Network

Division: 

Administration & Finance

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Wednesday, July 18, 2012

Authority: 


Objective: 

This Practice Directive outlines operational guidelines that helps protect SF State University’s network and technology infrastructure from unauthorized use, eavesdropping, and targeted attacks that could result in loss of information, damage critical applications, or impact University operations.


Statement: 

Purpose & Scope

The goal of this Practice Directive is to outline operational guidelines that helps protect SF State University’s network and technology infrastructure from unauthorized use, eavesdropping, and targeted attacks that could result in loss of information, damage critical applications, or impact University operations. All users (faculty, staff and students) using the university network must adhere to University-defined processes and use University-approved network devices and wireless access points. Unauthorized access or inappropriate use of the university network is prohibited.

Practice Directive & Appropriate Use 

  • The use of SF State University's network may present risk to the user. The user understands and accepts risks involved with the use of the university network, including possible compromise of information sent and subsequent damages that may arise.
  • The use of the university network may require authentication of users. Users may be required to install additional network access control software authorized and provided by SF State University.  Additional controls may be imposed on devices joining the network to enhance overall operational and end user device security. SF State University Information Security Program may involve use of digital certificates and SSL as appropriate.
  • All users accessing the university network should have up to date virus protection on their systems. SFSU Faculty, staff and students may install anti-virus software at no charge. SF State University does not guarantee privacy or security on its network, and cannot guarantee freedom from infections, viruses and related risks or threats. All users should practice safe computing practices by implementing the steps recommended at the campus Information Security Program page, especially, the Protecting your Computer section.
  • All users are expected to use SF State University's network in a legal and responsible manner. For security purposes and to limit illegal file sharing, communication between wireless clients is not allowed. Illegal file sharing activity can result in criminal penalties including imprisonment of up to five years and fines of up to $250,000 per offense.  Please see Copyright Law Information Page for information on federal laws regarding copyright. More information is available on SF State Acceptable Use web page. Network users may be subject to monitoring by law enforcement as permitted by federal laws and CSU policy.
  • Beginning March 15, 2012, the perimeter firewalls were configured to only accept inbound traffic that has been specifically whitelisted. Please follow the steps below for border firewall exception:
    • Complete the “Border Firewall Inbound Port Exemption” form (login required) and “Border Firewall Port Exemption Spreadsheet”; for modifications to existing exemptions clearly highlight the change or addition.  
    • The border firewall exception request and changes must be approved by the appropriate manager as required by current campus Change Control Practice Directive.
    • Create a service request by clicking on Submit a New Service Request link and fill in all the relevant details. 
    • Send an email with the border firewall exemption form and spreadsheet attached and reference the Help Desk ticket number that was created when you submitted the ticket, in the subject and body of the email.
    • For planning purposes, the anticipated turnaround for urgent requests is 3 to 4 business days.
  • All network devices and wireless access points within the University's firewall must be approved and centrally managed by SF State University’s Division of Information Technology Services (ITS) or registered as devices managed under a formal vendor contract. The addition of new network devices and wireless access points within campus facilities will be managed at the sole discretion of the ITS and devices joining the network will require registration. Non-sanctioned installations of network switches, wireless access points, or use of unauthorized network equipment on campus premises, are forbidden, and may be shut off at the discretion of the ITS.
  • ITS periodically conduct sweeps and scans of the network to ensure there are no unauthorized network devices or rogue wireless access points present.
  • ITS reserves the right to turn off, with or without notice; any network device or wireless access point connected to the network that it deems may put the university's systems, data, and users at risk or interfere with the operation of the university’s network.
  • Users should immediately report any incident or suspected incident of unauthorized network device or wireless access point installation. Information on type of Security Incidents and where to report can be found at Reporting a Security Incident or Vulnerability page.
     

Implementation

Responsibility for implementing this Practice Directive will rest with ITS and Information Technology (IT) departments across campus. Submit any apparent violation of Network Practice Directive to the appropriate administrative authority (vice president, dean, director, department, or program chair) or to service@sfsu.edu.
 

Non-Compliance

Noncompliance with applicable policies and/or practices may result in suspension of network access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.