Network Attached Devices and Systems Guidelines
Purpose
| Scope of Coverage | Guidelines
| Practice | Responsibility
for Implementation
1.0 Purpose
The purpose of these guidelines is to ensure
the integrity and security of the enterprise network by managing
devices connected to the network. These guidelines are approved
by the President’s Cabinet.
2.0 Scope of coverage
These guidelines cover all organizational units, individual employees,
and students.
3.0 Guidelines
In order to ensure the integrity and security
of the enterprise network, the Information and Communications Technology
Division is charged with managing devices connected to the enterprise
network.
3.1 Devices permitted without prior approval
Departments may connect an end user computing
device to the network without prior approval. An end-user computing
device is defined as a computer workstation running either the Windows
or Macintosh Operating System for the general computing use of an
individual. Hewlett-Packard (HP) branded network- connected printers
are also approved end-user devices. However, for security reasons,
HP network printers must be installed by either a college technology
specialist, divisional technology specialist, or the ICT Helpdesk
to ensure proper security configuration. Although approval is not
required, some connections may require additional setup, which can
only be done by ICT staff, such as network outlet activation completed
in the communications closet. Departments may contact the ICT Helpdesk
for assistance in connecting end-user devices. Other devices are
not permitted without prior approval from the Information and Communications
Technology Division.
3.2 Devices that require prior approval
Devices connected to the campus enterprise
network that are not compatible with the network or that are improperly
configured present serious network performance and security implications.
Almost all network attached devices present serious security concerns
if not properly configured and managed. Some devices present security
implications that could leave the institution legally liable or
in violation of our Internet Service Provider’s Acceptable
Use Policy. In order to reduce these risks, these devices require
prior approval before being connected to the campus enterprise network:
3.2.1 Wireless hubs, switches, routers and gateways
In addition to increasing the load on a network segment, these products
allow possible anonymous use of the network. ICT must be involved
to ensure both network compatibility and compliance with acceptable
use and service provider policies.
3.2.2 Network hubs, switches, gateways, routers
Ultimate responsibility for the connection
to EMU’s enterprise network rests with ICT. As such, devices
such as these – which may impact the topology and performance
of the network – must be configured to meet established standards
(and examined for possible accommodation of changes elsewhere) prior
to installation.
3.2.3 Servers or systems that utilize the campus network
Unless properly secured, any service accessible
over the network is vulnerable both to intentional attacks and automated
ones generated by viruses and worms. Systems and devices that may
offer services over the network must be examined by ICT prior to
establishing a network connection. In addition, systems and devices
offering services via the Internet are required to register with
ICT to prevent virtual disconnection via a firewall.
3.2.4 Devices that use network protocols other than TCP/IP
The enterprise network is optimized for transporting
TCP/IP only. Devices that use other protocols will require ICT’s
attention to determine if accommodating changes to the network need
to occur, or if the device needs to be modified or replaced to support
TCP/IP.
3.2.5 Any device or system that may significantly increase data
traffic on the enterprise network.
3.2.6 Other devices not meeting the definition of an end-user
device defined in section 3.1 above.
4.0 Practice
Departments or individuals may request approval to connect devices
specified in section 3.2 by sending a memo to: Director of Networking,
Information and Communication Technology Division, 127 Pray-Harrold.
The memo should detail the brand, model and version number (if relevant)
of the device or system, the purpose of the device or system, and
the person responsible for the device or system. Depending on the
device, ICT may have additional requirements that must be met, including
but not limited to any of the following: an initial examination
of the device or system (to include network impact, security assessment,
as well as physical environment requirements), administrative access
by ICT to the device, a list of users that will have administrative
access, and registration with ICT of the network address and services
offered by the device.
Devices connected to the network, after the issuance of these guidelines,
listed in section 3.2 above that have not received prior approval
will be disconnected from the network. Violations will be reported
to the Chief Information Officer and the Division Leader responsible
for the infringing department or individual. Infringements by students
will be handled according to University disciplinary policies and
procedures.
Devices installed prior to the issuance of these guidelines are
covered; however, ICT will work with administrators of those pre-existing
devices or systems on a case-by-case basis to ensure compliance
in a smooth and orderly fashion. Unless a serious security threat
is encountered, pre-existing devices will not be automatically disconnected
under these guidelines without prior discussion of the problem with
the administrator of the system or device.
5.0 Responsibility for Implementation
The Chief Information Officer or his/her designate are responsible
for implementation of these guidelines.
Questions about this site should be referred
to the director of Web Communications.
Standards Guide Home Page
|
