University of Aberdeen Network Connection Policy

Transcription

1 University f Aberdeen Netwrk Cnnectin Plicy 1. Overview The University s data netwrk frms a critical part f the business infrastructure used t access business systems and data stres as well as carrying and telephny. As such it is essential that this resurce is carefully managed t ensure its capacity, availability and integrity. The demands placed upn the University s data netwrks are such that a single netwrk is nt able t meet all these needs, therefre there are several netwrks designed f prvide the required service in each area. Nthing in this dcument shuld be taken t verride the University f Aberdeen Infrmatin Security Plicy r the JANET Acceptable Use Plicy. Where there is any cnflict the abve dcuments take precedence. 2. Purpse The purpse f this plicy is t define what can be cnnected t the University s netwrks and the standards that must be adhered t by devices s cnnected. It cvers: Wh can cnnect devices t a netwrk devices can be cnnected t a netwrk Ensuring apprpriate management f netwrk resurces and netwrk address space Auditing f this plicy Enfrcement actin Details f permitted activities by netwrk cnnected devices are cvered in the University f Aberdeen Cnditins fr using IT Facilities and the assciated Ntes fr Guidance. 3. Scpe This plicy applies t any device directly cnnected t any f the University s netwrks by any means (e.g. netwrk cable r wireless). It des nt cver remte access frm ut with the University. It als applies t anyne cnnecting r using a device cnnected t the University s netwrks including Staff, Students, Cntractrs and members f the General Public fr whatever purpse that device is t be cnnected t the netwrk. The prcess f cnnecting a device t the netwrk includes: Cnfiguring the netwrk t allw the device t cmmunicate Physically cnnecting the device t the netwrk Cnfiguring the device t cmmunicate n the netwrk 4. Plicy Cmmn plicy applying t ALL University f Aberdeen Netwrks Wh In general nly staff authrised by the Directr f IT Services are permitted t cnfigure r extend any University f Aberdeen netwrk. Each netwrk has a separate plicy n wh can physically cnnect devices t it. Details are given in the sectins belw. Each netwrk has a separate plicy n wh can cnfigure devices t cmmunicate n it. Details are given in the sectins belw. IT Services, University f Aberdeen Last reviewed: April 2015

2 Page 2 Netwrk Cnnectin Plicy Each netwrk is prvided fr a specific purpse and nly devices cnsistent with that purpse may be cnnected. Devices may be categrised as: Netwrk equipment Such as ruters, netwrk switches, Wireless Access Pints etc. Client Devices University wned: User Wrkstatins, PCs, laptps, PDAs etc. Nn University wned: User Wrkstatins, PCs, laptps, PDAs etc. Servers Devices whse primary purpse is t prvide services t ther netwrk cnnected devices Netwrk Printers and MFDs Embedded devices Such as CCTV cameras, building mnitring systems etc. Other equipment Such as scanners, scientific instruments and Videcnferencing equipment. The cnnectin r cnfiguratin f netwrk equipment is cnsidered cnfiguring the netwrk and is nly permitted by explicitly authrised staff. Authrised staff may delegate specific tasks in specific circumstances, e.g. cnsultants wrking n behalf f the University, hwever they remain respnsible fr such wrk. Any device cnnected t the netwrk must meet the fllwing minimum criteria: Has a Netwrk Interface Card capable f cnnecting t Ethernet Netwrks r wireless netwrks. Is capable f cmmunicating using TCP/IP v4 netwrk prtcls. Cmplies with current Health and Safety requirements, including Electrical regulatins (e.g. PAT testing) and ther natinal and internatinal regulatry requirements. Cmplies with the University f Aberdeen OS update and patching Plicy. Where available, has up t date antivirus sftware peratinal. Where available, has the device firewall switched n and cnfigured in accrdance with the guidelines issued by IT Services. Has a Respnsible Persn, charged with ensuring the device and its use adheres t this plicy and ther applicable University f Aberdeen plicies. Netwrk Specific Plicies Campus Netwrk The Campus Netwrk is prvided t supprt the teaching, research and administrative functins f the University by facilitating netwrk cnnectivity t the University IT resurces and t the Internet thrugh JANET. It is the standard netwrk t which mst University wned cabled devices are nrmally cnnected. Wh Only staff authrised by the Directr f IT Services are permitted t enliven prts n the campus netwrk. Only staff authrised by the Directr f IT Services and Respnsible Persns are permitted t cnnect suitably cnfigured devices t any Campus Netwrk prt. IT Services, University f Aberdeen Last reviewed: April 2015

