UNC Charlotte
Text Only Calendars Search 49er Express
 
Current Students Future Students Faculty & Staff Family & Visitors Alumni & Friends
Home  >  Office of General Counsel > Policy statement Series > Policy Statement #10
Initially approved by the Board of Trustees September 27, 2002
Revised May 21, 2004
 

POLICY STATEMENT #10

NETWORK SECURITY

Purpose

The purpose of this Policy is to ensure secure and reliable network access and performance for the University community. Internet access to University resources and University access to Internet resources are both important elements in sustaining the University’s primary missions of instruction, research, and public service. This policy is intended to protect the integrity of the University network and to mitigate the risks and losses associated with security threats to the University network and information systems.

Like many university campuses, UNC Charlotte periodically experiences unauthorized access or attempts to access its data network and computer systems. In addition, computer systems on campus have been used as platforms to launch similar attacks on systems on the Internet at large.

This Policy is intended to:

  • Provide a reliable University network and Internet connection to conduct the University’s business;
  • Provide only authorized access to institutional, research or personal data and information on the University network; and
  • Protect computer system and network integrity at UNC Charlotte, and specifically, to protect University computing resources from:  
    • Unauthorized access to University resources and/or information;
    • Unintended and/or unauthorized disclosure of University information; and
    • Denial of Service attacks.  

Threats to the University Network 

The University network is scanned every day from the Internet.  Much of this scanning is done to determine the number and location of potentially vulnerable systems on the campus network.  UNC Charlotte computer systems have been compromised, and have been used to attack other systems on the Internet.  Denial of Service (DOS) attacks from the Internet have occurred in the past, and will most likely be attempted again in the future against University systems.   

Risks to our academic mission are most apparent. The loss or corruption of data or unauthorized disclosure of information on research and instructional computers, student records, financial systems, or any other aspect of University operations is unacceptable. The University also has a legal responsibility to secure its computers and networks from misuse. This policy allows the University to handle network security responsibly. 

The University considers any violation of Policy Statement #66, “Responsible Use of University Computing and Electronic Communication Resources,” to be a serious offense and reserves the right to test and monitor security, including copying and examining any files or information resident on University computer systems allegedly related to unacceptable use. It is the responsibility of the Office for Information and Technology Services (ITS) to take the necessary steps to provide a reliable network. 

Scope 

This Policy applies to any existing or future connection(s) to the University’s data network.

Policy

Addressing and Domain Services 

  1. Individuals, academic colleges/departments, or administrative departments at UNC Charlotte may not create or support an Internet domain hosted from the University’s network without prior approval of the ITS.
  2. ITS administers the UNC Charlotte IP address and the uncc.edu domain. ITS also manages any additional domains that support the mission of the University.  (ITS also administers all other network addressing systems at UNC Charlotte, e.g., Novell NetWare and AppleTalk.)  
  3. Technological changes and other factors may require a reconfiguration of the network resulting in a change to the network addresses assigned to University computers. ITS will give prior notice to affected users before making any changes.  

Network Connections 

  1. No UNC Charlotte departments, faculty, staff, or students may connect, or contract with an outside vendor to connect, any device or system to the University’s data networks without the prior review and approval of ITS.  
  1. Colleges or departments that wish to provide Internet or other network access to individuals or networks not directly affiliated with the University must obtain prior approval from ITS.
  1. All devices placed on the University’s network must be registered with ITS.  All authorized University network users (faculty, staff, or students) must be assigned a physical network port and network address by ITS. Network connections at public access ports are restricted to authorized members of the University community.  
  1. Physical access to University networking equipment (routers, switches, hubs, etc.) is not permitted without the prior approval of ITS.  
  1. ITS will provide a general method for network authentication to University systems.  

