IDS Setup and Operations

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1      Abstract

This document covers the operation of a distributed intrusion detection system.
This manual contains the following:
Chapter 2 Intrusion Detection Procedure
A short introduction to Intrusion detection technology, the procedure around the operations, and follow-up action regarding how to record and keep trace the incident.
Chapter 3 Intrusion Detection
This chapter describes the principles and working of an Intrusion Detection system.
Chapter 4 Component Description
This chapter describes the setup of the different components used in the secure setup.
The central management server will be responsible for the management of all the components.
Chapter 5 Network Setup
The network setup describes how the different components can be placed securely in a site’s network. This is done with centralized management, log consolidation and secure communications between the systems.
Chapter 6 Snort: -Installation, Configuration and Maintenance
This chapter describes the initial installation and configuration and the periodic maintenance.
Chapter 7 Analysis of the results
Analysis of the results obtained through the different IDS sensors have to be analyzed to be useful for the site. This chapter describes the usage of the Analysis Console for Intrusion Databases (ACID)
Chapter 8 Conclusion
This chapter contains the final conclusions of this paper. Read More

The General Business Principles

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求)

Introduction
Underpinning the company commitment to responsible corporate citizenship and the pursuit of a sustainable future – economic, social and environmental – the General Business Principles set out guiding principles on integrity and ethics in business conduct. They govern The company’ business decisions and actions throughout the world and apply equally to corporate actions and to the behavior of individual employees in conducting the company business. They are subject to applicable laws.
The General Business Principles are not all-encompassing, but formulate minimum requirements of behavior. They leave product divisions and country management free to specify further local rules of business conduct. To drive the practical deployment of the General Business Principles, a set of GBP Directives have been published, which are applicable to all employees. There are also separate Directives, which apply to specific categories of employees, such as the Financial Code of Ethics and the Purchasing Code of Ethics. The GBP Directives and the category-specific Directives form an integral part of the General Business Principles (jointly be referred to as ‘GBP’). The General Business Principles, which have been adopted by the Board of Management and approved by its Supervisory Board, are reviewed on a regular basis and revised if necessary. Read More

公司經營原則

by Posted in 1. IT Service Mgt (服務管理), 1.1 IT Strategic and Service (策略及服務)

前言

爲鞏固公司作爲一家負責任的企業公民以及在經濟、社會及環境方面追求持續發展的承諾,本總體經營原則闡明了在經營行爲上誠實正直、合乎道德的指導原則。它控制全球公司的經營決定和行爲,也同樣適用于監督集團行爲和經營活動中員工的個人行爲。本原則應依從當地國家適用的法律。本總體經營原則並非涵蓋全部,而僅制定了最基本的行爲要求。這些原則讓各産品部門和地區管理層自由確定更詳細的地方經營行爲規則。爲推動總體經營原則的實際實施,已發行了一套GBP指導(GBP Directives),適用於全體員工。還有適用于特殊類別人員的分別指導,例如:財務人員道德守則(Financial Code of Ethics)及採購人員道德守則(Purchasing Code of Ethics)。GBP指導和特殊類別指導是總體經營原則的一部分(合稱“GBP”)。本總體經營原則由管理層通過並由監示會批准,定期審核並在需要時作出修改。 Read More

BUSINESS CONTINUITY PLAN for ERP & SFC APPLICATION

by Posted in 1. IT Service Mgt (服務管理), 1.1 IT Strategic and Service (策略及服務), 3. IT Application (應用軟件), 3.1 ERP System (資源管理) Tagged

1.        Purpose

Company relies extensively on large and complex information systems for its daily operations and value creating processes. Disruption of these systems will have serious negative implications for our business. The purpose of this document is to outline the set of appropriate policies and procedures that is necessary for the management of system disruption scenarios that potentially affect our most critical information systems. This procedure allows us to minimize the impact of disruption to our most critical systems and to restore the systems to full functionality in an efficient and effective way. Read More

IT EQUIPMENT MANAGEMENT PROCEDURE

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理)

1.        Purpose

Information technology related equipment should be properly management (e.g. re-used or disposed) once they reach they reach the end of their life-cycle, as otherwise piles of hardware unnecessarily take up office or storage space. The IT equipment management procedure addresses this issue by providing a guideline in the disposal and/or re-use of IT hardware. Read More

IT Role & Responsibility Procedure Document

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理)

1.        Purpose

In order to achieve its objectives, the IT department of the company requires to be well organized as well as staffed with disciplined and skilled members. These professionals should be matched to appropriate positions in the organizational structure in order to ensure both organizational efficiency and personal development. The IT’ Roles and Responsibility Procedure provides an overview of the IT organization and its members, as well as their corresponding roles and the teams to which they belong. Read More

ERP (MFGPro) Disaster Recovery Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作), 3. IT Application (應用軟件), 3.1 ERP System (資源管理) Tagged ,

1.        Purpose

The objective of this plan is to provide a guideline to the organization to continue managing the business through MFGPro and to minimize the disturbance to manufacturing operations in the event that the MFGPro system is totally unavailable and cannot be recovered within 48 hours.

The service provided during the disaster recovery is of survival nature, may not extend to every user, and may require end-users to re-enter the backlog transactions at the commencement of the disaster recovery and at re-starting of the normal operation.

The recovery option will be varied in nature depending on the cause of the outage. This may require set-up of LAN server, secondary processing center, etc. Read More

Hardware and Software Purchasing Procedure

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理) Tagged

1.        Purpose

The purchasing of IT related hardware and software must be strictly regulated in order to ensure that company standard-compliant hardware and software are purchased and installed (non-company standard hardware and software require additional approval), and (2) expenditures for hardware and software do not exceed the allocated budget. Company Hardware and Software Purchasing Procedure addresses this issue by providing a guideline to users, IT staff, and Purchasing staff in purchasing IT related hardware and software according to corporate standards. Read More

Windows and UNIX Security Configuration and Patch Update Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作)

1.        Purpose

Ensuring the continuity of systems that are responsible for hosting the company’s business applications is regarded as of vital importance to our sustained competitiveness. Not only should these systems be protected against the obvious external threats, such as viruses and hackers, they should also be secured against potential, and possibly more dangerous internal “threats”. The rule is that employees should never have more privileges than is necessary for their functions. This issue can be addressed by proper configuration of the systems. Configuration of systems, however, only provides a basic security level. Adapting to the dynamic IT environment requires continuous updating through service packs, hotfixes, and security patches. Figure 1. illustrates this concept. Read More

Server Room Security Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作)

1.        Purpose

Many large enterprises employ numerous servers to support their needs. These servers, hosting a business’ most critical applications, are often physically stored at one single location within the enterprise. This concept, commonly referred to as a server farm, provides the benefits of centralized control and management. Nevertheless, this approach has its inherent weaknesses as a collection of servers are more vulnerable to physical damage than distributed servers. This issue, however, can be properly addressed by appropriate security measures. The Company IT’s Server Room Security Procedure addresses the issue and provides policy guidelines necessary to sustain server operations. Read More