Security Policy

 A security policy is a formal statement of the rules by which people who are given access to
an organization’s technology and information assets must abide.

There are several forms of security policies such as:

Computer security policy
Information security policy
Network security policy

Computer security policy

A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure. These formal policy models can be categorized into the core security principles of: Confidentiality, Integrity and Availability.

Information security policy

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.

Network security policy

A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document itself is usually several pages long and written by a committee. A security policy goes far beyond the simple idea of "keep the bad guys out". It's a very complex document, meant to govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groups of individuals throughout the company.

References 
http://en.wikipedia.org/wiki/Security_policy 
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html

Common Networking Attacks Threats and Solution

Common Networking Threats

1. DOS(Denial of Service) attack

2. Password attack

3. IP Spoofing

Solutions

1. DOS attack

As the name suggests, DOS attacks denies authorized people from using a service by using up system       resources. DOS attackers target sites or services hosted on high-profile web servers such as banks and credit card companies. One method involves over flooding the target machine with external communication requests.

When the DOS Attacker sends many packets of information and requests to a single network adapter, each computer in the network would experience effects from the DOS attack. Threat of DOS attacks can be reduced by three methods- anti spoof features, anti-DOS features and traffic rate limiting.

2. Password attack

There are several different methods of password attack- brute force,dictionary, Trojan horse programs, IP spoofing and packet sniffers. For example L0phtCrack can take the hashes of passwords and generate the clear text passwords from them. Passwords are computed using two different methods which are dictionary cracking and and brute force computation. Some solutions would be to not allow users to use the same password on multiple systems, disabling accounts after a certain number of unsuccessful login attempts and also using strong passwords where the passwords are at least eight characters long, contains both uppercase and lower case characters and contains numbers and characters.

3. IP Spoofing

IP Spoofing occurs when a hacker inside or outside a network impersonates the conversation of a trusted computer. IP Spoofing is done to insert malicious data or commands into an existing stream of data. The two general techniques are, a hacker uses an IP address that is within the range of trusted IP addresses and a hacker uses an authorized external IP address that is trusted. To reduce the occurrence of IP Spoofing, proper configuration of your access control is the most important.  You can also prevent users of your network from spoofing other networks  and be a good network citizen by preventing any outbound traffic on your network that does not have a source adress in your organization's own IP range.

References 
http://www.bangkokpost.com/tech/computer/34952/today-10-most-common-security-threats-on-the-net 
http://ayurveda.hubpages.com/hub/Types-of-Network-Attacks