General discussion

Locked

Network Security Forms/Process?

By Techie LL ·
I'm attempting to create a network security form for our users in which their supervisors will have to specify what part of the network that the user is allowed to be in. Also, as to process wise, I am trying to integrate this with our MAC (Moves, Adds, Changes)process. I would like our HR dept to be involved somehow so that when the employee leaves the company, we will know what parts of the network that user had access to, and terminate it. What are ways in which other companies have implemented this?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -
by OldChewie In reply to Network Security Forms/Pr ...

We created the form in Adobe Acrobat and have a link to it on our Intranet page. The form has to be signed by the immediate supervisor and by the facility security co-ordinator. Attached to the form is the security agreement so it is signed at the same time.

The form also has check boxes for the admins to track the process and places for userIDs and admin's initials.

We file the forms alphabetically in IS and HR lets us know of terminations.

Email me and I'll reply with the file.

Collapse -

One of your best bets...

by LordInfidel In reply to Network Security Forms/Pr ...

It sounds like what you are trying to do is noble in theory. But I would never trust HR to know what areas people have access to.

This is the way I do it on my network.

Network Security is seperate from all other branches. When someone needsaccess to an area, that areas "owner" has to approve that persons access.

All areas are put into groups. The old adage; never assign permissions to users always use groups, holds true here.

By using the group method, you will be able to quickly see what areas that person had access to. (NT using Usr mgr and looking at group membership)

I know that it can get cumbersome sometimes by having lot's of different groups. But it will beat trying to discect what files/folders this person hadaccess to. You will also find it easy to manage since if you need to give someone else access to the same area, just add them to that group.

I have my HR dept trained to where when someone is about to either leave/fired. Before that employee goes to see HR, I am notified. I can then begin to disable their access quickly.

Knowing what machine they are at also helps out to. Especially when you need to remotely shutdown their machine to avoid any damage when they are about to get canned.(This also avoids confrontation between IT and users)

Just some tips.

Back to IT Employment Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums