Overview
Version 1.0
Last Revision Date: May 11, 2007
Approval Date: May 1, 2007
Approval Authority: Case Information Security Officer
Purpose
The purpose of this policy is to establish
standards for management of network access and communications.
Scope
This policy applies to all information technology
systems that use the Case network infrastructure.
Cancellation
Not applicable.
Policy Statement
General
All networks and communications technologies owned and managed by Case
are considered to be private in nature, and access is granted for the
exclusive use of Case faculty, staff, students, and affiliates in
accordance with the Case Acceptable
Use of
Information Technology Policy (AUP). The privilege of use of
all Case networks requires adherence by all Case users to a minimal set
of standards to assure efficient and effective management of network
resources. The doctrine employed by Case IT Services is to assure
the fulfillment of the mission of the University through access to and
availability of Case networks, which are deemed a critical resource.
General
policy of approved protocols and usage thresholds will be determined
and implemented by Case IT Services, through the Technical
Infrastructure
Services group. The implementation of standards shall be the
responsibility of all IT systems owners and administrators.
Case network users shall not provision network-based services for
non-Case third parties.
Access Requirements
All networks on the Case campus are installed and maintained by Case IT
Services. To assure the integrity and availability of network
services, no other network communications (with the exception of
commercial cellular telephony networks) shall be permitted on
University
facilities. No networking equipment (routers, managed switches,
DHCP servers, DNS
servers, WINS servers, VPN servers, remote access dial-in
servers/RADIUS, wireless access points, hardware firewalls)
shall be
permitted without a written exception from Case IT Services (Technical
Infrastructure Services).
All devices connected to Case networks shall be registered with Case IT
Services when initially attached to the network. This applies to
printers, computing systems, laboratory equipment, and
communications devices that use TCP/IP network protocols. The
registrant must be a current faculty, staff, or student with a valid
and active NetworkID. Information on how to register a network
device can be found at the Network
Registration documentation at the Case Help Desk.
Unregistered devices are subject to disconnection from the Case
Network, without notice, whether or not they are disrupting network
service.
No device or program that has the potential to disrupt network
service to others is permitted on the Case Network without prior
arrangement with IT Services.
Case users accessing the Case IT resources via wireless networking may
assure the privacy of the network communications by using the Case VPN
software.
Protocol Standards
The management of network protocols shall be performed by information
systems administrators and network administrators to assure the
efficiency, availability, and security of the common resources, in
accordance with the governing Case Acceptable Use Policy.
Simple Mail Transfer Protocol (SMTP):
- All email protocol traffic shall utilize the
centralized mail gateways (smtp.case.edu). Inbound mail traffic
with destination addresses for servers other than those operated by IT
Services shall
utilize an DNS MX record to relay that traffic through the centralized
mail gateways. All outbound traffic shall utilize the SMTP
gateway.
- The use SSL or TLS based communication
standards for
email client to email server communication is preferred such that the
authentication session is the protected transaction.
Domain Name Services Protocol (DNS):
All hosts on Case
networks
shall
utilize the Case DNS systems. All hosts connected to Case
networks receive a cwru.edu or case.edu domain name extension. No
host connected to Case networks shall be addressable by any DNS name
other than that provided by Case.
No host with a case.edu or cwru.edu domain name (and an IP address
within the Case network spaces) will use an IP address outside the
University's registered name space without a written exemption from
Case
IT Services (Technical
Infrastructure Services).
Dynamic Host Configuration Protocol (DHCP):
All hosts on Case
networks
shall either obtain and use a static IP address (see Network
Tools for setup) or use the Case DHCP service to obtain an assigned
IP address. Users shall not use a self-assigned IP address,
or operate a DHCP server. The use of bootstrap (BOOTP) shall be
governed in the same manner as DCHP.
IT Services keeps a
listing
of banned
protocols which have shown to interfere with the architecture and
management of the Case network environment.
Definitions
MX record- An MX record or Mail exchanger record is a type of resource
record in the Domain Name System (DNS) specifying how
Internet e-mail
should be routed. MX records point to the servers that should
receive an e-mail, and their priority relative to each other.
SSL- secure sockets layer, an encryption method for communication
between the mail client and mail server.
TLS- transport layer security, an encryption method for communication
between a mail client and a mail server, or between mail servers.
TCP/IP- transmission control protocol and internet protocol, which
define how communications are currently implemented in the Case network
infrastructure.
IP address- internet protocol address, an essential networking element
which permits traffic to be routed to a specific host.
Responsibility
IT Services is responsible for enforcement of network access standards,
and maintaining the list of banned protocols.
Departmental IT staff are responsible for the implementation and
adherence to network protocol standards.
Policy Review Cycle
This policy will be reviewed every two years on the anniversary of the
policy effective date, at a minimum. The policy may be reviewed on a
more frequent basis depending on changes of risk exposure. |
