Network Connection Policy
This policy is designed to protect the campus network and the ability of members of the AU community to use it. The purpose of this policy is to define the standards for connecting computers, servers or other devices to the University's network. The standards are designed to minimize the potential exposure to AU University from damages that could result from computers and servers that are not configured or maintained properly and to ensure that devices on the network are not taking actions that could adversely affect network performance.
AU University must provide a secure network for educational, research, instructional and administrative needs and services. An unsecured computer on the network allows denial of service attacks, viruses, Trojans, and other compromises to enter the university's campus network, thereby affecting many computers, as well as the network's integrity. Damages from these exploits could include the loss of sensitive and confidential data, interruption of network services and damage to critical AU University internal systems. Therefore specific standards and specific actions must be followed.
This policy applies to all members of the AU University or visitors who have any device connected to the AU University network, including, but not limited to, desktop computers, laptops, servers, wireless computers, mobile devices, smart phones, specialized equipment and telephone system components. The policy also applies to anyone who has systems outside the campus network that access the campus network and resources. The policy applies to university-owned, personally-owned or leased computers that connect to the AU network.
Appropriate Connection Methods
You may connect devices to the campus network at appropriate connectivity points including voice/data jacks, through an approved wireless network access point, via a VPN or SSH tunnel, or through remote access mechanisms.
Modifications or extensions to the network can frequently cause undesired effects, including loss of connectivity. These effects are not always immediate, nor are they always located at the site of modifications. As a result, extending or modifying the AU network must be done within the AU guidelines.
Users of the university network may be required to authenticate when connecting a device to it. Users may also need to install an agent on their computers before they are allowed on the network. The role of such an agent would be to audit the computer for compliance with security standards.
A database of unique machine identification should be maintained, network address and owner for the purposes of contacting the owner of a computer when it is necessary. For example, ICTS would contact the registered owner of a computer when his or her computer has been compromised and is launching a denial of service attack or if a copyright violation notice has been issued for the IP address used by that person.
Responsibility for Security
Every computer or other device connected to the network, including a desktop computer has an associated owner. Owners are responsible for ensuring that their machines meet the relevant security standards and for managing the security of the equipment and the services that run on it.
The security standards apply to all devices that connect to the AU University network through standard university ports, through wireless services, and through home and off campus connections.
- Owners must ensure that all computers and other devices capable of running anti-virus/anti-malware software have AU-licensed anti-virus software (or other appropriate virus protection products) installed and running. Owners should update definition files at least once per week.
- Computer owners must install the most recent security patches on the system as soon as practical or as directed by ICTS. Where machines cannot be patched, other actions may need to be taken to secure the machine appropriately.
- Owners of computers that contain AU Restricted Information should apply extra protections. For instance, individuals who are maintaining files with sensitive personal information should take extra care in managing their equipment and securing it appropriately.
Centrally-Provided Network-Based Services
ICTS, is responsible for providing reliable network services for the entire campus. As such, individuals or departments may not run any service which disrupts or interferes with centrally-provided services. These services include, but are not limited to, email, DNS, DHCP, and Domain Registration.
Protection of the Network
AU uses multiple methods to protect the AU network:
- monitoring for external intruders
- scanning hosts on the network for suspicious anomalies
- blocking harmful traffic
All network traffic passing in or out of AU's network is monitored by an intrusion detection system for signs of compromises. By connecting a computer or device to the network, you are acknowledging that the network traffic to and from your computer may be scanned.
AU network is scanned looking for vulnerabilities. At times, more extensive testing may be necessary to detect and confirm the existence of vulnerabilities. By connecting to the network, you agree to have your computer or device scanned for possible vulnerabilities.
AU reserves the right to take necessary steps to contain security exposures to the University and or improper network traffic. It will take action to contain devices that exhibit the behaviors indicated below, and allow normal traffic and central services to resume.
- imposing an exceptional load on a campus service
- exhibiting a pattern of network traffic that disrupts centrally provided services
- exhibiting a pattern of malicious network traffic associated with scanning or attacking others
- exhibiting behavior consistent with host compromise
AU reserves the right to restrict certain types of traffic coming into and across the AU network. AU restricts traffic that is known to cause damage to the network or hosts on it, such as NETBIOS. AU also may control other types of traffic that consume too much network capacity, such as file-sharing traffic.
By connecting to the network, you acknowledge that a computer or device that exhibits any of the behaviors listed above is in violation of this policy and will be removed from the network until it meets compliancy standards.