SECURE NETWORK INFRASTRUCTURE POLICY
Protection of the network infrastructure at the University of Southern Miss is necessary in order to assist the university in effectively achieving its mission of teaching, learning, research, and public service.
Reason for Policy/Purpose
This policy is required for the effective communication of university policies that protect the network infrastructure.
Who Needs to Know This Policy
All users of The University of Southern Mississippi information technology resources.
Website Address for this Policy
1.0 All "users" are required to be familiar with and comply with this policy.
2.1 The entire infrastructure of each campus or institute will be the responsibility of the position of authority for information technology at each respective teaching site, department, or area.
2.2 All network infrastructure components shall be maintained at a reasonable operational and secure level. Components that are older and have out-of-date revision levels are a high security risk and operate at a suboptimal level. The position of authority for information technology at the respective teaching site, department, or area shall develop a plan that meets the needs of each respective campus or institute for maintaining a reasonably modern level of these components. An equipment refresh cycle shall be developed by the position of authority for information technology in conjunction with the lead financial entity at the respective campus or institute that is in accordance with industry standards related to the end-of-life timeframes of network infrastructure components.
2.3 This policy will cover all wiring and electronic devices from the wall outlet inward to the campus or institute core network. In addition, certain devices outside the wall-outlet-to-core region including all university subscribed services (e.g., dial-in servers, DSL, and cable modems for example) are also subject to this policy.
2.4 Wireless networks are an important part of the network infrastructure and have specific security requirements. These requirements are to be defined in the UNIVERSITY OF SOUTHERN MISS INFORMATION TECHNOLOGY WIRELESS POLICY (www.usm.edu/institutional-policies/policy-acaf-it-023).
2.5 A customized network infrastructure plan that defines technical, operational, and security elements will be presented, maintained, and updated prior to each major upgrade of the network infrastructure. This plan will serve as the blueprint for planning and budget purposes.
2.6 A disaster recovery and emergency response plan shall be in place for all critical elements of the network infrastructure for each campus or institute. The development of the plan shall include input from the information custodians and the lead financial entities at each campus or institute.
2.7 This policy applies to all planning for facility construction projects involving network infrastructure components, whether new facilities or remodeling of existing facilities. The position of authority for information technology at the respective campus or institute shall be consulted concerning specific network infrastructure requirements in all cases.
3.0 NETWORK WIRING
3.1 Due to the sensitive nature of the wiring required for information technology, installation, and maintenance of all wiring is the sole responsibility of the information technology entity at each respective campus or institute. Wiring will not be installed by divisional faculty, staff, or students. Wiring will not be installed by third party contractors hired by a unit without the express consent of, and under the direct supervision of, the position of authority for information technology at each respective campus or institute.
3.2 For all existing data communication closets, use of this space must be dedicated to data communications, monitoring, telephone equipment and electrical panels (when they are already installed) given the critical nature and physical security protection requirements of the equipment located in this space. The space must not be used for housekeeping, storage space, or for any other use. Dedicated, secure communications closets are critical to the physical security of the campus or institute network.
3.3 Locks will be unique for data communications closets to discourage other use of this space and to discourage unauthorized personnel from making wiring changes.
3.4 It is the responsibility of the teaching site, college, or department to provide appropriate space for the data communications closet in the design for any new building and renovations of existing facilities.
3.5 All new wiring installations, including those involved in renovation of building(s), must adhere to low voltage industry standards as specified in the wiring standards and practices including, but not limited to, those shown in the Southern Miss Cabling Standards document.
4.0 MONITORING, MAINTENANCE, AND REPAIR OF DEFECTIVE COMPONENTS
4.1 The position of authority for information technology at each respective teaching site, department, or area will monitor all active network infrastructure components. This will allow for quick problem detection and repair or replacement of failing devices as well as review of potential security incidents. This also includes the monitoring and removal of any and all non-approved equipment that is inappropriately connected to the Southern Miss network and the unauthorized use of University resources (i.e. network bandwidth, electricity, etc).
4.2 After-hours access to data communications closets must be provided to selected information technology personnel so that failing components can be quickly repaired or replaced and/or resolution of security incidents can be expedited. A defined plan created by the position of authority for information technology at each teaching site, department, or area for spare components shall be in place for all critical components of the network infrastructure.
