NUMBER: 850
SUBJECT: NETWORK POLICY
AUTHORIZING BODY: PRESIDENT'S CABINET
RESPONSIBLE OFFICE: UNIVERSITY TECHNOLOGY SERVICES
DATE ISSUED: APRIL 2004
LAST UPDATE:
RATIONALE: The purpose is to assign responsibility for all aspects of creating, using, integrating, designing, installing, managing and maintaining Oakland University’s network infrastructure and its core network services.
POLICY:
1. Background and purpose
The effective management of network information technology resources is important to the success of teaching, learning and research mission of the University. Wired and wireless networks, including voice, data and video networks, provide the communications backbone of the University. The paradox of a network environment is such that as more and more information services are provided in networked environments (e.g. wireless communications), more procedures and coordination are required.
2. Definitions
a. a. Access point
Access point is the electronic hardware that services as a common connection point for devices in a wireless network. An access point acts as a network hub that is used to connect LAN segments, using transmit and receive antennas instead of ports for access by multiple users of the wireless network. Access points are shared bandwidth devices and can be connected to the wired network.
b. Core network services
Core network services include, but are not limited to: Windows Internet Naming Services (WINS); domain naming services; dynamic host configuration protocol (DHCP); Internet protocol addressing (IP address); network connectivity; voice, video and data transmission; and Internet services.
cc c. Coverage
Coverage means the geographical or building area where a baseline level of wireless connection service quality is provided or accessible, intentionally or unintentionally. In the case of a wired network, coverage, for the purposes of this document, is defined as the local area network or network segment that is represented by the physical location of network drops or nodes on the network.
d. d. Domain names
A name that identifies one or more IP addresses, are used in Uniform Resource Locators (URLs) to identify particular web pages. University Technology Services is responsible for maintenance of .edu administration on the Educause web site registration service.
e. Firewall
A firewall is a technical network implementation that protects computers on a specific network from intentional or accidental hostile or unauthorized intrusion.
f. f. Interference
Interference is defined as the degradation of a wireless communication signal caused by electromagnetic radiation from another source.
g. g. Network components
Network components are defined as the individual devices such as drops, ports, hubs, routers and switches that support the technical implementation, connectivity, and operation of the network.
h. Network infrastructure
The network infrastructure is defined as the inter-building and intra-building voice, data and video wired or wireless transport systems, and the electronic components and communications protocols used to transport signals over the systems. In its simplest form, a network connects two or more computers together.
i. Network resources
Network resources are systems, servers, file sharing and storage, printing and other items attached to the network that can be utilized through connection to the network.
jj. j. Protocols
Protocols are the defined format for communications transmission among devices, including the rules or sets of rules that create a communications and error handling standard.
k. Wired network
Wired network, commonly referred to as “the network”, is defined as the cabling infrastructure supporting all voice, video and data transmissions, as well as the routers, switches, hubs and electronic components that facilitate technical communications. This may also be referred to as the “campus backbone network.” The wired network begins at the point a device connects (i.e., a physical network drop or connection), continues through the campus in an intra-building mesh, and connects at a gateway to the Internet. The local access media may be fiber or copper, as appropriate for the technology.
l. Wireless network
Wireless network is defined as a local area network technology that uses radio frequency spectrum to connect electronic devices to the wired network. This may also be referred to as the wireless infrastructure, including access points, antennas, cabling, power and network devices used in the deployment of a wireless network.
3. Network Identity
a. Domain name
Domain names are essential to successful network addressing. Suggested domain names to be part of the Oakland University network infrastructure must be registered and approved by Communications and Marketing. Those establishing domain names must immediately notify University Technology Services after Communications and Marketing has approved the domain name. Domains connected to the university network must end with “oakland.edu”.
b. Global naming and addressing
University Technology Services is responsible for providing a consistent forum for the identification and allocation of Internet Protocol (IP) addressing and naming conventions. Dynamic Host Configuration Protocol (DHCP) is the preferred method for the assignment of IP addresses. Exceptions to DHCP address assignment must be requested from University Technology Services.
c. Responsibility
University Technology Services is responsible for the standards, design, implementation, performance and operation of the Oakland University network infrastructure. University Technology Services is responsible for monitoring compliance with this policy, within the scope of the Policy for Use of University Information Technology Resources. The Academic Computing Committee of the University Senate, and the Vice President of Academic Affairs and Provost, will provide input and direction to University Technology Services on network standards, design, implementation, performance and operation, of the Oakland University network infrastructure.
d. Delegation of responsibility
University Technology Services may delegate operational aspects of network infrastructure support to academic or administrative units where a defined Service Level Agreement can be developed. In particular, University Technology Services seeks to work with and support faculty members who are developing lab networks for educational and research purposes.
