Scribd
Upload
87 views7 pages

EPAM WebResourcesAccessWIGLO

This document outlines the regulations for accessing specific categories of web resources from the EPAM corporate network to minimize threats. It details the prohibited web categories, the process for exceptional cases, and the responsibilities of the IT Services Security group. The document is applicable to all devices connected to the EPAM network and is subject to regular reviews and updates.

Uploaded by

maritiy823
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views7 pages

EPAM WebResourcesAccessWIGLO

This document outlines the regulations for accessing specific categories of web resources from the EPAM corporate network to minimize threats. It details the prohibited web categories, the process for exceptional cases, and the responsibilities of the IT Services Security group. The document is applicable to all devices connected to the EPAM network and is subject to regular reviews and updates.

Uploaded by

maritiy823
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Work Instruction

WEB RESOURCES ACCESS

Quality Management System


EPAM_WorkInstruction-576

This document contains privileged and/or confidential information and may not be
Legal Notice: disclosed, distributed or reproduced without the prior written permission of EPAM®.

The document can be shared according to EPAM Regulations Sharing Rules.

CONFIDENTIAL | Effective Date: 07-Nov-2023


Web Resources Access
Document ID: EPAM_WorkInstruction-576

Related Artifacts
Ref. Name
GLO EPAM GLOSSARY
ISP Information Security and Privacy Policy
WIITP Work Instruction: Technical Procurement

Abbreviations and Acronyms


DNS Domain Name System
DoS Denial-of-Service
P2P Peer-to-Peer Service
VPN Virtual Private Network

CONFIDENTIAL | Effective Date: 07-Nov-2023 2


Web Resources Access
Document ID: EPAM_WorkInstruction-576

CONTENTS
1 INTRODUCTION .................................................................................................. 4
1.1 PURPOSE .................................................................................................... 4
1.2 SCOPE ........................................................................................................ 4
1.3 OVERVIEW ................................................................................................... 4
1.4 RELATED DOCUMENTS ..................................................................................... 4
2 WEB CONTENT CATEGORIES UNDER BLOCKING .............................................................. 4
3 OTHER WEB THREATS UNDER BLOCKING ..................................................................... 5
4 FALSE POSITIVE OR EXCEPTIONAL CASES ..................................................................... 5

CONFIDENTIAL | Effective Date: 07-Nov-2023 3


Web Resources Access
Document ID: EPAM_WorkInstruction-576

1 INTRODUCTION
1.1 PURPOSE
The purpose of this document is to define regulations on accessing particular categories of web
resources from the EPAM corporate network.
The work instruction outlines web content categories and other web bottlenecks that have potential
threats to the EPAM infrastructure. The document holds EPAM global regulations and the regulations
that applied to the selected EPAM locations only.

1.2 SCOPE
This work instruction applies to all devices connected to the EPAM network.
The owner and the approver of this document is the Head of Information Security Technology.
The Head of Enterprise Services has a right to approve the document.
The Compliance Assurance Office is responsible for its maintenance and publishing, the IT Services
Security group (WFT IT Services Security) – for its yearly review/update.

1.3 OVERVIEW
The EPAM IT Services Security group (WFT IT Services Security) prevents accessing potentially malicious
web resources from EPAM network and from all EPAM assets.
The restricted access to particular categories of web resources is required to minimize threats to the
EPAM corporate network.
The following web resources are restricted (but not limited to this list) at EPAM and should be blocked:
• Peer-to-peer (P2P) sites including torrents;
• Websites that distribute copyright objects (music, movie, etc.) without the consent of the
copyright holders;
• Pornography websites;
• Key generator and cracking websites;
• Anonymizing sites that avoid any monitoring/tracking network system;
• Unsupported vulnerable sites added to the deny list by the IT Services Security group;
• Cryptocurrency mining websites for personal profit;
• Hacking sites used for infrastructure/application attacks.
It is not allowed to share EPAM provided internet services with 3 rd parties, by Wi-Fi, VPN, EPAM cloud,
or other means.
Company owned devices and personal devices connected to EPAM network may access the Internet via
the corporate networks with restrictions according to this policy.

1.4 RELATED DOCUMENTS


Web resources access regulations are in compliance with the Information Security and Privacy Policy.

2 WEB CONTENT CATEGORIES UNDER BLOCKING


Web resources related to the prohibited categories are blocked by default for all EPAM-owned devices
and any other device accessing the Internet through EPAM infrastructure.
In exceptional cases, a resource categorized as prohibited can be allowed if the following conditions
were met:
• Clearly articulated the project needs;

CONFIDENTIAL | Effective Date: 07-Nov-2023 4


Web Resources Access
Document ID: EPAM_WorkInstruction-576

• The decision of exclusion was made by the IT Services Security team after risk assessment
procedure.
Prohibited categories and full list of categories you may found on KB page:
https://kb.epam.com/x/pN9ARg.

