Secure Network Infrastructure Policy
Protection of the network infrastructure at the University of Southern Miss is necessary in order to assist the university in effectively achieving its mission of teaching, learning, research, and public service.
This policy applies to all students, staff, and others, referred to as users throughout this policy, while accessing, using, or handling the University of Southern Miss's information technology resources. In this policy, "users" include but are not limited to subcontractors, visitors, visiting scholars, potential students, research associates, grant and contract support personnel, media representatives, guest speakers, and non-university entities granted access. All "users" are required to be familiar with and comply with this policy.
- The entire infrastructure of each campus or institute will be the responsibility of the position of authority for information technology at each respective teaching site, department, or area.
- All network infrastructure components shall be maintained at a reasonable operational and secure level. Components that are older and have out-of-date revision levels are a high security risk and operate at a suboptimal level. The position of authority for information technology at the respective teaching site, department, or area shall develop a plan that meets the needs of each respective campus or institute for maintaining a reasonably modern level of these components. An equipment refresh cycle shall be developed by the position of authority for information technology in conjunction with the lead financial entity at the respective campus or institute that is in accordance with industry standards related to the end-of-life timeframes of network infrastructure components.
- This policy will cover all wiring and electronic devices from the wall outlet inward to the campus or institute core network. In addition, certain devices outside the wall-outlet-to-core region including all university subscribed services (e.g., dial-in servers, DSL, and cable modems for example) are also subject to this policy.
- Wireless networks are an important part of the network infrastructure and have specific security requirements. These requirements are to be defined in the UNIVERSITY OF SOUTHERN MISS INFORMATION TECHNOLOGY SECURE WIRELESS POLICY (under development).
- A customized network infrastructure plan that defines technical, operational, and security elements will be presented, maintained, and updated prior to each major upgrade of the network infrastructure. This plan will serve as the blueprint for planning and budget purposes.
- A disaster recovery and emergency response plan shall be in place for all critical elements of the network infrastructure for each campus or institute. The development of the plan shall include input from the information custodians and the lead financial entities at each campus or institute.
- This policy applies to all planning for facility construction projects involving network infrastructure components, whether new facilities or remodeling of existing facilities. The position of authority for information technology at the respective campus or institute shall be consulted concerning specific network infrastructure requirements in all cases.
3.1 Network Wiring
- Due to the sensitive nature of the wiring required for information technology, installation, and maintenance of all wiring is the sole responsibility of the information technology entity at each respective campus or institute. Wiring will not be installed by divisional faculty, staff, or students. Wiring will not be installed by third party contractors hired by a unit without the express consent of, and under the direct supervision of, the position of authority for information technology at each respective campus or institute.
- For all existing data communication closets, use of this space must be dedicated to data communications, monitoring, telephone equipment, and electrical panels (when they are already installed) given the critical nature and physical security protection requirements of the equipment located in this space. The space must not be used for housekeeping, storage space, or for any other use. Dedicated, secure communications closets are critical to the physical security of the campus or institute network.
- Locks will be unique for data communications closets to discourage other use of this space and to discourage unauthorized personnel from making wiring changes.
- It is the responsibility of the teaching site, college, or department to provide appropriate space for the data communications closet in the design for any new building and renovations of existing facilities.
- All new wiring installations, including those involved in renovation of building(s), must adhere to low voltage industry standards as specified in the wiring standards and practices including, but not limited to, those shown in the Southern Miss Cabling Standards document.
3.2 Monitoring, Maintenance, and Repair of Defective Components
- The position of authority for information technology at each respective teaching site, department, or area will monitor all active network infrastructure components. This will allow for quick problem detection and repair or replacement of failing devices as well as review of potential security incidents. This also includes the monitoring and removal of any and all non-approved equipment that is inappropriately connected to the Southern Miss network and the unauthorized use of University resources (i.e. network bandwidth, electricity, etc).
- After-hours access to data communications closets must be provided to selected information technology personnel so that failing components can be quickly repaired or replaced and/or resolution of security incidents can be expedited.
- A defined plan created by the position of authority for information technology at each teaching site, department, or area for spare components shall be in place for all critical components of the network infrastructure.
- All network infrastructure devices shall be maintained at the most recent stable code levels that provide the highest required level of security. The position of authority for information technology at the respective campus or institute shall be consulted if assistance is required to determine the appropriate code level for infrastructure devices.
- There shall be a pre-determined maintenance window established for all network infrastructure devices that provides sufficient time on a regular basis to maintain the hardware and software updates
3.3 Related Services
- The position of authority for information technology at the respective campus or institute will control IP address management at each respective campus or institute. This will be done via a Dynamic Host Configuration Protocol (DHCP) with static Internet Protocol (IP) addresses assigned as necessary.
- The position of authority for information technology at the respective campus or institute will control Domain Name System (DNS) management at each respective campus or institute.
- The position of authority for information technology at the respective campus or institute will try to accommodate all requests for special network topologies that are needed for research, teaching, or service.
3.4 Network Infrastructure Device Control
- All network infrastructure devices shall have logging capabilities enabled to record all access attempts, both successful and unsuccessful.
- All network infrastructure devices shall have a secure password methodology for access. All network infrastructure devices must be designed, tested, and controlled to prevent the retrieval of stored passwords.
- All network infrastructure devices shall be restricted to secure communications protocols for administrative and/or maintenance access. In cases where insecure protocols must be used, compensating controls must be in place and documented. The position of authority for information technology at the respective campus or institute or the Information Security Officer shall be consulted if assistance is required to determine the appropriate compensating controls for access to infrastructure devices.
- All back-ups for network infrastructure devices must be secured at the same level as the primary device.
4.1 Faculty, Staff, and Students
Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion, and/or termination of employment in accordance with procedures defined by USM administrative policies stated in the handbook governing that individual.
5.2 External Entities
Any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.
- Position of authority for information technology – Office of the CIO and or the CIO’s delegate.
- 04/23/08: Posted to website.
- 09/04/08: Added hyperlink to 'CablingStdsv1.doc'.