"INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGEhuman rights, whether civil or proprietary, copy right infringement, private businesssolicitations, and the unauthorized download of college financial or business relateddata not covered in the scope of an individual’s prescribed responsibilitiesAn Antivirus Management Service is a fundamental system, essential to the preventionof viruses, worms, Trojans, and other forms of malware.College utilizes the SymantecEndpoint Protection for Businesses suite, which also provides defense against root kits,phishing attempts, and utilizes new SONAR technology that can detect virus behaviorsprior to file execution.(Kirsch, 2014) Each college workstation, both wired and wireless,have locally installed antivirus applications which provide real-time protection againstmalware.New installations and updates are pushed out across the network via theRemote Management Server as seen in fig X-X.The ability to locally install antivirussoftware packages and disseminate internally saves college bandwidth, time, andmoney.3. Standards and procedures3.1. Access to the Virtual HostThe virtual hosting servers are using different IP addresses for each and every websiteand when a user will access a website then an IP address will be allocated to that URLfor further communication. Before the implementation of the Server Name Indication astatic IP was used for each URL and some time the browsers were unable to identifythe secure sessions and the digital certificate was not generated by the browsers toensure the connection accuracy. And due to this problem the users were not awareabout the session security; because some time the third party was looking to hijack thatsession do get access of different vital information’s of the users. In other words we cansay that the old TLS protocol version was not providing the digital Signed certificationdue to the one allocated IP address from the domain server. To overcome this problem, Server Name Indication feature was added in the TransportLayer Security Protocol. Now the web browsers can easily generate the digital signedsecurity certificates for authorized and authenticated communication sessions with thePage 5 of 16 INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGEdomain host. Hence, we can say that the Server Name Indication is very helpful forsecure and reliable communication with the virtual host servers.3.2. Identification of the connectionAnother main problem which is making our communication more insecure and non- reliable is the connectivity of the browser with other session without the permission ofthe users. And due to this problem the hackers and other third party can take over thesession and the user is not aware about this problem. For example, when a user willenter URL of a particular website, then the browser will connect the user with thehosting server and some time the session is not well directly. To ensure that thebrowser is connected with the user required site, Server Name Indication is checkingout the Security Certificate and this certificate will also highlight the confidentiality of thecertificate will allow the user to verify the session connectivity, because this certificate isgenerated by the authenticated authorities and this certificated is provided by the root ofthe site. In other words we can say that the root of the site will carry a digital signed securitycertificate and this certificate will be signed by the attested authority of the site. Thebrowser will show up this certificate if this browser will connected with the required andauthenticated site. Server Name Indication is responsible for verifying this securitycertificate.4. Organization/types of contentInformation security policies are very important for different working environments andalso these policies are also varying organization to organization. These informationsecurity policies complete depends upon the audience (Employees of the organization)who will use or follow these policies. Also our security policies depends upon thebusiness size and business type of the organization. In other words we can say thatwhen we want to develop, design and implement the security policies then we need tokeep in mind different parameters and factors for security and successful informationsecurity policies. In other words we can say that information security policies arePage 6 of 16 INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGEproviding different steps, rules or a framework which need to be followed in theorganization by staff or employees of the organization. The information security policies are very important for different organizations andenvironments. Basically we need to develop different strategies for employees of theorganization to do work. Like which information they need to share outside theorganization and which information is very secure. Information security policies are thebackbone for business process and working, because we need to follow all the rulesand regulations of the organization and information security policies are proving all theguidelines for secure information sharing and communication between the employeesand management.? ProtectionInformation security policies are used to protect the information and employee (people),because information security policies provide all the detailed information for working andprotection the information within the organization. ? Setting of RulesInformation Security Policies are providing complete rules for user, workers,administrators, employees and management of the organizations. In other words wecan say that by using information security policies we can set working behaviors fordifferent peoples within the organization. ? RiskAnother importance of information security policy is the risk management. By usingthese policies we can reduce the risk of loss, risk of security etc. In other words we cansay that by using information security policies we can minimize different types of riskswithin the organization. ? Complete security frameworkInformation security policy provide a complete infrastructure or framework to establishall the security measures within the organization like the strictness of the collegeregarding security, rules and regulations, authorities, legal and legislative issues andPage 7 of 16 INTERNET/INTRANET SOLUTION FOR EASTERN BAY COLLEGEproblems etc. All these kind of issues are solved by using the information securitypolicies framework.? Policies, procedures, guidelines and practicesWhen we look at the policies of any college then we come to know that the policies arethe total working procedure of business by using these policies we need to do our workand share the information within and outside the college. In other words we can say thatthe policies are the key players in the management of the college. These policies areset by the college management to fulfil the requirements and business targets. We staffand employees are directed to strictly follow the policies of the college. We can alsodefine polices in the way of rules and regulations.On the other hand procedure will define some steps to do a specific task or work likehow we need to manage and record the shipping of different products. For this purposewe need to define a procedure like first of all check out the demand and then check outthe preparation the shipment and then by using different ways send the requiredshipment to the destination address. Guidelines are some basic or general steps to do any task in the environment of acollege, like timings, meeting schedules, individual responsibilities for specific work etc. The practices are totally different from the policies of the college. In general we can saythat daily working in the college is called practices and these practices can vary frompeople to people depending upon the individual’s responsibilities. In other words we cansay that practices are related to the individual behaviors within the college or we cansay that how the employees are working in the college. The routine and regular workingof the employees is called the practice. 5. Discussion of and reasons for choice of OS and web serversoftwareThe advantages and efficient working can also carry some problems and issues. Here,Server Name Indication is making some ambiguities for the security of thecommunication session. Basically, the Server Name Indication is working on thePage 8 of 16 "