Network Security

1.0 Overview

Network security requires that computer equipment and data be safeguarded in a way that prevents unauthorized disclosure, misuse, alteration, destruction or other compromise of information.

2.0 Purpose

This policy is designed to lay out the steps that must be taken to electronically secure computer equipment and data at Clarkson University.

3.0 Scope

This policy applies to University officials.

4.0    Policy

In order to prevent unauthorized disclosure, misuse, alteration, destruction or other compromise of information, access to all computer systems and the network must be restricted to those who have a legitimate business need to have access.  This means that all services shall be secured by the use of an appropriately configured hardware or software firewall, access control list, or other communications inhibiting mechanism.  System and administrator level accounts must be secured using strong passwords, as defined by the Password Policy.  Prior to accessing the network, all computer must be registered using the NetReg system. 

Specific requirements for desktop computers, servers and communications equipment are set forth in their respective security policies.  Additionally, network traffic is subject to filtering and monitoring as set forth in the Access Control and Network Monitoring Policies.  Standards for remote access are given in the Remote Access Policy.

All requirements given in the above mentioned policies shall be followed at all times.

5.0 Enforcement

Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including a formal written letter of corrective action.

6.0 Definitions

Communications Equipment  – a specialized piece of electronic equipment designed to route or switch network traffic

Desktop computer – a computer that is used primarily as a workstation, for day-to-day tasks

Server computer – a computer that performs specialized functions, such as serving email, web pages, etc.

7.0 Revision History

Draft Policy – 19 April 2005 – jfiske

Draft Policy – 5 May 2005 – jfiske

Draft Policy – 10 February 2006 – jfiske

Approved Policy v1.0 – 4 November 2013 – jfiske