 External Services and Requests 

  1. ITS will take action to prevent source network address forgery (spoofing) of internal network addresses from the Internet.  ITS will also take action to protect external Internet sites from source address forgery from the University’s network.  
  1. The University’s external Internet firewall policy is to deny all external Internet traffic to the University’s network unless explicitly permitted. Access and service restrictions may be enforced by IP address and/or port number.  Proxy services may be used in conjunction with the firewall to restrict usage to authenticated individuals. This policy is designed to protect University network users from attacks launched from the Internet.  
  1. The University will identify the systems that will offer Internet services.  To facilitate this, academic colleges/departments and other administrative departments must register with ITS systems that require access from the Internet. These systems must also be protected by access control software, e.g., TCP Wrappers.  
  1. The University’s internal Internet firewall policy is to deny all internal IP traffic outbound to the Internet unless explicitly permitted.  This policy is designed to protect others on the Internet from attacks launched from the University’s network.  
  1. Some network services through standard ports are supported. However, services may be restricted to a limited number of subnets or hosts.  For example, electronic mail (e.g., SMTP, Port 25) may be sent and received only by authorized mail servers on campus. User access to the mail accounts (e.g., POP3, Port 110 and IMAP, Port 143) on these servers will be permitted from off-campus through the firewall.  
  1. Most network services through non-standard ports are not supported.  Services through non-standard ports may be restricted to a limited number of subnets or hosts.  For example, WWW access via the standard HTTP port (Port 80) will be permitted, but via some other arbitrary port number may not be permitted.  
  1. Limited encrypted tunnels for passing through the firewall to internal resources, such as X-Windows, is permitted with the prior approval of ITS. The recommended method is to use Secure Shell (SSH).  IP Multicast tunneling is not permitted.  
  1. All modem connections that allow someone from outside the University network to access the University’s network must be registered with ITS.  The University reserves the right to block any modem connections, or disconnect any computer system, that allows unauthorized access to the network.  

Network Security 

  1. In collaboration with academic and administrative departments, ITS shall identify the appropriate network security level for University systems.  These levels are, from highest to lowest: Mission-critical, Important, Normal and Low.  Efforts shall be made to protect University computer systems and review it periodically.  
  1. In coordination with administrative departments and law enforcement, ITS will investigate, or cause to be investigated, any unauthorized access to University computer systems.   
  1. Systems on the network must have adequate security installed and maintained. All systems connecting to the University network must be configured and maintained in such a manner as to prohibit unauthorized access or misuse. For example, a guest account must have a secure password.  
  1. It is the responsibility of all UNC Charlotte network users to report security problems to the appropriate system administrators or ITS for investigation.  
  1. Network usage judged appropriate by the University is permitted. Some activities deemed inappropriate include, but are not limited to:  
    • Establishing unauthorized network devices, including a router, gateway, or remote dial-in access server; or a computer set up to act like such a device.
    • Engaging in network packet sniffing or snooping.
    • Operating network servers of any sort in violation of ITS guidelines.
    • Setting up a system to appear like another authorized system on the network.
    • Other unauthorized uses prohibited by this Policy, Policy Statement #66, “Responsible Use of University Computing and Electronic Communication Resources,” or other ITS organization policies. 

Monitoring and Auditing 

  1. ITS maintains traffic logs of the firewall for security auditing purposes.  
  1. To safeguard the integrity of the University's computing and electronic communication resources, and to minimize the risks to both those resources and the end users of those resources, ITS will monitor data traffic to detect anomalous network activity and will access, retrieve, read, and/or disclose data communications when there is reasonable cause to suspect a violation of applicable University policy or criminal law, or when monitoring is otherwise required by law.
  1. With the permission of the system administrator or his or her superior, ITS may perform a security audit of any computer system attached to the University’s network.  ITS will provide a report after the audit is completed.    
Enforcement 
  1. Any device found to be in violation of this Policy, or found to be causing problems that may impair or disable the network in any way, is subject to immediate disconnection from the University’s network. The Data Network Services Department or other IT departments may require specific security improvements where potential security problems are identified.  
  1. Attempting to circumvent security or administrative access controls for information resources is a violation of this Policy.  Assisting someone else or requesting someone else to circumvent security or administrative access controls is also a violation of this Policy.  

Policy Management

The Chancellor is authorized to appoint an Information Technology Security Officer who shall be responsible for the enforcement, interpretation, and administration of this Policy. 
© 2004 UNC Charlotte Copyright | Privacy Statement Page Maintained By: Office of General Counsel

UNC Charlotte Home | Text Only | A-Z Index | Calendars | Search | 49er Express | Quicklinks