Information Technology Policies and Procedures
Computer Lab Security Policy
This policy establishes University Information Technology Network Information Security requirements for the University Computer Labs, to ensure that confidential information and technologies are not compromised, and to ensure that production Services and other University interests are protected from University computer lab activities.
This policy applies to all University Computer Labs, as well as all Authorized Users who use the University Computer Labs. All existing and future equipment, which falls under the scope of this policy, must be configured in accordance with the following requirements.
- University Computer Lab operational groups are composed of faculty and staff members designated as managers of one or more computer labs. An operational group may consist of members from several departments.
- University Computer Lab operational groups are responsible for assigning lab managers, a point of contact (POC), and a back-up POC for each lab. University Computer Lab owners must maintain current POC information with the Information Technology Services department.
- University Computer Lab managers are responsible for the Security of their labs and the labs’ impact on the University Information Technology Network and non-University Networks.
- University Computer Lab managers are responsible for assuring the labs’ and Authorized Users’ compliance with all University Security policies. The following policies are particularly important: Acceptable Use Policy, Password Policy, Wireless Security Policy, Anti-Virus Policy, and Physical Security Policy. Where policies and procedures lack specificity, lab managers must do their best to safeguard the University from security Vulnerabilities.
- University Computer Lab managers are responsible for controlling lab access. Access to any given lab will only be granted by the lab manager or authorized designee.
- The Information Technology Services Department must maintain a Firewall device between the University Information Technology Network and all lab equipment.
- The Information Technology Services Department and Information Security personnel have the right to interrupt lab connections that negatively impact the University Information Technology Network.
- All lab Internet Protocol (IP) addresses are recorded by the Information Technology Services department. These IP addresses, which are routed within the University Information Technology Network, are stored in a University Address Management System along with current contact information for that lab.
- Any University Computer Lab operational group that desires additional external connections to other Network segments must provide a diagram and documentation to appropriate Information Security personnel with a business justification, the equipment, and the IP address space information. Information Security personnel will review the provided documentation for Security concerns, and must approve the implementation of such connections.
- All Authorized User passwords must comply with the University's Password Policy documentation.
- No University lab shall provide production Services. These must be managed by the Information Technology Services department.
General Configuration Requirements
- All traffic between the University Information Technology Network and the University Computer Lab Networks must go through a Firewall maintained by the Information Technology Services department. University Computer Lab Networks, wireless or physical, must not circumvent the Firewall.
- Original Firewall configurations and any changes to them must be reviewed and approved by appropriate Information Security personnel. Security improvements are requested by Information Security personnel as needed.
- Authorized Users utilizing University Computer Labs are prohibited from engaging in port Scanning, Network Auto-Discovery, Traffic Flooding, and other similar activities that negatively impact the University Information Technology Network or non-University Networks.
- Traffic between the University Information Technology Network and the University Computer Lab Networks is permitted based on business needs, as long as the traffic does not negatively impact other Networks. Authorized Users utilizing University Computer Labs must not advertise Network Services that may compromise the University Information Technology Network or put confidential information at risk.
- Information Security personnel have the right to audit University Computer Lab-related data and administration processes at any time, including, but not limited to: in-bound and out-bound packets, Firewalls, Network peripherals. etc.
- Network devices within University Computer Labs must comply with all University product Security advisories and must be authenticated against University-provided authentication servers.
- The “enable” password for all University Computer Lab Network devices must be different from all other equipment passwords in such lab. The password must comply with the University's Password Policy, and must only be provided to those Authorized Users who are authorized to administer the University Computer Lab Network.
- In University Computer Labs where non- University personnel have physical access (e.g., training labs), direct connectivity to the University Information Technology Network is not allowed. Additionally, no Authorized User may enter confidential information into nor permit such confidential information to reside on any information technology resources in University Computer Labs. Connectivity for authorized personnel from University Computer Labs can be allowed to the University Information Technology Network only if authenticated against University-provided authentication servers, temporary access lists (lock and key), Secure Shell (SSH), Virtual Private Networks (VPNs), or similar technology approved by appropriate Information Security personnel.
- Infrastructure devices (e.g. IP Phones) needing University Information Technology Network connectivity must adhere to the Open Areas Policy.
- All University Computer Lab Networks with external connections must not be connected to the University Information Technology Network or any other internal Network directly, via a wireless connection, or via any other form of computing equipment.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
Back to Contents