмny ‘ ’ ындШдЙдЊдЙ›дЙŒ›д}nд}nд}_дШдШдP_Hhн3ЌfOJPJQJ^JOJPJQJ^JcHdhн3ЌfOJPJQJ^JcHdhо3ЌfHhо3ЌfOJPJQJ^JHhл3ЌfOJPJQJ^JOJPJQJ^JcHdhл3ЌfOJPJQJ^JcHdhk4ГFHhм3ЌfOJPJQJ^J5OJPJQJ\^JOJPJQJ^J5CJOJPJQJ\^J'HhЎLГІ5CJOJPJQJ\^J*бвяA›њјјјјјБjF & FEЦ€мтЇІЗ№F & FEЦ€мтЇІЗ№$a$"}§§›абмeny' A “ ИЖЖЖЖЖЖЖoF & FEЦ€мтЇІЗ№F & FEЦ€мтЇІЗ№ “ • м  Иq*(F & FEЦ€мтЇІЗ№F & FEЦ€мтЇІЗ№F & FEЦ€мтЇІЗ№’ и й к 7 . 2 Œ       / ƒ Œ   Ё !"#%&()+,.NQZ[abcdhїшйїЭУїУїУЭУЭУЭУїЭУїД­ЈЈЈЈї™їŒƒŒuŒfHh{ЃЋ&0JOJQJ^J0JOJQJ^JmHnHu0JOJQJ^Jj0JOJQJU^JOJPJQJ^JcHdh{ЃЋ& jU OJQJ^JHhл3ЌfOJPJQJ^JOJPJQJ\^J5OJPJQJ\^JOJPJQJ^JcHdhн3ЌfHhн3ЌfOJPJQJ^JOJPJQJ^J' 7   2 ƒ Œ Ё З Я ю "$%'(*+-.{§§§§§§§§§§§ИЖЖЖЖЖЖЖЖ§DC$EЦ€л3Ќfhistuvwxyz{}~ьнаЛ …jOьHH OJQJ^J5Hh{ЃЋ&0JOJQJ^JcHdh`,Г&mHnHu5Hhщ3Ќf0JOJQJ^JcHdh`,Г&mHnHu5HhƒВІ0JOJQJ^JcHdh`,Г&mHnHu5Hh`,Г&0JOJQJ^JcHdhk4ГFmHnHu(HhЎLГІ0JOJQJ^JmHnHuj0JOJQJU^JHh{ЃЋ&0JOJQJ^J&jHh{ЃЋ&0JOJQJU^J {|}~§§ИDC$EЦ€л3Ќf 1hАа/ Ар=!А"А# $ %А i8@ёџ8 NormalCJ_HaJmH sH tH <A@ђџЁ< Default Paragraph Font<Z@ђ< Plain TextCJOJQJ^JaJ,, Header  ЦрР!, , Footer  ЦрР!&)@Ђ!& Page Number@ў2@  Balloon TextCJOJQJ^JaJ~ $џџџџ*бвяA›абмeny'A“•м 7  2 ƒ Œ Ё З Я ю " {  ˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜ 0€€˜ 0€€˜ 0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜ 0€€˜ 0€€˜ 0€€˜ 0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€š@0€€ 0 ZZZ]’ h~ ›“ {~ } 8?AFQW]!дџ•€џ•€№8№@ёџџџ€€€ї№’№№0№( № №№B №S №ПЫџ ?№$-1" " $ $ % % ' ( * + - . |    " " $ $ % % ' ( * + - . |  3  ! " " $ $ % % ' ( * + - . Z d h z  џџ Sue Hayes X:\audit.doc–|ф@8џџџџџџџџџM!чBN ЃџџџџџџџџџЄA`x!„їџџџџџџџџџh„а„˜ўЦа^„а`„˜ў.h„ „˜ўЦ ^„ `„˜ў.’h„p„LџЦp^„p`„Lџ.h„@ „˜ўЦ@ ^„@ `„˜ў.h„„˜ўЦ^„`„˜ў.’h„р„LџЦр^„р`„Lџ.h„А„˜ўЦА^„А`„˜ў.h„€„˜ўЦ€^„€`„˜ў.’h„P„LџЦP^„P`„Lџ.h „а„˜ўЦа^„а`„˜ўOJQJo(З№h „ „˜ўЦ ^„ `„˜ўOJQJo(oh „p„˜ўЦp^„p`„˜ўOJQJo(Ї№h „@ „˜ўЦ@ ^„@ `„˜ўOJQJo(З№h „„˜ўЦ^„`„˜ўOJQJo(oh „р„˜ўЦр^„р`„˜ўOJQJo(Ї№h „А„˜ўЦА^„А`„˜ўOJQJo(З№h „€„˜ўЦ€^„€`„˜ўOJQJo(oh „P„˜ўЦP^„P`„˜ўOJQJo(Ї№h „а„˜ўЦа^„а`„˜ўOJQJo(З№h „ „˜ўЦ ^„ `„˜ўOJQJo(oh „p„˜ўЦp^„p`„˜ўOJQJo(Ї№h „@ „˜ўЦ@ ^„@ `„˜ўOJQJo(З№h „„˜ўЦ^„`„˜ўOJQJo(oh „р„˜ўЦр^„р`„˜ўOJQJo(Ї№h „А„˜ўЦА^„А`„˜ўOJQJo(З№h „€„˜ўЦ€^„€`„˜ўOJQJo(oh „P„˜ўЦP^„P`„˜ўOJQJo(Ї№M!чЄA`–|џџџџџџџџџџџџџџџџ                           џ@€€~ P@џџUnknown Sue Hayes Steven Grandibubbamfleming Susan Hayes Steve GrandiџџџџџџџџџџџџG‡z €џTimes New Roman5€Symbol3& ‡z €џArialG€  MS Mincho-џ3џ fg?5 ‡z €џCourier New5& ‡za€џTahoma;€Wingdings"1ˆˆ№аh`,Г&ЏLГІƒВІw[“t№ ДД0dB   3ƒq№мHPџџ Audit Policy Cisco User Sue Hayesўџр…ŸђљOhЋ‘+'Гй0˜ ИФиф№ $ @ L X dpx€ˆф Audit Policyoudi Cisco Useryiscisc Normal.doty Sue Hayesy4e Microsoft Word 9.0@FУ#@ВщќRЧ@Рˆк†_Ч@BeўЕbЧw[ўџеЭеœ.“—+,љЎ0 hpŒ”œЄ ЌДМФ Ь хфCisco Systems, Inc.B   Audit Policy Title ўџџџўџџџ !"#$%ўџџџ'()*+,-ўџџџ§џџџ0ўџџџўџџџўџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџRoot Entryџџџџџџџџ РFpё™џЕbЧ2€1TableџџџџџџџџџџџџRWordDocumentџџџџџџџџ"$SummaryInformation(џџџџDocumentSummaryInformation8џџџџџџџџџџџџ&CompObjџџџџjObjectPoolџџџџџџџџџџџџpё™џЕbЧpё™џЕbЧџџџџџџџџџџџџўџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџўџ џџџџ РFMicrosoft Word Document MSWordDocWord.Document.8є9Вq