4.3 All network infrastructure devices shall be maintained at the most recent stable code levels that provide the highest required level of security. The position of authority for information technology at the respective campus or institute shall be consulted if assistance is required to determine the appropriate code level for infrastructure devices.
4.4 There shall be a pre-determined maintenance window established for all network infrastructure devices that provides sufficient time on a regular basis to maintain the hardware and software updates.
5.0 RELATED SERVICES
5.1 The university iTech will control IP address management. This will be done via a Dynamic Host Configuration Protocol (DHCP) with static Internet Protocol (IP) addresses assigned as necessary.
5.2 The university iTech will control Domain Name System (DNS) management.
5.3 The university iTech will try to accommodate all requests for special network topologies that are needed for research, teaching or service.
6.0 NETWORK INFRASTRUCTURE DEVICE CONTROL
6.1 All network infrastructure devices shall have logging capabilities enabled to record all access attempts, both successful and unsuccessful.
6.2 All network infrastructure devices shall have a secure password methodology for access. All network infrastructure devices must be designed, tested and controlled to prevent the retrieval of stored passwords.
6.3 All network infrastructure devices shall be restricted to secure communications protocols for administrative and/or maintenance access. In cases where insecure protocols must be used, compensating controls must be in place and documented. The Technology Security Officer shall be consulted if assistance is required to determine the appropriate compensating controls for access to infrastructure devices.
6.4 All back-ups for network infrastructure devices must be secured at the same level as the primary device.
7.1 Faculty, Staff, and Students: Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion, and/or termination of employment in accordance with procedures defined by USM administrative policies stated in the handbook governing that individual.
7.2 External Entities: Any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.
The Chief Information Officer is responsible for the review of this policy every four years (or whenever circumstances require immediate review).
Southern Miss Cabling Standards document
Amendments: Month, Day, Year – summary of changes
APPENDIX: USM CABLING STANDARDS
THE UNIVERSITY OF SOUTHERN MISSISSIPPI
CABLING STANDARDS 8
A. General 9
B. Instructions 10
C. Communication/Data Closets’ General Description 11
D. Grounding: 12
E. Equipment Listing and Specifications: 12
1. Fire code compliance 12
2 Wireless Network Access 12
3. System components shall be the following part numbers. 13
F. Wiring Schedule - FIPS pub standard 568B 14
1. RJ-45 modular data jack 14
G. Installation Guidelines and Documentation 14
1. Cable Routing 14
2. As-built documentation 16
3. EMI sources 16
4. Fire stopping 16
H. Certification, Testing, and Acceptance 18
1. Twisted pair media 18
2. Warranty 18
3. Acceptance by Owner 18
I Figures 19
1 Typical Work Area Outlet 19
2 Typical MDF Equipment Rack design 19
3 Typical IDF Equipment Rack design 20
4 Typical office space cabling design 21
5 Typical class room cabling design 22
6 Typical conference room cabling design 23
7 Typical Computer Lab Equipment Rack design 24
8 Typical Computer Lab cabling design 25
1. These specifications describe the minimum requirements that must be met by the data contractor for all work as specified hereunder for the furnishing and installation of the Computer and Data Cabling System left in ready condition for equipment installation.
Applicable requirements listed under paragraphs title “Raceways and Fittings” and “Boxes and Fittings” shall apply and are available at the University’s Physical Plant Department. Scope of work required for Data Cable Installation by the Data Contractor:
1. Verify telephone and computer requirements with USM itech planning department before installation. Assume responsibility for failure to do so. Report any recommendation for changes to USM itech planning department.
2. Conduit with cable, cable tray system with cable, J-Hook systems with cable, bushings, boxes, backboards, plates, jacks, patch panels, cable management, shelving frames, hardware and terminations per these specifications and as shown on the drawings.
3. Backboards sized as shown on the drawings of 3/4" fire retardant plywood long dimension vertical and painted with two (2) coats on all Six sides of good quality white fire retardant paint. Backboard assemblies shall be fire retardant. Each backboard shall have duplex emergency receptacle properly located and connected to dedicated circuit. Entire communication room walls shall be covered with backboards as noted above.
