1.0 Purpose

One of Roboto Studio’s objectives is to secure all networks under its control from intrusions and to provide and maintain the security of Roboto Studio’s infrastructure and data. This policy provides guidelines to ensure the availability and reliability of all resources owned by Roboto Studio.

2.0 Scope

This policy applies to all network infrastructure, both physical and virtual, owned and/or managed by Roboto Studio. This policy shall apply to the entire network infrastructure, including design, installation, testing, support and management.

3.0 Policy

Roboto Studio shall define a baseline for network configurations between different systems and maintain an inventory of network devices and access points. Roboto Studio’s network and infrastructure shall be secured against intrusions and network failures that would affect the confidentiality, availability and integrity of its information and information assets. If connecting to third-party networks, connections between Roboto Studio and the third party (vendors, customers and subsidiaries) should be provided after a formal risk assessment and authorization. Roboto Studio’s networks shall be segregated from external networks by resources (firewalls, security groups, network access-control lists (ACLs), etc.) that allow Roboto Studio’s staff to apply rules to determine which network traffic to allow.

3.1 Network Data Security

Appropriate encryption and authentication methods should be used to transmit any data traversing an untrusted network or the internet. Use currently accepted protocols and standards for all network traffic. Any protocols and standards considered obsolete should not be used, and any resources using obsolete protocols should be upgraded.

3.1.1 Sensitive Data

Appropriate encryption and authentication methods should be used for the transmission of sensitive data (including personal information). VPNs (Virtual private networks) or SSH (Secure Shell) tunnels to remote servers shall be used to ensure greater security during transmissions.

3.1.2 Replay-resistant Techniques

Appropriate controls must be implemented to avoid successful authentication by replaying previous sessions.

3.2 Network Security Management

Infrastructure owned and managed by Roboto Studio must be configured securely and designed to secure network traffic between trusted and untrusted network zones. Every network resource used in Roboto Studio’s network shall be appropriately configured and meet the security requirements for their individual purposes. Use internal/private subnets and public subnets or DMZs (demilitarized zones) appropriately. All traffic and protocols should be expressly denied except for those necessary for business purposes. Roboto Studio’s network shall be isolated from any unsecured networks, the internet and third-party networks through controls such as firewalls, security groups and ACLs. In addition, intrusion detection and prevention systems should be in place to monitor and alert on unusual activity. All established network sessions must be terminated after a period of inactivity. Appropriate controls must be implemented to prevent the development, acquisition and introduction of unacceptable mobile code within organizational systems. Establish usage restrictions and implementation guidance for acceptable mobile code and mobile code technologies. Authorize, monitor and control the use of mobile code within the information system. User access to Roboto Studio’s network shall adhere to the principle of least privilege. Privileged access shall be restricted to dedicated resources that are separated from Roboto Studio’s primary network and unable to access the internet. Installation of software on Roboto Studio’s network devices shall be restricted to only those that are authorized and necessary.

3.3 Remote Access

All remote access to Roboto Studio’s assets shall be managed and monitored. All remote access shall be encrypted and use currently accepted encryption protocols.

3.4 Third-Party Interconnection

There shall be a third-party agreement with vendors, customers or partners before interconnecting with the Roboto Studio network.

3.5 Logging and Monitoring

Logging should be enabled for all network resources, including logging configuration changes. Logs from all network devices shall be collected, reviewed and anomalies reported.

3.6 Set Correct Time and Date

All network device clocks shall be synchronized with the Network Time Protocol (NTP).

3.7 Network Resources Configuration

Network configurations for all infrastructure should be stored in a central repository. The use of Infrastructure-as-Code tools is recommended.

3.8 Physical Router and Switch Security

Physical security and privilege access control measures must be implemented for routers and switches.

3.9 Network Design and Audits

Network design should allow legitimate traffic to flow through the appropriate zones, segments and/or resources.

3.10 Develop and Maintain Expertise

Ensure that network support personnel are adequately trained in implementing and supporting a secured network infrastructure.

3.11 Patching

Network resources shall be patched and updated on a documented, regular and timely schedule.