Approved by: Office of the President
Date approved by President or Board of Trustees: May 12, 2010
Effective date: May 12, 2010
Responsible Official: UTech Security and Policy
Responsible University Office: UTech Security and Policy
Revision History: 2
Related legislation and University policies: None
Review Period: 3 Years
Date of Last Review: July 26, 2024
Relates to: Faculty, Staff
Summary
The purpose of this policy is to establish standards for management of network access and communications. This policy applies to all information technology systems that are connected to and use the CWRU network infrastructure. Cloud-based services are outside the scope of this policy.
Purpose
All networks and communications technologies owned and managed by CWRU are considered to be private in nature, and access is granted for the exclusive use of CWRU faculty, staff, students, and affiliates in accordance with the CWRU Acceptable Use of Information Technology Policy (AUP). The privilege of use of all CWRU networks requires adherence by all CWRU users to a minimal set of standards to assure efficient and effective management of network resources. The doctrine employed by CWRU IT Services is to assure the fulfillment of the mission of the University through access to and availability of CWRU networks, which are deemed a critical resource.
General policy of approved protocols and usage thresholds will be determined and implemented by CWRU University Technology (“[U]Tech”). The implementation of standards shall be the responsibility of all IT systems owners and administrators.
CWRU network users shall not provision network-based services for non-CWRU third parties.
Access Requirements
All networks on the CWRU campus are installed and maintained by CWRU [U]Tech. To assure the integrity and availability of network services, no other network communications (with the exception of commercial cellular telephony networks) shall be permitted on University facilities. No networking equipment (routers, managed switches, DHCP servers, DNS servers, WINS servers, VPN servers, remote access dial-in servers/RADIUS, wireless access points, hardware firewalls) shall be permitted without a written exception from Case [U]Tech.
All devices connected to CWRU networks shall be registered with CWRU [U]Tech when initially attached to the network. This applies to printers, computing systems, laboratory equipment, and communications devices that use TCP/IP network protocols. The registrant must be a current faculty, staff, student, or affiliate account user with a valid and active NetworkID. Information on how to register a network device can be found via the Network Registration knowledgebase article at the CWRU Help Desk. Unregistered devices are subject to disconnection from the CWRU Network, without notice, whether or not they are disrupting network service.
Currently devices connected to the CaseGuest wireless network are unregistered. All university-purchased or owned hosts shall be registered in a similar manner to wired network registration, using the CaseWireless or other registered wireless networks the University provides. CWRU users accessing the CWRU IT resources via wireless networking may assure the privacy of the network communications by using these encrypted networks or CWRU VPN software.
No device or program that has the potential to disrupt network service to others is permitted on the CWRU Network without prior arrangement with [U]Tech.
Protocol Standards
The management of network protocols shall be performed by information systems administrators and network administrators to assure the efficiency, availability, and security of the common resources, in accordance with the governing CWRU Acceptable Use Policy.
Simple Mail Transfer Protocol (SMTP):
All email protocol traffic shall utilize the centralized mail gateways (smtp.case.edu). Inbound mail traffic with destination addresses for servers other than those operated by [U]Tech shall utilize an DNS MX record to relay that traffic through the centralized mail gateways. All outbound traffic shall utilize the SMTP gateway.
The use of SSL or TLS based communication standards for email client to email server communication is preferred such that the authentication session is the protected transaction.
Domain Name Services Protocol (DNS):
All hosts on CWRU networks shall utilize the CWRU DNS systems. All hosts connected to CWRU networks receive a cwru.edu or case.edu domain name extension. No host connected to CWRU networks shall be addressable by any DNS name other than that provided by CWRU.
No host with a case.edu or cwru.edu domain name (and an IP address within the CWRU network spaces) will use an IP address outside the University's registered name space without a written exemption from CWRU [U]Tech (Technical Infrastructure Services).
cwru.edu and case.edu versions of every hostname must be the same.
Dynamic Host Configuration Protocol (DHCP):
All hosts on CWRU networks shall either obtain and use a static IP address (see Network Tools for setup) or use the CWRU DHCP service to obtain an assigned IP address. Users shall not use a self-assigned IP address, or operate a DHCP server. The use of bootstrap (BOOTP) shall be governed in the same manner as DCHP.
Banned Protocols:
[U]Tech keeps a listing of banned protocols which have been shown to interfere with the architecture and management of the CWRU network environment.
Definitions
MX record- An MX record or Mail exchanger record is a type of resource record in the Domain Name System (DNS) specifying how Internet e-mail should be routed. MX records point to the servers that should receive an email, and their priority relative to each other.
SSL- secure sockets layer, an encryption method for communication between the mail client and mail server.
TLS- transport layer security, an encryption method for communication between a mail client and a mail server, or between mail servers.
TCP/IP- transmission control protocol and internet protocol, which define how communications are currently implemented in the CWRU network infrastructure.
IP address- internet protocol address, an essential networking element which permits traffic to be routed to a specific host.
Cloud services- software and/or systems that are hosted in off-campus data centers that rely on network communications to permit access for users in the CWRU network environment. An example is CWRU Google Applications.