Policy on Connection to the University Network

Transcription

1 Policy on Connection to the University Network

2 Revision History Version Date Changes /12/04 David Conway /12/04 David Conway /01/05 David Conway /01/05 David Conway /03/05 David Conway Approval of UISG added. Doc Number Reference Documents Title University of Sunderland IT Regulations University of Sunderland Information Security Policy JANet Acceptable Use Policy Approval History Stage Authority Date Comment 1 Dave Webster 21/01/2005 Final approval by UISG 2 UISG 07/03/2005 UISG Approval 3 4 Release History Status Released to Date Comment Confidential Dave Webster 21/01/2005 Final approval by UISG Condifential UISG 21/01/2005 Open Public 14/03/2005 Policy on Connection to the University Network Draft 0.4 Page 2 of 6

3 Table of Contents Introduction...4 Institutional Firewall...4 Management of the Network...4 CERT...4 Requirements for connectivity...5 Breach of Policy...6 Associated reading...6 Policy on Connection to the University Network Draft 0.4 Page 3 of 6

4 Introduction The University of Sunderland operates both a wired and wireless data network for the benefit of staff and students, providing access to information systems within the University and on the internet. The network is centrally managed by the IT and Communications Service. The Network Services Manager is responsible for all network connectivity throughout the University. In order to ensure that the network is fully available for teaching, learning and research, it is expressly forbidden for any devices to be connected to the network without IT and Communications Services knowledge and authority. This includes any private cabling, switches, hubs, workstations, wireless access points etc. The connection of unauthorised and/or misconfigured devices adversely affects network availability and performance, hinders fault finding and reporting, and leaves the University s systems open to attack. Institutional Firewall The University of Sunderland operates an internet firewall which enforces a Default Deny policy. This means that the University protects systems within the University by denying the outside world to communicate with systems on our network, other than those which have had specific agreement based on a business or academic justification. The University will consider allowing access to additional services such as web servers, file transfer servers or remote control on request. By default access to these services is denied. Default Deny will not affect or worldwide web facilities at the University, although it may affect activity such as internet chat rooms or internet file sharing activity. A strong academic justification must be made to IT & Communications Services before any additional Internet services will be considered. Management of the Network The communications networks are managed on behalf of the University by IT and Communications Services. Networking infrastructure development, monitoring and management is the responsibility of the Network Services Manager as part of the central support and as such no changes may be made to the network infrastructure without explicit permission of the Network Services Manager. CERT IT and Communications Services also have a responsibility for Information Security, which rests with the Head of Systems. Both the Network Services Manager and the Head of Systems lead the University Computer Emergency Response Team (CERT) and work closely to ensure the security of the network and the systems which are connected to it, and are responsible for communications with law enforcement authorities in the case of serious breaches. IT and Communications Services maintain a level of security which is designed to Policy on Connection to the University Network Draft 0.4 Page 4 of 6

5 ensure a greater level of protection to the University core business systems. Access to core business systems must be requested from IT and Communications Services and approval will be sought from Line managers and Data Owners. This access will be reviewed at least every 12 months and upon staff leaving the University or changing designation. Requirements for connectivity No device including privately owned equipment, or network service is to be connected to the network without the prior knowledge and express permission of IT and Communications Services. This includes network equipment providing services services such as o DHCP o DNS o Firewalls o NAT services o SMTP or NNTP o Authentication services o Gateways o Proxy services o Private networking o Switches, hubs or routers regardless of being wired or wireless o Network traffic sensing o Distribution o Diversion or blocking hardware or software. o Any hardware of software which may adversely affect security or performance of the network All workstations, servers and printers must be registered with IT and Communication Services. This may be done via and will be assigned a unique IP address which is provided dynamically, managed by IT and Communications Services. Users must never attempt to use an IP address other than the one assigned by IT and Communications Services. All systems connecting to the campus network must be able to respond to a ICMP Echo (ping) All workstations must have an up-to-date anti-virus software package installed and should be patched to the latest recommended levels as specified by the operating system vendor. The University has a site licence for Norton Antivirus protection (Microsoft and Mac). All users should have this installed and configured for automatic updates. For further information, please see Policy on Connection to the University Network Draft 0.4 Page 5 of 6

6 In line with the IT regulations it is prohibited to create or transmit : o material which is designed or likely to cause annoyance o offensive, obscene or indecent images o junk mail or chain mail o a computer virus or worm o defamatory material o material for which copyright is not personally held. Port scanning is prohibited (the scanning or probing of another machine to determine which services are running) Users must not masquerade as another real or fictitious user (for example, forgery of the source of mail messages or news articles). Users are prohibited from the running of password capture or cracking programs. University, USE Ltd, and wholly owned University companies can use the network for teaching, research and commercial purposes. Any other separate legal entity on University premises must contact IT and Communications Services and will either be advised to install a private Internet connection separate from the University network, connect through the University's commercial Internet connection, or apply for a JANET Sponsored or Proxy licence. Breach of Policy IT and Communications Services will, without prior notice, disconnect any device found to be adversely affecting network availability or acting in breach of the law or of the regulations of University of Sunderland or JANet (the University s ISP). This action will be taken to protect other users and systems from potential harm, and to ensure that there is no disruption to learning and teaching, research or the business operation of the University. Such action will also be taken to ensure that the University does not breach external regulations or legislation. IT and Communications Services reserve the right to report any breach of this policy to the relevant authority, which may result in disciplinary or legal action taken against the individual. Associated reading University of Sunderland IT Regulations University of Sunderland Information Security Policy JANet Acceptable Use Policy Available from Policy on Connection to the University Network Draft 0.4 Page 6 of 6