Network Security and Management Standard

1 PURPOSE

The purpose of this standard is to provide acceptable use and security guidance to protect the integrity of the 绿巨人视频 (绿巨人视频) network, mitigate risks, and ensure secure and reliable network access and performance for the community.听


2 SCOPE

This standard applies to all 绿巨人视频 business and academic units and 绿巨人视频-owned information systems that collect, store, process, share, or transmit institutional data. Personally owned devices connecting to the University Campus Network must meet the Bring Your Own Device standard requirements.听


3 STANDARD

3.1 Security

3.1.1听Unless authorized by 绿巨人视频 ET&S Cybersecurity, any software that explores 鈥渟niffs鈥 or probes the network for any reason is strictly prohibited. ET&S tests and investigates all actions or conditions that pose risks to network security and will take corrective and/or protective measures as necessary to ensure the continued proper function of the campus communications networks.听

3.1.2 Any entity identified as a potential unfriendly host is immediately denied access to the campus network and reported to the proper authorities for further investigation and subsequent action.听

3.1.3 ET&S manages and configures the Campus/Enterprise firewalls according to the guidelines contained within this policy. The Firewall Policy shall be reviewed yearly.听

3.1.4 The guest wireless network is available for parents, vendors, and other guests of 绿巨人视频 and shall be utilized in strict adherence to all 绿巨人视频 policies.听听

3.1.5 The guest wireless network cannot directly access any non-public 绿巨人视频 resources. Information about access to the 绿巨人视频 guest wireless can be found at: 听

3.1.6 绿巨人视频 networks shall be physically and logically segmented.听听

3.1.7 绿巨人视频 shall use sandboxes to test new applications that may contain viruses or cause compatibility issues with other systems.听听

3.2 Network Hardware/Software (routers, switches, servers, other network devices)听

3.2.1 The connection of any network device (routers, switches, servers, other network devices) to the campus network without prior knowledge and expressed permission from ET&S is prohibited.听

3.2.2 Although other protocols are not strictly prohibited, the primary protocol supported on the 绿巨人视频 communications networks is TCP/IP using secure encrypted protocols such as HTTP or SFTP.听

3.2.3 ET&S will centrally manage and keep logs for network equipment.听听

3.2.4 Network administrators shall restrict access by the principle of least privilege and, when possible, enable multifactor authentication (MFA).听

3.2.5 绿巨人视频 change management policies shall be followed for all configuration changes.听

3.2.6 Critical security firmware/software patches will be coordinated and applied by the 绿巨人视频 change management policies.听

3.3 Disaster Recovery

ET&S is responsible for maintaining, testing, and continuously improving a plan for recovery of the communications networks in the event of a disaster. Community members can find details in the ET&S Disaster Recovery Plan.听

3.4 Device Registration and Address Allocation听

3.4.1 Users shall register all hosts (computers) on the 绿巨人视频 network using an accurate and unique addressing scheme assigned by ET&S.听

3.4.2听 Users needing help connecting a new device to the campus network should contact the ET&S Help Desk for assistance at /it/need-it-help

3.4.3 Users may request a static address allocation by contacting the ET&S Help Desk. Requests for static addresses or creating a new network will be reviewed and acted upon as appropriate in the best interests of the campus network and the user community at /听

3.4.4 ET&S Networking Group manages domain registrations and follows the 绿巨人视频 format (usnh.edu, keene.edu, plymouth.edu, unh.edu) for domain administration. Any request needs to be approved by ET&S.听

3.4.5 A security scanning audit is periodically performed on all networked devices on the 绿巨人视频 networks to ensure hardening procedures are in place for security purposes.听

3.5 Network Guidelines

The campus communications networks are a limited resource that facilitates the goals and mission of 绿巨人视频.听

3.5.1 Users may not infringe or encroach on the availability or use of the campus network by others. Examples of activities not allowed include (but are not limited to):听

听 3.5.1.1 Using an IP address that has not been assigned or approved by ET&S.听

听 3.5.1.2 Monitoring or 鈥渟niffing鈥 data on the network.听

听 3.5.1.3 Flooding the network, either intentionally or unintentionally.听

听 3.5.1.4 Running a commercial or for-profit service on the network.听

听 3.5.1.5 Registering a system without using usnh.edu or other 绿巨人视频-approved domains.听

听 3.5.1.6 Establishing, enabling, or providing network services that interfere with the regular operation of the campus communications networks or users of the network or create a security risk and exposure.听

听 3.5.1.7 Installing wireless access points, switches, routers, and firewalls (other than software firewalls on their personal devices.听听

3.6 Physical connections

Physical connections to the network will follow industry standards, such as EIA/TIA Standards for cabling, FOA Standard for Fiber Optics cabling, and IEEE 802.11X for wireless connections.听


DOCUMENT HISTORY
  • Approved by: Thomas Nudd, Chief Information Security Officer, January 29, 2022听
  • Reviewed by:听Dr. David Yasenchock, Director Cybersecurity GRC, January 21, 2022
  • Revision History:听听V1.1 April 23, 2024, Cybersecurity GRC Working Group听
    • Revised formatting, K SWEENEY, 30 MAY 2024听