4. Each backboard or rack shall have a #6 solid, insulated wire installed. Ground wire shall originate from the service equipment ground and shall be installed in 3/4" conduit. Bond conduit to grounding conductor at all wire exit points and install bushing. Bonding conductor may be installed from backboard to backboard.
5. Provide main distribution frame (MDF) and intermediate distribution frame (IDF) for equipment and wiring in riser closets for Data Structured Cabling System.
6. No UTP data cables shall be longer than 90 meters from the MDF or IDF to the workstation.
7. Coordinate rack layouts in MDF and IDF with the iTech planning department.
8. All station cables to have a minimum of 25 feet of slack at MDF or IDF measured from point of entrance. Included in termination, 8ft of slack should be left in MDF or IDF. Slack storage shall be in ceiling with service loops in ceiling above, if not applicable then in overhead ladder rack in a standard and organized manner.
9. All cables shall be plenum rated. Specifications are outlined in section 3 of this document.
10. Provide 2 each Category 6 augment Green patch cords for each data station (one at workstation and one in MDF or IDF), one shall be 4 feet long and the other shall be 7 feet long.
11. Category 6 UTP terminates into a Cat 6 augment patch panel, in each MDF and IDF. Terminations made with a Krone Punchdown. Patch panels shall be provided to accommodate each data wire in groups of 24, or 48. High density panels shall be used as noted on project drawings and in section 3 of this document.
12. Provide a minimum of two cable drops per room, both drops wired with 2-Cat 6 augment cables each.
13. Terminate both ends of Fiber cable as directed by the USM iTech group.
14. Terminate both ends of Telephone cable as directed by the USM iTech group.
C. Communication/Data Closets’ General Description
1. There are two types of communication closets: the Main Distribution Frame (MDF), and the Intermediate Distribution Frame (IDF).
2. The MDF contains data wiring, riser fiber, data communication, equipment and associated hardware.
3. The MDF shall also meet the requirements of an IDF.
a. The MDF and IDF shall be provided with the following:
(1) All hardware, electronics, riser connections, and rack layouts will be shown on drawings. Part numbers and descriptions listed in section 3 of this document.
4. Workstation Requirements:
a. Each workstation cable shall be numbered and identified on both ends of the cable run with a numbering scheme that will be provided on the as built documentation to the iTech planning group. Each outlet and associated connection at the patch panel shall be uniquely identified on the face of the outlet plate and patch panel with a scheme that shall be provided by USM iTech group.
b. Cables from the MDF or IDF to outlets shall be run continuous with no splices.
c. Each outlet box for data workstations shall be a deep box.
d. All data and phone wire shall terminate at a patch panel.
e. All metal plates, boxes, and raceways, etc., shall be grounded.
f. Faceplate style shall be determined by project. It will be the contractors responsibility to determine the project requirements.
1. Ground all systems and equipment in accordance with the N.E.C.
2. All ground connection in the MDF room and IDF rooms shall be made to the ground bar. The ground bars shall be interconnected to each other with #6 AWG and directly connected to the Main Service ground.
3. Grounding of all communications cable shield shall be in the MDF room.
4. Any wire used for grounding shall not be less than #6 AWG and insulated.
5. All metal panels, enclosures, boxes, racks, raceways, etc., in the MDF room shall be grounded.
6. The MDF and IDF shall each have four dedicated 20A, 120V electrical outlets on separate circuits to accommodate the above requirements. Other room convenience outlets shall be located at 6 foot intervals around the room.
E. Equipment Listing and Specifications:
1. Fire code compliance
All cabling installed in the riser or horizontal shall be of FRD construction and otherwise meet or exceed all local wire codes.
All connectors, wiring components, and equipment to be mounted in ceiling air spaces shall meet and be installed in conformance with local codes.
2 Wireless Network Access
Inclusion of Wireless technology into a building redesign plan will require a certified wireless site survey to be completed. The design submitted from the survey will outline the access point locations, equipment, and labor to fulfill the project design requirements. If this is a new construction project the AP locations will be determined from the University’s IT staff.