3 Page 3 Netwrk Cnnectin Plicy Only staff authrised by the Directr f IT Services and Respnsible Persns may cnfigure devices fr cnnectin t the campus netwrk. Only University wned devices may be cnnected t the campus netwrk. Such devices must be cnfigured fr the particular lcatin where they are t be used. In exceptinal circumstances nn University f Aberdeen equipment may be cnnected t the campus netwrk (Nte: ResNet r eduram are usually mre apprpriate fr such devices). In such cases the device wner will be held liable by the University f Aberdeen fr any lss arising ut f the use f the device n University f Aberdeen netwrks and must cnsent t: eduram The University f Aberdeen mnitring the device activity. Prvide full access t the device if required t undertake investigatins. The eduram Netwrk is prvided t supprt the teaching, research and administrative functins f the University by facilitating netwrk cnnectivity t the University IT resurces and t the Internet thrugh JANET. It is the standard netwrk t which mst nn University wned devices and Wireless devices are nrmally cnnected. Wh Only staff authrised by the Directr f IT Services are permitted t cnfigure the eduram netwrk. Any registered user f University f Aberdeen IT services r registered user f an eduram federated rganisatin may cnnect a client device t the eduram netwrk. Only staff authrised by the Directr f IT Services and Respnsible Persns may cnfigure University wned devices fr cnnectin t the eduram netwrk. The University f Aberdeen des nt specify wh may cnfigure nn University wned devices. Any client device may be cnnected t eduram netwrk. University f Aberdeen users are required t ensure that devices are fully patched, have up-t-date, antivirus sftware and persnal firewall installed, where pssible. Nn University f Aberdeen users are recmmended t ensure that devices are fully patched, have up-t-date, antivirus sftware and persnal firewall installed. The University f Aberdeen will nt be respnsible fr any lss arising frm cnnecting devices t the eduram Netwrk. ResNet The ResNet Netwrk is prvided t supprt the teaching, research and administrative functins f the University by facilitating netwrk cnnectivity t the University IT resurces and t the Internet thrugh JANET. It is als acceptable t use ResNet fr respnsible scial and recreatinal use. It is the standard netwrk fr nn administrative use in University residences. Wh Only staff authrised by the Directr f IT Services are permitted t cnfigure the ResNet netwrk. Any registered user f University f Aberdeen IT services may cnnect a client device t the ResNet netwrk IT Services, University f Aberdeen Last reviewed: April 2015

4 Page 4 Netwrk Cnnectin Plicy Only staff authrised by the Directr f IT Services and Respnsible Persns may cnfigure University wned devices fr cnnectin t the ResNet netwrk. The University f Aberdeen des nt specify wh may cnfigure nn University wned devices. Any client device may be cnnected t ResNet netwrk. All users are required t ensure that devices are fully patched, have up-t-date, antivirus sftware and persnal firewall installed. The use f a client device t cnnect persnal electrnic equipment, such as games cnsles, is nt regarded as cnfiguring the netwrk. Users s ding s shuld be aware that they will accuntable fr any use f devices cnnected in such a manner. The University f Aberdeen will nt be respnsible fr any lss arising frm cnnecting devices t the ResNet Netwrk. Guestweb Wireless Netwrk The guestweb wireless service prvides visitrs t the University with shrt term unencrypted internet access while n campus. Wh Only staff authrised by the Directr f IT Services are permitted t cnfigure the Guestweb netwrk. Any user registered fr guest access t University f Aberdeen IT services may cnnect a client device t Guest Web. The University f Aberdeen des nt stipulate wh may cnfigure devices nt wned by the University. Any client device may be cnnected t the guestweb netwrk. It is recmmended that such devices are fully patched, have up-t-date, antivirus sftware and persnal firewall installed. The University f Aberdeen will nt be respnsible fr any lss arising frm cnnecting devices t Visitr Web. IT Classrm Netwrk The IT Classrm Netwrk prvides cnnectivity fr the teaching classrms, public access clusters and lecture theatre systems. Wh Only staff authrised by the Directr f IT Services are permitted t cnfigure the IT Classrm netwrk. Only staff authrised by the Directr f IT Services may cnnect devices t the IT classrm netwrk. Only staff authrised by the Directr f IT Services may cnfigure devices n the IT classrm netwrk. Only devices directly supprting the classrm r lecture theatre envirnment may be cnnected t the IT Classrm netwrk. Central Server Netwrks Central Server netwrks are built t prvide the necessary traffic management and security t effectively deliver the IT services cnnected t them. IT Services, University f Aberdeen Last reviewed: April 2015

