1. Purpose
This document establishes security configuration requirements for network devices, including firewalls, switches, routers, and wireless access points, to protect against unauthorized access, data breaches, and system vulnerabilities.
2. Scope
This policy applies to all network devices used within Speak AI Inc.'s infrastructure, including on-premises and cloud-based environments.
3. Hardening Requirements
3.1 General Security Configuration
All network devices must run the latest stable firmware and software versions.
Default credentials must be changed before deployment.
Unused services and protocols must be disabled to reduce attack surfaces.
3.2 Authentication & Access Control
Unique administrator credentials must be assigned to each network device.
Multi-Factor Authentication (MFA) must be enabled where supported.
Role-based access control (RBAC) must be implemented to restrict permissions based on job responsibilities.
Remote management interfaces must be restricted to authorized personnel and require encrypted connections (e.g., SSH, HTTPS).
3.3 Patch Management & Updates
Security patches and firmware updates must be applied within 30 days of release, subject to internal testing.
Automated vulnerability scans must be conducted regularly to identify outdated or vulnerable network device configurations.
3.4 Firewall & Traffic Control
All firewall rules must be documented and reviewed periodically.
Default-deny rules must be enforced to block all traffic except explicitly allowed connections.
Intrusion detection and prevention systems (IDS/IPS) must be configured to monitor network traffic for anomalies.
3.5 Logging & Monitoring
Network device logs must be collected, stored securely, and retained per the Records Retention Policy.
Automated alerts must be configured for unauthorized access attempts, configuration changes, and other security-relevant events.
Regular audits must be conducted to verify compliance with logging requirements.
3.6 Encryption & Secure Communication
Network traffic between devices must be encrypted using industry-standard protocols (e.g., TLS, IPsec, WPA3 for wireless networks).
Secure network management protocols (e.g., SNMPv3, SSH) must be used instead of insecure alternatives (e.g., SNMPv1/v2, Telnet).
3.7 Wireless Security
Wireless access points must enforce WPA3 encryption (or WPA2 if WPA3 is unavailable).
Guest wireless networks must be logically separated from internal networks.
MAC address filtering and network segmentation must be implemented for enhanced security.
4. Compliance & Enforcement
Network devices must be configured following these standards before being deployed.
Periodic security assessments must be performed to ensure adherence.
Non-compliant devices must be remediated immediately or removed from the network.
5. References & Supporting Documents
Speak AI Network Security Policy: https://help.speakai.co/en/articles/9363486-network-security-policy
Speak AI Vulnerability Management Policy: https://help.speakai.co/en/articles/9369290-vulnerability-management-policy
Speak AI Access Management Policy: https://help.speakai.co/en/articles/9363448-access-management-policy
6. Contact Information For questions or concerns regarding network device security, please contact [email protected].
This policy is subject to periodic review and updates to align with evolving security best practices and industry regulations.