Skip to main content

Policies and Procedures

Finance & Administration

Network Access and Use Policy

4-OP-H-11   NETWORK ACCESS AND USE POLICY

Responsible Division: Finance and Administration
Approving Official: Kyle Clark
Effective Date: January 1, 2014
Last Revision Date: Unrevised at this time.

 

 

 

SPECIFIC AUTHORITY
BOG Regulation 3.0075
Policy 4-OP-F-7 Safeguarding of Confidential Financial and Personal Information
Policy 4-OP-H-6 Use of University Information Technology Resources 
Policy 4-OP-H-8 Wireless Data Communications 
Policy 4-OP-H-9 Information Technology Security

OBJECTIVE
The purpose of this policy is to define the standards for connecting computers, servers or other devices to the University's network. The standards are designed to minimize the potential exposure to the Florida State University and our community from damages that could result from desktop computers and servers that are not configured or maintained properly and to ensure that devices on the network are not taking actions that could adversely affect network performance. This policy is designed to protect the campus network and the ability of members of the Florida State community to access and utilize it. This policy is consistent with the existing Use of Information Technology Resources, Wireless Data Communications, Information Technology Security, and the Safeguarding Confidential Financial and Personal Identifying Information Policies, and focuses on network connectivity.

Florida State University must provide a secure network for our teaching, learning, research, business and applied public service missions. An unsecured, vulnerable computing device on the network can be used to launch denial of service attacks, propagate viruses, worms, or enable un-authorized, malicious hackers to enter the University's campus network, thereby affecting many computers, as well as the network's integrity. Damages from these exploits could include the loss of sensitive and confidential data, interruption of network services and damage to critical internal systems. Universities that have experienced severe compromises have also experienced damage to their public image. Therefore, individuals who connect computers, servers and other devices to the Florida State network must follow specific standards and take specific actions.

A. SCOPE OF THIS POLICY
This policy applies to all members of the Florida State University community or visitors who have any device connected to the Florida State University network, including, but not limited to, desktop computers, laptops, servers, wireless devices, printers, access control equipment, cameras, environmental control systems, and telephone system components. The policy also applies to anyone who has systems outside the campus network that access the campus network and resources. The policy applies to both university-owned computers (including those purchased with grant funds) and personally-owned or leased computers that connect to the Florida State network.

B. APPROPRIATE CONNECTION METHODS
A user may connect a device to the campus network and at a variety of appropriate connectivity points including data jacks, through an approved wireless network access point, via a VPN or SSH tunnel, or through remote access mechanisms such as DSL, cable modems, and modems over phone lines, and commercial Internet Service Providers (ISP). 
Note: Modifications or extensions to the network can frequently cause undesired effects, including loss of connectivity. These effects are not always immediate, nor are they always located at the site of modifications. As a result, extending or modifying the Florida State network must be done in coordination with Information Technology Services (ITS).

C. RESPONSIBILITY FOR SECURITY
Every computer or other device connected to the network, including a desktop computer has an associated owner (e.g. a student who has a personal computer) or caretaker (e.g. a staff member who has a computer in their office). For the sake of this policy, owners and caretakers are both referred to as owners.

Owners are responsible for ensuring that their machines meet the relevant security standards and for managing the security of the equipment, data, and the services that run on it.

D. SECURITY STANDARDS
These security standards apply to all devices that connect to the Florida State University network regardless of the connection method.

  1. Owners must ensure that all computers and other devices capable of running anti-virus software have licensed anti-virus software (or other appropriate virus protection products) installed and running or they will be denied access to the network. Owners should configure the software to update definition files at least once per week. See the ITS Software Site Licensing (SWSL) software site for more information.
  2. Owners must install the most recent security patches on the system as soon as practical. Where machines cannot be patched, other actions must be taken to secure the machine appropriately. Owners should configure their systems to periodically check for anti-virus and security patches.
  3. Owners must ensure that default or vendor-supplied passwords distributed with hardware or software are immediately changed.
  4. All University data, public or private, will be transmitted or stored in such a manner to reasonably protect them from loss because of equipment failure, fire, theft, sabotage or unauthorized intrusion.
  5. All campus stakeholders will safeguard their computer userids and passwords. No stakeholder will allow unauthorized access to University data, or computing or networking resources by sharing their userid and password.
  6. No stakeholder will knowingly create access into the computing network in such a way as to bypass University security systems or safeguards.

E. CENTRALLY-PROVIDED NETWORK-BASED SERVICES
ITS is responsible for providing reliable core network services for the entire campus. As such, individuals or departments may not run any service which disrupts or interferes with centrally-provided services. The installation of unauthorized network electronic equipment that includes, but is not limited to: hubs, routers, remote access devices, modems, wireless access points or any other devices that allow access to the FSU network is prohibited.

Vice Presidents, Deans, Department Heads and Directors are delegated authority to approve installations within their domains, provided ITS is notified and the installation is consistent with the security standards listed in Section D of this policy.

F. PROTECTION OF THE NETWORK
ITS routinely scans the Florida State network, looking for vulnerabilities. By connecting a computer or device to the network, you are acknowledging that the network traffic to and from your computer may be scanned.

ITS reserves the right to take necessary steps to contain security exposures to the University and or improper network traffic. OTI will take action to contain devices that exhibit the behaviors indicated below, and allow normal traffic and central services to resume.

  • imposing an exceptional load on a campus service.
  • exhibiting a pattern of network traffic that disrupts centrally provided services.
  • exhibiting a pattern of malicious network traffic associated with scanning or attacking others.
  • exhibiting behavior consistent with host compromise.

ITS reserves the right to restrict certain types of traffic coming into and across the Florida State network. ITS restricts traffic that is known to cause damage to the network or hosts on it, such as NETBIOS. OTCNS also may control other types of traffic that consume too much network capacity, such as file-sharing traffic.

G. IMPLEMENTATION
Effective Date: August 1, 2006

H. REVIEW AND UPDATE
This policy shall be reviewed and updated on an annual basis, or as special events or circumstances dictate.

I. RELATED STATE AND UNIVERSITY REFERENCES
University faculty, staff, students, and employees are bound by all applicable laws, rule, policies, and procedures. This policy is not intended to limit the applicability of any law or policy and does not preclude University units and related affiliate organizations from implementing additional supplemental, or more stringent safeguards.

State and Local Government references:
Section 282.318, Florida Statutes - Security of Data and Information Technology Resources

University Policy references: 
Policy 4-OP-F-7 Safeguarding of Confidential Financial and Personal Information
Policy 4-OP-H-6 Use of University Information Technology Resources 
Policy 4-OP-H-8 Wireless Data Communications 
Policy 4-OP-H-9 Information Technology Security