network connection policies-procedures

[Dorette Kerian <dorette.kerian () MAIL UND NODAK EDU>]

Colleagues,

We've found some models of network policies at some of your web sites and developed a proposed policy--the meat of it 
is copied below.   
* We're looking for ways to make it more effective, more acceptable, or otherwise better and would appreciate your 
suggestions.    
* I'd also like to hear from those who tried this approach--successes and failures--to benefit from your lessons 
learned.  
* And maybe for those who didn't try--the benefit of knowing why.   
* Also, if you have procedures to implement network policies including approval and authorization processes, would you 
be willing to share those?
If you would respond directly to me at dorette.kerian () mail und nodak edu, I'd synthesize for the list.

I'm sending this to both the Security and CIO lists so my regrets if you received this twice.

Thanks for your consideration.

Dorette.

Dorette Kerian, Director
Information Technology Systems and Services
University of North Dakota
dorette.kerian () mail und nodak edu
701.777-3880

It is the policy of the University that no equipment, beyond a network interface card supporting a single IP address, 
be connected to the campus network without first notifying and gaining approval from ITSS Network Services. Users of 
the network may be required to authenticate when connecting a device to the network.  Adding cabling (with the 
exception of the ANSI/EIA/TIA standard patch cable at the network outlet) or networking components (including, but not 
limited to, routers, switches, hubs and wireless access points) without approval or authorization is prohibited. 
Equipment found to be attached to the campus network in violation of this policy may be disconnected and/or blocked 
from accessing the network without notice and may result in disciplinary action.  Under no circumstances may an 
external network be interconnected to act as a gateway to the University network without ITSS' explicit approval.

The integrity, security, and proper operation of the university campus network requires an orderly assignment of IP 
addresses and the correct configuration of computer systems and peripheral equipment attached to the network. Network 
performance and correct name resolution suffer when addressing conflicts occur. Therefore, all connections to the 
campus network need to be coordinated with IP addresses assigned statically where needed, or through ITSS DHCP 
services, or those known and approved by central IT.  Individuals and/or departments are required to register services 
with ITSS, (i.e., Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Simple Network Management 
Protocol (SNMP)) to insure that these services do not interfere with the functioning of centrally provided network 
based services.  All network connections must take into account performance, security, and privacy.   

Note:  This policy does not apply to campus local networks that are not connected to the campus backbone or that are 
known by ITSS to exist behind designated routers for firewalls.  

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.