UMB IT Campus Network Policy
X-99.04(A) | Information Technology | Approved September 11, 2017 | Last Reviewed April 30, 2024
Responsible VP/AVP: Peter J. Murray, PhD, CAS, MS
Applies to: Faculty, Staff, Students
Revision History
Technical revisions updated September 11, 2017, last reviewed May 1, 2019.
Purpose
The purpose of this policy is to establish a framework for ensuring that UMB's information technology resources are managed in a secure fashion.
Policy Statement
Scope
The scope of this policy includes all faculty, staff, students, visitors, and guests who have or are responsible for an account (or any form of access that supports or requires a password) on any system connected to the campus network, has access to the campus network, or stores any non-public UMB information.
Responsibilities
General network practices are defined to protect the integrity of organizational networks. These practices must be followed to assure adequate protection of system security, as well as appropriate user access.
- No network capable games or non-business related software is allowed on any UMB owned workstation or server. Use of illegally obtained software is strictly prohibited.
- Only UMB authorized personnel will configure and connect devices to the campus network infrastructure. These devices include, but are not limited to, bridges, firewalls, intrusion detection devices, network monitoring tools, virtual private network (VPN) devices, routers and hubs and wireless access points.
- External connections to any critical system must be established through an approved VPN connection provided by the Center for Information Technology Services (CITS) or another school or department.
- Any requests for waivers to these standards must be approved by the UMB Chief Information Security Officer (CISO).
- No network equipment will be installed or located outside of designated wiring closet or equipment room accessible only to authorized personnel. These devices include, but are not limited to bridges, firewalls, intrusion detection devices, network monitoring tools, VPN devices, routers, switches, etc.
- The use of all security devices or security software monitoring tools must be with the approval of the UMB CISO.
- No data or files shall be shared illegally on the campus networks.
- CITS Network & Communication Systems must approve installation of any wireless network equipment on the campus wireless network.
Network Violations and Enforcement Procedures
Violations of network standards are subject to disciplinary action. Violations include, but are not limited to:
- Knowingly breaking into ("hacking") a network device or workstation/server.
- Malicious or intentional destruction of network infrastructure.
- Broadcasting over the entire Class B network.
- Knowingly stealing or forging (“spoofing”) another user's connection or TCP/IP addresses.
- Installation and operation of non-approved infrastructure equipment or software.
- Sharing of the username and password for network devices.
- Use of peer-to-peer software illegally to transfer or share material.
Disciplinary action for people found to be in violation of these standards will be in accordance with the Human Resources policies of the person’s employer or, in the case of students, discipline policies of the appropriate UMB School. In addition, CITS Network & Communication Systems may take any action it deems appropriate, including disabling an account or user connection, in order to protect the integrity of the campus network. These actions must be taken promptly and may remain in effect pending further review and investigation of an incident.