4. Access Guidelines
a. Access
Access to the network infrastructure will be provided to Oakland University faculty, staff, students, affiliates and guests, in a classification labeled “network users.”
b. Authentication
Network users will be asked to authenticate themselves when connecting to the Oakland University network by using a University provided login identifier (login ID) and password. Wireless network interfaces and computing devices will require user authentication to access the wireless network. Implementing network access with the intent to bypass authentication will be considered a violation of this policy and a violation of the Policy for Use of University Information Technology Resources, unless special provisions have been approved by the Cabinet.
c. Authorization
Network users will be authorized through their network access to utilize specific network resources based on need. Access to educational and research resources is supported with open authorized access. Access to administrative and business operations requires specific “need to know” attached to job requirements, and requires approval by a supervisor. Network authorization will not define or create access where no need exists. Network authorization tools and strategies will implement and support the rules, guidelines and strategies defined by the Policy for Use of University Information Technology Resources and network resource owners.
d. Devices connecting to the network
University Technology Services will maintain a list of acceptable devices, including devices identified in the Desktop Service Level Agreement. Any device (wired or wireless) connected to the network is subject to all university policies, particularly the Policy for Use of University Information Technology Resources, regardless of ownership.
e. Login ID and Password maintenance
Network users will be prompted to change passwords on a periodic basis. Also, network users are to use network login id and passwords in a manner consistent with the Policy for Use of University Information Technology Resources, and to protect and not share individual network login id and passwords with others.
f. Third Party/Backdoor Attachments
Attachments to the network by non-university organizations or network users must be approved by University Technology Services, aligned with the Policy for Use of University Information Technology Resources, and compliant with the Merit Networks (www.merit.edu) third party connection and attachment policies.
5. General Usage and Connectivity Guidelines
a. Network usage and connectivity
Use of the network infrastructure must be in a manner consistent with the Policy for Use of University Information Technology Resources. Equipment or network activity that violates this Network Policy will be subject to the disciplinary actions as outlined in the Policy for Use of Information Technology, which may include disconnecting or blocking such equipment or network activity.
b. Addressing
Media access control addressing (MAC) must be standardized in use and not altered or fraudulently presented.
c. Planning
University Technology Services must be involved in initial and ongoing planning and budgeting for all aspects of the Oakland University network infrastructure, including planning for connectivity of the Oakland University network infrastructure to remote or off-campus locations. University Technology Services will seek to work with Campus Facilities, the University Senate Academic Computing Committee, and key representatives of units and departments in the coverage area to ensure that network resource requirements, interference minimization, and security are considered in the network plan.
d. Compliance
Network components, wired network and wireless network installations and implementations will be monitored for conformance to established University network infrastructure plans.
e. Contracted network support
University Technology Services will seek to work with Campus Facilities and key representatives of units and departments in the coverage area to identify qualified contracted network support vendors meeting technical and security requirements. University Technology Services must pre-approve all contracted vendor work on the University network infrastructure. All contracted vendor support work will be monitored for compliance to current University technical standards, quality installation and work completion in a timely manner. University Technology Services may also choose to centrally sub-contract some operational and engineering network functions. Departments or Divisions will be assessed for the work and project management cost of tasks that require contracted network support.
f. Installation and removal of network components and access points
University Technology Services must authorize the installation or removal of network components and access points prior to any work. Tampering with, altering, or moving network components or access points is prohibited unless prior approval is obtained through University Technology Services. The location of all wireless access points must be coordinated with existing University Technology Services plans.
g. Remote access services
Acceptable remote access to the network infrastructure, such as dial-up, modem, or virtual private network, will be defined and maintained by University Technology Services. University Technology Services will seek to provide the most secure remote access connection appropriate to the security requirements defined by the affected network resource owners and managers. All external connections to the university network must first be reviewed and approved by University Technology Services.
6. Additional Wireless Guidelines
a. Wireless network legal restrictions
The special nature of wireless networks may be subject to legal restriction. Wireless access points must abide by all federal, state and local laws pertaining to wireless networks. University Technology Services, working with the University General Counsel office and the Office of Risk Management, is responsible for review of current technologies and legal restrictions. University Technology Services will authorize the installation or design of wireless access with full consideration to this limitation.
b. Radio frequency spectrum
Prior to the implementation of a wireless technology, the unit acquiring and planning for the use of that technology must register and review the radio frequency spectrum with University Technology Services.
c. Interference resolution
Certain wireless devices exist that utilize the same wireless frequency as the data network. In the event that a wireless device interferes with other equipment, University Technology Services shall work with key representatives of units and departments in the coverage area to seek resolution.
d. Wireless network cards
Wireless network cards are to be configured in client only mode and are not to be used as bridges, base stations, access points, or as an ad hoc network.
7. Security and firewalls
a. Security
University Technology Services may take steps to preserve the security of the network and the security of devices connected to the network in line with the Policy for Use of University Information Technology Resources.
b. Protocols
University Technology Services may take steps to preserve both security and quality of service by blocking or limiting protocols identified as problem source areas.
c. Firewalls
University Technology Services may install firewalls to protect university assets. Specific servers critical to University business and operations may be protected behind such firewalls, and those servers may be accessed for specific purposes as defined by the server or data owner. Review of an existing firewall, or a request for a new firewall, may be initiated by contacting the Helpdesk. If network communications needs a specific rule in the firewall, a Firewall Request Form must be submitted: www.oakland.edu/uts, under Security, or the direct URL
http://www.oakland.edu/uts/accounts/docs/Firewall_Change_Request.pdf.