Differences

This shows you the differences between two versions of the page.

--- computing:policies:network_connection [2011/12/09 18:10] – [Required for all network-connected devices] allan
+++ computing:policies:network_connection [2021/01/11 09:35] (current) – cse-sull0153
@@ Line 1: / Line 1: @@
-====== Network Security Policy ======
+====== PAN Network Security Policy ======
-May 2010 - **this is no longer a draft**
 =====  Required for all network-connected devices =====
+  - All systems connected to the PAN network must be running an operating system which is still supported by its vendor for security updates.
-  - All systems connected to the School network((The School network encompasses all network jacks within Tate Lab. All subnets used by groups within the School are considered to be part of the School network)) must be running an operating system which is still supported by its vendor for security updates.
+    * For example, (at the time of writing) the minimum acceptable version of Windows is Windows 10. Windows 95, 98, ME, NT, 2000, 7, and XP are not acceptable, and cannot be connected to our network.
-    * For example, (at the time of writing) the minimum acceptable version of Windows is XP with SP2. Windows 95, 98, ME, NT and 2000 are not acceptable, and cannot be connected to our network.
+    * Apple generally provide support for two concurrent OS releases, __for example__ when 10.6 is available then 10.5 is also supported but 10.4 becomes unsupported and so unacceptable by this policy.
-    * Apple generally provide support for two concurrent OS releases, for example when 10.6 is available then 10.5 is also supported but 10.4 becomes unsupported and so unacceptable by this policy.
     * The same overall requirement applies to Unix, Linux, and other systems such as embedded data acquisition devices.
   - Only one device may be connected to any physical network port. No hubs, switches, wireless access points or routing devices may be connected, directly or indirectly, without prior discussion with and agreement from School computing staff.
-  - Non-departmentally-managed systems may not inhabit the same network subnet as departmentally-managed systems.
+  - Non-departmentally-managed systems (User Managed Hosts - UMH) may not inhabit the same network subnet as departmentally-managed systems.
   - **Data Security**
     - For any Windows or Macintosh computers which you connect to the School network:
-      - You must install the Bigfix software agent, which will enable us to push required security updates to your computer. Please see our [[computing:policies:bigfix:home|Bigfix information page]] for more details.
+      - You **must** install and run antivirus software.
-      - You must install and run antivirus software.
+      - You **must** install firewall software and configure it to prevent unrestricted connections.
-      - You must install firewall software and configure it to prevent unrestricted connections.
     - Strong passwords must be used for all accounts.
     - All systems are subject to regular network security evaluation. Systems which are found to be non-compliant will be removed from the network if not corrected.
+  - Only university/grant owned equipment may be connected. ((exceptions may be granted in exceptional cases))
+    * Personal laptops are not eligible for wired network connections. The University does provide wireless networks, which they may use.
-Some more information about available options for antivirus and firewall software can be found here: [[computing:software:antivirus]]
 ===== Exception mechanism =====
-If you cannot meet the above criteria, or do not wish to install the Bigfix client or antivirus software, your computer will be placed on a separate protected network segment. You must also declare that the computer will not be used to store or process any University private data. By default, it may not receive incoming network connections((We are able to set up specific protected networks for research groups, which can have custom access controls, eg to pull data from data acquisition systems)), and will be given limited access to the following School resources:
+If you cannot meet the above criteria, or do not wish to install the required antivirus software, your computer must be placed on a separate protected network segment. For example, you may have a lab data acquisition or control system, where a software update and reboot may be unacceptable. You must declare that such a system will not be used to store or process any University private data. By default, it may not receive incoming network connections, and will be given limited access to the following School resources:
-  * School web sites, mail services, and secure shell.
+  * Network connections are only allowed to/from University networks.
-  * Printing, either via the School's file/print server, CUPS, or port 9100 ("jetdirect").
+  * Printing
+We are able to set up specific protected networks for research groups, which can have custom access controls, for example, to connect to lab data acquisition and control systems

User Tools

Differences

Page Tools