Network Access Control Sample Clauses

Network Access Control. The VISION Web Site and the Distribution Support Services Web Site (the “DST Web Sites”) are protected through multiple levels of network controls. The first defense is a border router which exists at the boundary between the DST Web Sites and the Internet Service Provider. The border router provides basic protections including anti-spoofing controls. Next is a highly available pair of stateful firewalls that allow only HTTPS traffic destined to the DST Web Sites. The third network control is a highly available pair of load balancers that terminate the HTTPS connections and then forward the traffic on to one of several available web servers. In addition, a second highly available pair of stateful firewalls enforce network controls between the web servers and any back-end application servers. No Internet traffic is allowed directly to the back-end application servers. The DST Web Sites equipment is located and administered at DST’s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. All services and functions within the DST Web Sites are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Sites are disabled, except those ports required to transfer files. All “listeners,” other than listeners required for inbound connections from the load balancers, are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated.
AutoNDA by SimpleDocs
Network Access Control. A computer referred to as a “router” is located between the Internet backbone connection and the DST Web server. The purpose of the router is to control the connectivity to the DST Web server at the port level. This equipment is located at DST’s Winchester data center, but it is administered and maintained by an independent firewall provider. Changes to the systems residing on this computer are submitted to the firewall provider for remote administration. DST is advised by its current firewall provider that this equipment will not interrogate data, and that its only function is to limit the type of traffic accessing the DST Web server to the suite of Hyper-Text Transfer Protocols (“HTTP”) transmissions. Ports on the router are configured to be consistent with ports on the DST Web server. DST is advised by its current firewall provider that all other ports on the router other than those configured for the DST Web server are not accessible from the Internet. The DST Web server utilizes a UNIX operating system. All services and functions within the DST Web server operating system are deactivated with the exception of services and functions which support HTTP. This is the required service for HTML content which is what the FAN Transactions are based upon. The general purpose of this feature is to prevent external users from entering UNIX commands or running UNIX based processes on the DST Web server. All ports on the DST Web server, except those required by FAN (the ports accessed through the fire wall provider’s router), are disabled. All “listeners” are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated. DST administrators gain access to the DST Web server through the physical console connected to the DST Web server, or through the internal network via DST Secure ID. FAN also incorporates a data mapping system referred to as the “CICS Mapper”. The function of the CICS Mapper is to perform data packaging, security interrogation, and protocol conversion. Data received by the CICS Mapper from the DST Web server is interrogated for authenticity, repackaged for the DST TA/2000 mainframe system, and protocols are converted for communication. The CICS Mapper is programmed to terminate the session/Transaction between the shareholder and FAN Web if data authentication fails. Alerts are provided to system administrators upon termination.
Network Access Control. A computer referred to as a “firewall” is located between the Internet backbone connection and the Internet accessible application hosting equipment (“web servers”). The purpose of the firewall is to control the connectivity to the web servers at the port level. This equipment is located in a secure and environmentally controlled data center. Changes to the configuration of this computer are administered by authorized ALPS’s IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the web servers to the suite of hyper-text transfer protocols (“HTTP”) transmissions. Ports on the router are configured to be consistent with ports on the web servers. All other ports on the router other than those configured for the web servers are not accessible from the Internet. The web servers utilize adequate and appropriate software and hardware. All services and functions within the web servers’ operating system are deactivated with the exception of services and functions which support AVA. The general purpose of this feature is to prevent external users from entering commands or running processes on the web servers. All ports on the web servers, except those required by AVA, are disabled. Directory structures are “hidden” from the user. Services that provide directory information are also deactivated. ALPS’s administrators gain access to the web servers through a directly connected physical console or through the internal network via ALPS Secure ID. AVA is programmed to terminate the session/transaction between the shareholder and the application if data authentication fails. All successful and unsuccessful sessions are logged.
Network Access Control. A computer referred to as a “firewall” is located between the Internet backbone connection and the Internet accessible application hosting equipment (“web servers”). The purpose of the firewall is to control the connectivity to the web servers at the port level. This equipment is located in a secure and environmentally controlled data center. Changes to the configuration of this computer are administered by authorized ALPS’ IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the web servers to the suite of hyper-text transfer protocols (“HTTP”) transmissions. Ports on the router are configured to be consistent with ports on the web servers. All other ports on the router other than those configured for the web servers are not accessible from the Internet. The web servers utilize adequate and appropriate software and hardware. All services and functions within the web servers’ operating system are deactivated with the exception of services and functions which support TA Web or AVA. The general purpose of this feature is to prevent external users from entering commands or running processes on the web servers. All ports on the web servers, except those required by TA Web or AVA, are disabled. Directory structures are “hidden” from the user. Services that provide directory information are also deactivated. ALPS’ administrators gain access to the web servers through a directly connected physical console or through the internal network via ALPS Secure ID. TA Web and AVA are programmed to terminate the session/transaction between the shareholder and the application if data authentication fails. All successful and unsuccessful sessions are logged.
