This policy is designed to protect the campus network and the ability of members of the Elon community to use it. The purpose of this policy is to define the standards for connecting computers, servers or other devices to the University’s network. The standards are designed to minimize the potential exposure to Elon University and our community from damages (including financial, loss of work, and loss of data) that could result from computers and servers that are not configured or maintained properly and to ensure that devices on the network are not taking actions that could adversely affect network performance.
Elon University must provide a secure network for our educational, research, instructional and administrative needs and services. An unsecured computer on the network allows denial of service attacks, viruses, Trojans, and other compromises to enter the university’s campus network, thereby affecting many computers, as well as the network’s integrity. Damages from these exploits could include the loss of sensitive and confidential data, interruption of network services and damage to critical Elon University internal systems. Universities that have experienced severe compromises have also experienced damage to their public image. Therefore, individuals who connect computers, servers, and other devices to the Elon network must follow specific standards and take specific actions.
This policy applies to all members of the Elon University community or visitors who have any device connected to the Elon University network, including, but not limited to, desktop computers, laptops, servers, wireless computers, wireless access points, specialized equipment, cameras, environmental control systems, and telephone system components. The policy also applies to anyone who has systems outside the campus network that access the campus network and resources. The policy applies to university-owned computers (including those purchased with grant funds), personally-owned or leased computers that connect to the Elon network.
3.1 Appropriate Connection Methods
You may connect devices to the campus network at appropriate connectivity points including voice/data jacks, through an approved wireless network access point, via a VPN or SSH tunnel, or through remote access mechanisms such as DSL, cable modems, and traditional modems over phone lines.
Modifications or extensions to the network can frequently cause undesired effects, including loss of connectivity. These effects are not always immediate, nor are they always located at the site of modifications. As a result, extending or modifying the Elon network must be done within Instructional & Campus Technologies published guidelines. Exceptions will be made by the Assistant Vice President for Technology for approved personnel in departments who can demonstrate competence with managing the aforementioned hardware.
3.2 Network Registration
Users of the university network may be required to authenticate when connecting a device to the network. Instructional & Campus Technologies maintains a database of unique machine identification, network address and owner for the purposes of contacting the owner of a computer when it is necessary. For example, Instructional & Campus Technologies would contact the registered owner of a computer when his or her computer has been compromised and is launching a denial of service attack or if a copyright violation notice has been issued for the IP address used by that person.
3.3 Responsibility for Security
Every computer or other device connected to the network, including a desktop computer has an associated owner (e.g. a student who has a personal computer) or caretaker (e.g. a staff member who has a computer in her office). For the sake of this policy, owners and caretakers are both referred to as owners.
Owners are responsible for ensuring that their machines meet the relevant security standards and for managing the security of the equipment and the services that run on it. Some departments may assign the responsibility for computer security and maintenance to the departmental Computing Coordinator or the Departmental Systems Administrator. Therefore, it is possible that one owner manages multiple departmental machines plus his or her own personal computer. Every owner should know who is responsible for maintaining his or her machine(s).
3.4 Security Standards
These security standards apply to all devices that connect to the Elon University network through standard university ports, through wireless services, and through home and off campus connections.
Owners must ensure that all computers and other devices capable of running anti-virus software have Elon-licensed anti-virus software (or other appropriate virus protection products) installed and running. Owners should update definition files at least once per week. See Instructional & Campus Technologies’ software site for more information.
Computer owners must install the most recent security patches on the system as soon as practical or as directed by IT Security. Where machines cannot be patched, other actions may need to be taken to secure the machine appropriately.
Computer owners of computers that contain sensitive university data should apply extra protections. IT Security in Instructional & Campus Technologies will provide consultations on request to computer owners who would like more information on further security measures. For instance, individuals who are maintaining files with Social Security information or other sensitive personal information should take extra care in managing their equipment and securing it appropriately.
3.5 Centrally-Provided Network-Based Services
Instructional & Campus Technologies, the central computing organization, is responsible for providing reliable network services for the entire campus. As such, individuals or departments may not run any service which disrupts or interferes with centrally-provided services. These services include, but are not limited to, email, DNS, DHCP, and Domain Registration. Exceptions will be made by the Assistant Vice President for Technology for approved personnel in departments who can demonstrate competence with managing the aforementioned services. Also, individuals or departments may not run any service or server which requests from an individual their Instructional & Campus Technologies maintained password.
3.6 Protection of the Network
Instructional & Campus Technologies routinely scans the Elon network, looking for vulnerabilities. By connecting a computer or device to the network, you are acknowledging that the network traffic to and from your computer may be scanned.
Instructional & Campus Technologies reserves the right to take necessary steps to contain security exposures to the University and or improper network traffic. Instructional & Campus Technologies will take action to contain devices that exhibit the behaviors indicated below, and allow normal traffic and central services to resume.
- imposing an exceptional load on a campus service?
- exhibiting a pattern of network traffic that disrupts centrally provided services?
- exhibiting a pattern of malicious network traffic associated with scanning or attacking others?
- exhibiting behavior consistent with host compromise?
Instructional & Campus Technologies reserves the right to restrict certain types of traffic coming into and across the Elon network. Instructional & Campus Technologies restricts traffic that is known to cause damage to the network or hosts on it, such as NETBIOS. Instructional & Campus Technologies also may control other types of traffic that consume too much network capacity, such as file-sharing traffic.