目的
The purpose of this policy is to outline the requirements and procedure to request exceptions to firewall rules which secure the 蒙特中音 data network. These rules are in place to protect the employee and the confidentiality and integrity of data transmitted via the 蒙特中音 campus data network. 异常 without proper precautions may expose the 蒙特中音 campus to a higher level of risk including virus attacks, 网络系统和服务的危害, 以及可能的诉讼.
范围
此政策适用于员工, 学生, 承包商, 咨询顾问, 临时变量, 以及蒙特奥图校区的其他工作人员, including all personnel affiliated with third parties and other university departments and locations. This policy applies to all electronic equipment that is connected to the 蒙特中音 campus data network.
定义
设备 -电脑, electronic tool or communication apparatus with the ability to connect to a data or communication network.
互联网 -世界性的计算机网络系统
防火墙 – An electronic device used to monitor and inspect data transmission traveling between data networks (i.e. 互联网和蒙奥图数据网络.)基于由校园ITS部门管理的程序规则集, the firewall with either allow or disallow traffic with the aim of preventing unauthorized access to the campus private data network.
VPN(虚拟专用网) – A technology used to allow a user or network to connect in a secure and virtual manner via open or public communication channels. VPN将远程用户(例如.g. working from home) secure access to local network services as if he/she were sitting in his/her office.
IP地址 – A unique network addressed assigned to a device connected to a network.
蒙特阿尔托数据网络 -技术基础设施, 硬件, and software installed at the campus which is used to facilitate the flow of digital information between (but not limited to) 个人 computers, 打印, 服务器, 互联网, 等.
政策
It is recognized that a firewall can restrict certain activities on the network and 互联网 at large that are necessary to conduct the teaching, 研究, 及外展工作. 因此, the following policy establishes requirements and guidelines before exceptions are granted through a firewall protecting individual or groups of computers and 服务器:
- 所有异常请求必须由系统管理员提出.
- The computer(s) must be administered by a professional information technology staff person and/or a system administrator who has read campus policy, “服务器安全政策”并已签署“最终用户计算机协议”.”The purpose is to provide campus and departmental 服务器 the accessibility they need to provide their intended services.特别的, 个人, 或者研究服务器应该利用部门, 大学, or University resources whenever possible rather than solicit an exception.Dedicated appliances or 服务器 that cannot be incorporated into the aforementioned services provided by the department, 大学, or University due to technical reasons will be reviewed on a case-by-case basis.
- Security patches must be installed in a timely fashion (as soon as possible, but not to exceed one week of release by the vendor) by the system administrator.The only exception would be if the patch prevents the proper function of installed software and no satisfactory work-around can be found. 偶尔, the College staff will check computers granted exceptions to ensure that the latest security patches have been installed.
- A computer will be disconnected from the network if a security incident occurs and the port(s) granted the exception will be closed until the computer again complies with items 1 and 2.
异常
Exception process – Any exception requested for a given device must be thoroughly 研究ed by the department making the request for both the necessity of the exception as well as the possible security risks associated with making the exception. 经部门批准后, a request must be made to the campus Information Technology Services (ITS) department via email ((电子邮件保护)). Any such requests will be reviewed by the 蒙特中音 ITS department and either subsequently adopted for the department, 或者整个校园, 或者基于与采用例外相关的安全风险拒绝.
当系统管理员提交异常请求时, 应包括下列资料:
- The specific need for the exception and port(s) to be opened with justification for each.
- The 互联网 name (FQDN) and IP address of the computer(s) for the exception.
- 这个名字, 电话号码, and email address of the person responsible for the system administration of the computer(s). If staffing changes leave an excepted server unmanaged the exception(s) may be removed if an unreasonable security risk arises from the system remaining unmanaged.
- 系统安全措施到位,包括密码策略, 审计政策, 杀毒软件(如有), and any additional security related software and/or settings of the machine.
- A statement to the effect that the owner of the computer(s) “understands that the computer(s) or server will be disconnected from the network and the port(s) granted the exception will be closed if a security incident occurs involving the computer or server.作为计算机或服务的系统管理员, security and operating system patches must be installed as prescribed by campus policy.”
异常 may not be granted for a request if the ITS staff considers the proposed exception too vulnerable to attack, or for operating systems and applications without a proven record of adequate security.
执行
如果在授予例外后减轻了安全措施, 异常可以立即撤销.
交叉引用
还应参考的其他政策:
AD20 -计算机与网络安全
终端用户计算机协议
PSU-MA-ITS-004 -可接受使用和安全政策
密码政策
防病毒策略
服务器安全政策
政策的历史
2009年6月5日批准
2016年1月5日-经行政理事会批准的更新版本