Policy 7.7 Network Management
SCOPE: FACULTY, STAFF, STUDENTS, AND GUESTS
1. ROLES AND RESPONSIBILITIES
1.1 The purpose of this policy is to assure the reliability, security, integrity, and availability of LIT’s telecommunications network infrastructure.
1.2 The LIT institutional network is a state information resource that exists to achieve the mission, goals, and objectives of the institution. Utilization of the institutional network must be consistent with and in support of institutional initiatives.
2.1 Responsibility for administration and maintenance of all layers of the institutional network is assigned to LIT Information Technology. All other personnel are prohibited from making modifications to or removing network devices or cables or connecting/removing network devices (e.g., routers, switches, wireless access points) to the institutional network without prior authorization from the IRM.
2.2 The institutional network shall be configured, managed, and monitored as per the LIT Networking Management Standards (Appendix A).
2.3 All network names and addresses belong to LIT. Requests for static IP addresses or network names (e.g., www.lit.edu) shall be sent to LIT Information Technology.
2.4 Individuals that control right-to-use privileges for systems attached to the institutional network will ensure that only authorized persons are granted access.
2.5 Users and custodians of network-connected devices may be held accountable for damage or harm to network operations or performance, or to other networkconnected devices should that damage or harm occur due to device use or management that is not in compliance with LIT policies and procedures.
3. WIRELESS NETWORKING
3.1 LIT may choose to provide a secure wireless network to provide a protected connectivity to LIT internal resources for authorized users in areas where a wired solution is not feasible.
3.1.1 A valid LIT account shall be required to authenticate to the secure wireless network. All faculty and staff are authorized to access the secure wireless network using their LIT account credentials.
3.1.2 Non-LIT personnel may be authorized to access the secure wireless network. Requests for access must come from the sponsoring unit and will be handled on a case by case basis.
3.2 LIT may choose to provide a guest wireless network to provide a convenient Internet connection for the LIT community. Users of the guest wireless network shall not have access to LIT resources other than those available to the general public.
3.2.1 LIT personnel may not conduct LIT business using the guest wireless network.
3.2.2 The guest wireless network shall be segregated from the internal network.
3.2.3 The guest wireless network shall be considered a public network for the purpose of LIT’s information security policies.
3.2.4 Users of guest wireless are required to accept LIT’s Acceptable Use policy prior to being granted access.
3.3 Any wireless network other than guest or secure shall be considered an ad hoc wireless networks. No ad hoc wireless networking will be permitted on the LIT institutional network without authorization from the ISO. The following are exceptions to this requirement:
3.3.1 Mobile hotspots using cellular data.
3.3.2 Ad hoc wireless networks managed by LIT faculty created for academic purposes, provided those networks are not attached to the institutional network.
3.4 Wireless access on peripheral devices managed by LIT faculty and used for academic purposes, provided those devices are not attached to the institutional network
4. AUTHORITY AND RESPONSIBILITY
Questions related to this policy should be addressed to the IRM at firstname.lastname@example.org.
Appendix A – Network Management Standards
1. Asset and Configuration Management
1.1. All devices acting in the role of a server (regardless of their specific function, hardware, or software) that connect to the institutional network must be registered in a network device registry administered by LIT Information Technology.
2. Network Services
2.1. Domain Name Service (DNS) shall be fault-tolerant and implement internal/external role separation.
2.2. DHCP is the standard and preferred method for assigning IP addresses to campus devices.
3. Network Security
3.1. The ISO shall coordinate with unit that handle confidential or regulated data to determine if portions of their networks should utilize network layer security precautions such as firewalls, access control lists, or VPNs.
3.2. Publicly accessible information resources shall be separated from internal network resources through physical or logical (e.g., VLANs) separation.
3.3. Appropriate interface, boundary and perimeter protection mechanisms shall be implemented to provide protection and monitoring capabilities against threats to LIT’s information resources attached to its institutional network.
3.4. Network equipment shall be physically secured in controlled spaces. Additional access controls shall be implemented, based on risk assessment, to prevent unauthorized devices from attaching to the wired network.
4.1. Where possible and practical, networking logs shall be retained for a minimum of 30 days.
5.1. Wireless access shall remain disabled on peripheral devices such as printers and projectors unless activated by LIT Information Technology.