5 Page 5 Netwrk Cnnectin Plicy Fr each server netwrk a recrd will be kept detailing the purpse f the netwrk, what cnnectivity it prvides and the security measures t be implemented t prtect the services cnnected t it. Wh Only staff authrised by the Directr f IT Services are permitted t cnfigure Central Server netwrks. Only staff authrised by the Directr f IT Services may cnnect devices t the Central Server Netwrks. Only staff authrised by the Directr f IT Services may cnfigure devices n a Central Server netwrk. Only devices cnsistent with the purpse f a specific server netwrk may be cnnected t a specific server netwrk. Special Netwrks There are devices, such as scientific equipment, which require a netwrk cnnectin but cannt meet the requirements f any f the abve netwrks. In these circumstances, prvided there is a business case, a special netwrk may be cnfigured. These netwrks are subject t specific agreements between the device administratr(s) and IT Services. Only the minimum cnnectivity cnsistent with use f the device will be prvided. Fr each special netwrk a recrd will be kept detailing the purpse f the netwrk, what cnnectivity it prvides, including wh may use devices cnnected t it and wh may cnnect devices t it and what devices may be cnnected. Wh Only staff authrised by the Directr f IT Services are permitted t cnfigure a specific special netwrk. Only staff authrised by the Directr f IT Services r persns detailed in the agreement may cnnect devices t the specific special netwrk. Only staff authrised by the Directr f IT Services r persns detailed in the agreement are permitted t cnfigure devices fr a specific special netwrk. Only thse devices detailed in the agreement may be cnnected t the specific special netwrk. 5. Management Mnitring Traffic levels and resurce utilisatin will be apprpriately mnitred, with recrds kept fr at least 1 year. With the exceptin f staff authrised by the Directr f IT Services, the fllwing activities are a breach f this plicy: Scanning r mnitring f any University f Aberdeen netwrk. Operating any device in prmiscuus mde. Installing sftware fr the purpses f netwrk mnitring r scanning. The allcatin f netwrk addresses (IP addresses) shall be managed by IT Services. Addresses issued fr use with a device must nt be used with any ther device. When a device is n lnger cnnected t the netwrk, the address issued t it will be reclaimed. IT Services, University f Aberdeen Last reviewed: April 2015

6 Page 6 Netwrk Cnnectin Plicy Excessive use Any device that cnsumes excessive netwrk resurce (e.g. bandwidth) such that it impacts the legitimate peratin f ther netwrk devices may be discnnected r have its access t resurce limited. Such measures will nly be taken t the extent necessary t ensure prper peratin f the netwrk. IT Services may emply Traffic Shaping t manage bandwidth ensuring critical applicatins are given pririty. 6. Auditing Management data as detailed in sectin 5 abve will be used by IT Services t ensure cmpliance t this plicy. Netwrk scans and statistical analysis will be applied. Third parties may be engaged t peridically reprt n the state f netwrk security in all University netwrks. 7. Enfrcement A breach f this plicy shall be cnsidered a breach f the University f Aberdeen Cnditins fr using IT Facilities and will be dealt with as prvided in them. In particular IT Services has the authrity t refuse t prvide a netwrk service t r restrict the service prvided t any device r user it believes has r will breach this plicy. Disciplinary r legal prceeding may als be instigated. 8. Definitins Mnitring Scanning Prmiscuus mde OS Cabled device Fully patched Cllecting infrmatin relating t netwrk traffic. This culd include surce and destinatin addresses, traffic levels and data types. Wrking thrugh range f netwrk addresses r prts attempting t cnnect t each in turn. A mde f perating a netwrk prt n a client device s that it will receive and prcess all netwrk traffic including traffic nt addressed t it. Operating System. A device cnnected with a cable as ppsed t a wireless cnnectin. All critical and security patches lder than 2 mnths are applied. IT Services, University f Aberdeen Last reviewed: April 2015

7 Page 7 Netwrk Cnnectin Plicy Title University f Aberdeen Netwrk Cnnectin Plicy Authr/Creatr Garry Wardrpe, Infrastructure Develpment Manager, IT Services Owner Christine Mackenzie, Dcumentatin Officer, IT Services Garry Wardrpe, Infrastructure Develpment Manager, IT Services Apprved by University f Aberdeen Advisry Grup n Infrmatin Strategy AGIS) Date published/apprved May 2012 Versin 1. May June May 2012 Review date April 2015 Audience Staff and students, cntractrs, public Related Cnditins fr using IT Facilities Infrmatin Security Plicy JANET Acceptable Use Plicy (external) Subject/Descriptin Equality Impact Assessment Sectin The purpse f this plicy is t define what can be cnnected t the University s netwrks and the standards that must be adhered t by devices s cnnected. - IT Services Theme IT, netwrk, cnnectin, wireless, servers, wrkstatins, laptps, PDAs, printers, MFDs, CCTV, scanners, vide cnferencing, classrms, clusters, lecture theatres, bandwidth IT Services, University f Aberdeen Last reviewed: April 2015