3 OTHER WEB THREATS UNDER BLOCKING


On-premises specialized software and hardware is used to block the following web threats and sites:
• All sorts of malware (viruses, worms) via HTTP protocol;
• All traffic with signs of malicious trojan activity;
• All traffic with signs of network worm activity;
• All traffic with signs of DNS protocol vulnerabilities/incorrect usage, malware using DNS;
• All traffic with signs of known DoS attacking;
• Traffic and communication with non-approved antimalware or antivirus solutions;
• Traffic and communication initiated by not approved Proxy and Anonymizing applications;
• Traffic and communication initiated by not approved Remote connectivity applications.

4 FALSE POSITIVE OR EXCEPTIONAL CASES


If you think that the required website is unduly blocked, you should apply to the EPAM Support Service
Desk. The IT Services Security Infrastructure group (WFT IT Services Infrastructure Security)
investigates incidents with false triggering and after qualification of the proposed web resource could
add it to the whitelist (exclusion list).

CONFIDENTIAL | Effective Date: 07-Nov-2023 5


Web Resources Access
Document ID: EPAM_WorkInstruction-576

REVISION HISTORY
Approved
Ver. Description of Change Author Date
Name Date
0.1 Initial draft Vasili Kisliak 26-Dec-2017
0.2 Reviewed, corrections Aliaksei 26-Dec-2017
Brusiantsou
0.3 Additions & modification Vasili Kisliak 26-Dec-2017
27-Dec-2017
0.4 Security categories; Aliaksei
reaction on false- Brusiantsou
positives
0.5 Additions Vasili Kisliak 27-Dec-2017
0.6 Reviewed, improvements Ivan Tabaravets 28-Dec-2017
0.7 Reviewed, improvements Taras Danilenka 25-Jan-2018
0.8 Refined structure, scope, Vasili Kisliak, 31-Jan-2018
overview section Aliaksei
Brusiantsou
0.9 Additions Vasili Kisliak 08-Feb-2018
1.0 QA review, corrections Valeriy Neumoin 12-Feb-2018 Sergey Sinkevich 13-Feb-2018
1.1 “Security categories Vasili Kisliak, 22-Jun-2018
under blocking” section Aliaksei
added Brusiantsou
2.0 QA Review Viktoryia Hilevich 25-Jun-2018 Miroslav Sklansky 25-Jun-2018
Oleksandr
2.1 Section 1.3 updated 13-Jul-2018
Dmytriyev
(on behalf of
Aliaksei
Brusiantsou)
2.2 New categories added Aliaksei 30-Aug-2018
Brusiantsou
3.0 QA Review Oleksandr 31-Aug-2018 Miroslav Sklansky 17-Sep-2018
Dmytriyev
3.1 Updated Siamion 19-Nov-2018
Rubinshtein
4.0 QA Review Oleksandr 19-Nov-2018 Miroslav Sklansky 05-Dec-2018
Dmytriyev
4.1 Categories removed Siamion 03-Apr-2019
Rubinshtein
5.0 QA review Oleksandr 04-Apr-2019 Miroslav Sklansky 06-Apr-2019
Dmytriyev
5.1 Reviewed, no changes Ruslan Safin 27-Mar-2020
needed
6.0 QA review Aliaksandra 27-Mar-2020 Miroslav Sklansky 27-Mar-2020
Valozhynskaya
6.1 Updated pp.2,3,4: Alexei Ermak 01-Feb-2021
updated categories
according Infoblox
classification
6.2 Reviewed Ruslan Safin 01-Feb-2021
7.0 QA review Aliaksandra 12-Feb-2021 Miroslav Sklansky 17-Feb-2021
Valozhynskaya

CONFIDENTIAL | Effective Date: 07-Nov-2023 6


Web Resources Access
Document ID: EPAM_WorkInstruction-576

REVISION HISTORY
Approved
Ver. Description of Change Author Date
Name Date
7.1 Technical changes: Viktoryia Shtukar 19-Aug-2021
formatting according to
the template, updated
properties
8.0 QA review Aliaksandra 01-Sep-2021 Andrei Zemliakou 14-Jan-2022
Valozhynskaya
8.1 Reviewed, updated Siamion 05-Jan-2023
Rubinshtein
9.0 QA Review Alena Siakeryna 05-Jan-2023 Miroslav Sklansky 05-Jan-2023
9.1 Updated pp.2,3: updated Yauheni Khakhlou 27-Oct-2023
categories according
Infoblox classification
9.2 Reviewed and confirmed Siamion 06-Nov-2023
changes Rubinshtein
10.0 QA Review Alena Siakeryna 06-Nov-2023 Miroslav Sklansky 06-Nov-2023

CONFIDENTIAL | Effective Date: 07-Nov-2023 7

You might also like