Educause Security Discussion mailing list archives
network connection policies-procedures
From: Dorette Kerian <dorette.kerian () MAIL UND NODAK EDU>
Date: Thu, 6 Nov 2003 08:07:58 -0600
Colleagues, We've found some models of network policies at some of your web sites and developed a proposed policy--the meat of it is copied below. * We're looking for ways to make it more effective, more acceptable, or otherwise better and would appreciate your suggestions. * I'd also like to hear from those who tried this approach--successes and failures--to benefit from your lessons learned. * And maybe for those who didn't try--the benefit of knowing why. * Also, if you have procedures to implement network policies including approval and authorization processes, would you be willing to share those? If you would respond directly to me at dorette.kerian () mail und nodak edu, I'd synthesize for the list. I'm sending this to both the Security and CIO lists so my regrets if you received this twice. Thanks for your consideration. Dorette. Dorette Kerian, Director Information Technology Systems and Services University of North Dakota dorette.kerian () mail und nodak edu 701.777-3880 It is the policy of the University that no equipment, beyond a network interface card supporting a single IP address, be connected to the campus network without first notifying and gaining approval from ITSS Network Services. Users of the network may be required to authenticate when connecting a device to the network. Adding cabling (with the exception of the ANSI/EIA/TIA standard patch cable at the network outlet) or networking components (including, but not limited to, routers, switches, hubs and wireless access points) without approval or authorization is prohibited. Equipment found to be attached to the campus network in violation of this policy may be disconnected and/or blocked from accessing the network without notice and may result in disciplinary action. Under no circumstances may an external network be interconnected to act as a gateway to the University network without ITSS' explicit approval. The integrity, security, and proper operation of the university campus network requires an orderly assignment of IP addresses and the correct configuration of computer systems and peripheral equipment attached to the network. Network performance and correct name resolution suffer when addressing conflicts occur. Therefore, all connections to the campus network need to be coordinated with IP addresses assigned statically where needed, or through ITSS DHCP services, or those known and approved by central IT. Individuals and/or departments are required to register services with ITSS, (i.e., Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Simple Network Management Protocol (SNMP)) to insure that these services do not interfere with the functioning of centrally provided network based services. All network connections must take into account performance, security, and privacy. Note: This policy does not apply to campus local networks that are not connected to the campus backbone or that are known by ITSS to exist behind designated routers for firewalls. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- network connection policies-procedures Dorette Kerian (Nov 06)
- <Possible follow-ups>
- Re: network connection policies-procedures Brian Kaye (Nov 06)
- Re: network connection policies-procedures Doug Sandford (Nov 10)
- Re: network connection policies-procedures Rodney Petersen (Nov 10)