Policy Name: Network Service
Policy Number: IS PS0010
Effective Date: July 23, 2007
Review Date: January 29, 2013
Last Revision Date: January 29, 2013
Last Revision By: Kim Adams
Contact Name: Matthew H. Witten
Contact Email: ISOPolicy@louisville.edu
Approved By: Compliance Oversight Council
The University will provide the required infrastructure for enterprise-wide
local area network services, (including wireless) and connections to the
internet, internet-2 and other external networks to further the mission of
The Information Technology division is responsible for the provision and
management of enterprise-wide local area network services, including wireless
networks. All connections to the network must be via university approved
mechanisms. Only authorized Information Technology staff may install, manage
or change the network infrastructure including but not limited to enterprise
servers, routers, switches and telecommunications equipment as well as access
to these devices.
Network Configuration Authority and Requirements
(To help maintain the integrity, security, availability and necessary resources
of the university network):
Information Technology provides all network address assignments.
Unauthorized university network installations or modifications will not receive
IP addresses for computing devices on the unauthorized network. Such devices
will be physically disconnected from the university network and the device's
IP and/or MAC addresses will be blocked from university network access.
Note: This includes wireless networks not connected to the university's
enterprise network and/or private network devices operating within university
facilities or university campuses.
- All internal network devices including but not limited to routers, firewalls and access control servers, have unique passwords and other appropriate access control mechanisms. Demilitarized zones (DMZs) will be utilized to secure the internal network from external channels.
- All perimeter network devices within the university network are configured to meet hardening guidelines and to deny unnecessary services, connections and untrusted networks.
- An inventory of all connections to external voice and data networks and direct connectivity to all non-university entities or untrusted networks is maintained.
- Internal information system addresses, configurations, products and design information is restricted so that it is not accessible to unauthorized internal or external users.
- Non-standard, business required modification to network perimeter devices is the responsibility of university IT and requires review and assessment of risk defining any alternative controls to implement.
Faculty, staff and administrators with university LAN accounts usually receive
secure personal drive space accessed via the LAN for individual use (commonly
called the "H" drive).
The university enterprise network drives also include the "I" drive shared
storage area. Space in this area is used by departments and for shared data
and is allocated by academic or administrative unit. Account holders have
read/write access to sub directories as appropriate.
Monitoring/Altering Network Traffic
Users are expected to use end user applications such as network drive access,
email and similar programs, as they are intended to be used on the university
network. Scanning of the network, "packet sniffing", packet
interception/copying/decryption and any other means of reading, altering,
or otherwise monitoring and/or changing network communications is forbidden
without specific approval in writing from both the Information Security Officer
and Information Technology.
The University reserves the right to analyze network traffic at any time
deemed necessary by either manual or automated means. For example, the University
may specifically monitor network traffic if instructed by legal authorities
or for the purpose of assessing system integrity, performance, management
or possible policy violations. Network audit logs may record the following: packet origination, date/time, source and destination, path, protocol and port and/or other packet monitoring for suspicious activity.
- The use of utility programs capable of overriding system and application controls is restricted to authorized technical support only.
Guest/Temporary Network Use
Guest access to the wired network requires faculty, staff or administrator
account sponsorship. See IS PS007 User Accounts and
Acceptable Use for more details.
Limited guest access to the wireless network is available for visitors of
the university and may be requested by faculty or staff. Guest access will
expire after one week.
All enterprise level authentication requirements external to an application
must be configured to use the university's enterprise directory services.
(Note: This also allows easier configuration of single sign-on abilities).
A wireless adapter card that fully supports 802.1x is required to access
The university's voice networking (Voice Over Internet Protocol - VOIP) provided
by Information Technology is based on FCC standards and specifications. This
consists of the telecommunications services, dial tones, telecommunications
equipment, and specialized circuitry. All VOIP connections are maintained
and provisioned by the IT Division.
SCOPE / APPLICABILITY:
All persons while conducting/performing work, teaching, research or study
activity or otherwise using university resources. Scope/Applicability also
includes all facilities, property, data and equipment owned, leased and/or
maintained by the university or affiliates.
POLICY AUTHORITY / ENFORCEMENT:
The university's Information Security Officer (ISO) is responsible for the
development, modification, publication and oversight of these policies and standards. The ISO works
in conjunction with university leadership, Information Technology, Audit
Services and others for development, monitoring and enforcement of these
policies and standards.
This policy will be reviewed annually to determine if the policy addresses university risk exposure and is in compliance
with the applicable security regulations and university direction. In the
event that significant regulatory changes occur, this policy will be reviewed
and updated as needed per the policy management process.
Failure to comply with these policies and standards and/or any related
information security and/or information technology policy, standard or procedure
may result in disciplinary action up to and including termination of employment,
services or relationship with the University and/or action in accordance
with local ordinances, state or federal laws.
Version / Revision Date / Description
1.0 / July 23, 2007 / Original Publication
1.1 / August 19, 2011 / Link change in wireless section
1.2 / January 29, 2013 / Content Update
This policy is subject to change or termination by the University at any
time. This policy SUPERSEDES all prior policies, procedures or advisories
pertaining to the same subject.
Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair
of the Compliance Oversight Council