3. System components shall be the following part numbers.
Description Part #
23-4P UTP-CMP SOL BC CAT6 10Gig FEP/FRPVC Green Jacket CMP-00424KRO-10T-04
KRONE 2 Port Faceplate, 6644-1-152-01
KRONE CAT6 10GIG KM8 Modular Jack, Green 6830-1-835-04
KRONE 24-patch panel CAT6 10Gig Copperten TPMNP-24NC10BK
Krone RJ45 to RJ45, CAT6 10Gig Copperten Green (4 ft.) 6645-2-845-04
Krone RJ45 to RJ45, CAT6 10Gig Copperten Green (7 ft.) 6645-2-845-07
23-4P UTP-CMP SOL BC CAT6 10Gig FEP/FRPVC Green Jacket CMP-00424KRO-10T-04
KRONE 2 Port Faceplate, 6644-1-152-01
Krone 50-pr disconnect Block 6652-1-880-10
KRONE CAT6 10GIG KM8 Modular Jack, Green 6830-1-835-04
48 port high density telco patch panel OR-808004042
MISALAINIOUS EQUIPMENT -
Chadsworth 19”x84” Black Rack 55053-703
CPI Vertical Cable Mgt (side) CPI 14830-703
CPI Horizontal Cable Mgt. CPI 30530-719
Panduit Velcro 15’ roll Black HLS-15R0
Erico J-hook CAT21
Erico J-hook CAT32
Erico J-hook CAT425
Erico J-hook CAT214Z34-EA
(Tripplite Model 1400RM or comparable).
Cisco AP1131 Wireless AP AIR-AP1131AG-A-K9
Cisco 6504 WS-C6504-E
Cisco 3750-48TS-S WS-C3750-48-TS-S
******6504 configuration needs to be provided in document prior to bid and are available upon request during bid process through iTech**********
Prior approval submittals
F. Wiring Schedule - FIPS pub standard 568B
All wiring shall conform to the schedule shown in the following section.
1. RJ-45 modular data jack
Eight (8) contact modular jacks (RJ-45) shall be utilized for all data circuits wired as follows:
Contact 1 2 3 4 5 6 7 8
Conductor T2 R2 T3 R1 T1 R3 T4 R4
G. Installation Guidelines and Documentation
1. Cable Routing
Cable runs shall be through common use areas (i.e., corridors, atriums, etc.) not through offices, closets or areas that cause undue disruption to personnel or clients. In the event this is not possible, deviations from these areas shall be first reviewed with the USM iTech Planning group. Cabling shall enter and exit the run areas at 90 degree angles.
Cable runs shall be in raceways (conduit, cable trays, or J-hooks depending on project plan).
All cable runs shall run parallel or perpendicular to corridors to preserve neatness and to minimize interference with structures mounted above the drop ceilings. Corridor crossovers shall be minimized.
All cables run above drop ceilings shall be installed such that they are supported up off of ceiling tiles, using saddle bags, J-Hooks, or conduit.
Cables with service loops or additional length specified shall be coiled from 300% to 600% of their recommended minimum bend radius, the coil wire tied, and the tied coil attached to support. When a coil shall be comprised of cables of more than one virtual channel of communications, then each loop of the coil shall be of varying diameters to ensure there is no inductance of signals from one channel to its neighbor.
Cables shall terminate to the patch panels in such a manner that there is logical progression through the patch panel(s) of ports representing adjacent offices or wall plate locations. This is to ensure that wall plate locations are not randomly scattered across the field.
Cable runs shall be free of tension at both ends as well as over the length of the run.
Cable runs shall be free from bridges, taps, or splices from the user interface (wall plate) to the Distribution Frame.
No cable shall be run exposed.
Cables shall be secured with detachable Velcro straps and should be loosely attached and at random intervals. Maintain a maximum bend radius of four times the circle diameter, but never exceed 90 degree turn. Do not staple, do not exceed 25 pounds feet when pulling cable bundles.
Cabling Trunk systems shall be constructed out of unistrut and all thread. A demo of the unit is available in Forrest County Hall room 207D. Diagram of proposed trunk layout is provided in the project drawings. Part specifics are listed in section 3 of this document. Any deviation from this design must have the signed approval from the USM iTech group.