Network Access Control. A computer referred to as a “firewall router” is located between the Internet backbone connection and the ALPS Web server. The purpose of the router is to control the connectivity to the ALPS Web server at the port level. This equipment is located at ALPS’ Denver data center. Changes to the configuration of this computer are administered by authorized IT staff. This equipment will not interrogate data, and its only function is to limit the type of traffic accessing the ALPS Web server to the suite of Hyper-Text Transfer Protocols (“HTTP”) transmissions. Ports on the router are configured to be consistent with ports on the ALPS Web server. All other ports on the router other than those configured for the ALPS Web server are not accessible from the Internet. The ALPS Web server utilizes adequate and appropriate software and hardware. All services and functions within the ALPS Web server operating system are deactivated with the exception of services and functions which support TA Web. The general purpose of this feature is to prevent external users from entering commands or running processes on the ALPS Web server. All ports on the ALPS Web server, except those required by TA Web, are disabled. Directory structures are “hidden” from the user. Services that provide directory information are also deactivated. ALPS administrators gain access to the ALPS Web server through the physical console connected to the ALPS Web server, or through the internal network via ALPS Secure ID. TA Web is programmed to terminate the session/Transaction between the Shareholder and TA Web if data authentication fails. All successful and unsuccessful sessions are logged.
Network Access Control. A computer referred to as a “firewall router” is located between the Internet backbone connection and the ALPS IVR Processing server. The purpose of the router is to control the connectivity to the server at the port level. This equipment is located at ALPS’ Denver data center. Changes to the configuration of this computer are administered by authorized IT staff. Ports on the router are configured to be consistent with ports on the ALPS IVR Processing server. Access to the IVR Processing server is blocked from all areas outside the ALPS network. The ALPS IVR server utilizes a standard operating system. All services and functions within the operating system are deactivated with the exception of services and functions that support TA IVR. The general purpose of this feature is to prevent external users from entering commands or running processes on the ALPS IVR server. All ports on the ALPS IVR server, except those required by TA IVR, are disabled. Directory structures are “hidden” from the user. Services that provide directory information are also deactivated. ALPS administrators gain access to the ALPS IVR server through the physical console connected to the ALPS IVR server.
Network Access Control i. Contractor’s users shall only be provided with access to the services that they have been specifically authorized to use; ii. Contractor has implemented appropriate authentication methods to control access by remote users; iii. Contractor has segregated groups of information services, users, and information systems on networks; iv. For shared networks, especially those extending across Contractor’s boundaries, Contractor has restricted the capability of users to connect to the network, in line with Contractor’s access control policy; and v. Contractor has implemented routing controls for networks to ensure that computer connections and information flows do not breach Contractor’s access control policy.
AutoNDA by SimpleDocs
Network Access Control. Access to internal, external, Provider and public network services that allow access to Supplier Information Processing Systems shall be controlled. Supplier will: (a) Ensure that current industry best practice standard authentication mechanisms for network users and equipment are in place and updated as necessary; (b) Ensure electronic perimeter controls are in place to protect Supplier Information Processing Systems from unauthorized access; (c) Ensure a stateful firewall is in place for each Internet connection and between any DMZ and the Intranet. Firewalls shall be configured to deny all traffic except the traffic that is required for business reasons. (d) Ensure authentication methods are used to control access by remote users; (e) Ensure physical and logical access to diagnostic and configuration ports is controlled; and (f) Ensure wireless implementations are only used if required for business reasons, put into practice WPA, WPA2, 802.11i or a superseding standard and must not use WEP.
Network Access Control. A device referred to as a “firewall” is located between the Internet and the collection of electronic documents or pages residing on DST’s computer system, linked to the Internet and accessible through the World Wide Web, where the data fields and related screens provided by DST may be viewed by Users who access such site (“DST Web Site”). The purpose of the firewall is to control connectivity to the DST Web Site at the port level. This equipment is located and administered at DST’s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. DST is advised by its current firewall provider that this equipment will not interrogate data, and that its only function is to limit the type of traffic accessing the DST Web Site. Ports on the firewall are configured to be consistent with ports at the DST Web Site. All services and functions within the DST Web Site are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Site are disabled, except those ports required to transfer files. All “listeners” are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated.
Network Access Control. Access to internal, external, Provider and public network services that allow access to Provider Information Processing Systems shall be controlled. Provider will: 9.3.1 Ensure that current industry best practice standard authentication mechanisms for network users and equipment are in place and updated as necessary. 9.3.2 Ensure electronic perimeter controls are in place to protect Provider Information Processing Systems from unauthorized access. 9.3.3 Ensure a stateful firewall is in place for each Internet connection and between any DMZ and the Intranet. 9.3.4 Firewalls shall be configured to deny all traffic except the traffic that is required for business reasons. 9.3.5 Ensure authentication methods are used to control access by remote users. 9.3.6 Ensure physical and logical access to diagnostic and configuration ports is controlled.
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!