J-Hooks will be used to enter each room to deliver the cable drop to its specific location. This solution will enter a room on the immediate right hand side and will follow the wall counter clock wise dropping off each drop at its specific location. Diagram of proposed j-hook design is provided in the project drawings. The part specifics are listed in section 3 of this document. Any deviation from this design must have the signed approval from the iTech project management owner.
2. As-built documentation
The wiring contractor shall provide the following as built documentation, within 30 days of completion and before final payment:
a. Floor plans with cable numbering to each workstation location and cable runs.
b. Frame layout with one-line type drawing of entire system.
c. patch panel cut-sheet hard copy and preferably a database (PC compatible).
d. Cross-connection log hard copy and preferably a database (PC compatible).
e. Cable Certification Test results.
3. EMI sources
Cable shall be routed such as to maintain the following minimum distances from power sources:
6 inches from power lines of 2 KVA or less
12 inches from high voltage lighting (including fluorescent)
36 inches from power lines of 5 KVA or greater
40 inches from transformers and motors
4. Fire stopping
Whenever and wherever it is necessary to pass through a fire-wall or between floors, all such pathways shall be sleeved and fire stopped using Nelson FSP Fire stop Putty or equivalent to reduce the possibility of the spread of fire and smoke. Any equivalent material must be of such composition as to allow it to be removed for the placement of additional conductors and then be replaced in sleeved area to resist the spread of fire. In the case than any cable installation through a breached firewall or floor is to be left incomplete for a period of more than 8 hours then the pathway must be temporarily fire stopped using Nelson PLW Fire stop Pillow or equivalent.
All horizontal UTP wiring and fiber optic wiring shall be run in conduit, cable tray and in combination with J-Hooks.
In an effort to develop an intelligent number system by which the horizontal cabling may be easily identified, each cable, wall plate, and patch panel and/or punch block shall be marked with a designation developed to the following or similar formula:
DF# - Group - Channel
DF# is the Distribution Frame the cable connects to
Group is represented in each frame, by patch panel
Channel reflects the port number on a group
H. Certification, Testing, and Acceptance
1. Twisted pair media
All tests shall be conducted after all wiring and connectors are terminated form workstation location to equipment room. Installer shall notify Owner at least 5 days prior to beginning testing.
After installation, all horizontal channels shall be tested for continuity, channel documentation, and correct sequence. Contractor shall certify, by letter, a 100% test. Before acceptance, Owner, or a third party of their choice, will test a number of channels not to exceed 5% and expect 100% correct operation. If any channel fails, the contractor will retest that IDF 100% and remedy any problems. Any cable that does not pass the designated tests will be re-terminated (or replaced) and retested.
Wiring configuration shall be tested for continuity, opens, shorts, swaps, and correct pin configuration. The following tests shall be conducted on each Category 6 circuit: dc loop resistance shall be measured. Cable length shall be verified with a device manufactured for that purpose. Mutual capacitance shall be verified on a worst case basis. Characteristic impedance shall be verified from 1 MHZ to 250 MHZ for Category 6 cable. Attenuation shall be verified from 1MHZ to 600 MHZ for Category 6 cable. Near end crosstalk shall be verified from each end of the complete circuit for all pair combinations in the range of 1MHZ to 600 MHZ for Category 6 cable. For Category 6 cable, performance limits shall meet the requirements of EIA 568B-2. Cable shall be terminated, tested and certified by ADC certified installers. Tests for attenuation, NEXT, ARC, distance, link, wire map and independence will be provided in two bound and indexed sets of hard copies for review and on CD in standard format.
All passive cabling, components, and workmanship shall be warranted for a period of not less than twenty (10) years from the data of Owner acceptance. Installer of cabling system shall be certified to the manufacturer issuing the warranty.
3. Acceptance by Owner
No payment will be made until acceptance is granted by the iTech planning department.
1 Typical Work Area Outlet
2 Typical MDF Equipment Rack design
3 Typical IDF Equipment Rack design
4 Typical office space cabling design
5 Typical class room cabling design
6 Typical conference room cabling design
7 Typical Computer Lab Equipment Rack design
8 Typical Computer Lab cabling design
- END OF SECTION USM Cabling standards -