Connecting Devices to the Network

Adopted Policy 5.2

Policy Purpose

To set forth the basic principles for Connecting Devices to the University Network.

Responsible Office

Information Technology Services, Division for Finance and Administration

Responsible Executive

Chief Information Officer

Policy History

  • Date of Permanent Approval:
  • Date of Amendments:

Policy Statement

The University's mission is served by ensuring a stable, secure and robust network infrastructure. Access to the network is made possible through the connection of devices (personal computers, servers, phones, tablets, etc.) via a wired or wireless access point or remotely via the University’s Virtual Private Network (VPN) connection. Access to the network is available to all students and employees of the University and to a wide variety of affiliated organizations and individuals. In order to provide consistent, stable and secure network services to all users, the University needs to apply appropriate controls over the allocation of network resources.

Persons Affected

Students, Faculty, Staff, Third Parties

Definitions

University is the University at Albany, State University of New York.

Policy

The University is committed to providing an integrated, robust, secure and reliable network infrastructure, consistent with available resources, to all authorized members of the campus community.

  1. Network access
    1. Network access is available to all authorized users with appropriate authentication. Network use is subject to the terms and conditions of the University's policy 5.3 Information Security.
    2. Users shall utilize the network in support of their individual teaching, learning, and research goals, and job responsibilities.
    3. Certain resources are limited to VPN access only to assure use by valid University account holders.
  2. University network connectivity, address allocation and infrastructure standards
    1. Standards for physical network architecture and infrastructure development (network wiring, equipment, etc.) shall have status equivalent to "building code."
    2. Additions and/or modifications to any part the network infrastructure shall conform to these standards and are made by authorized staff only.
    3. Access to and modifications (installations, repair, and maintenance) of equipment in communications rooms are strictly limited to authorized personnel only.
    4. Any device (workstation, desktop, laptop, hand-held, etc.) connecting to the University at Albany campus network, regardless of the medium or physical location, must comply with the following standards:
      1. The operating system (OS) must be currently supported and have all updates, patches and fixes to protect against known vulnerabilities. Where possible, automated updates should be enabled.
      2. Be free of malware (viruses, trojans, worms, bots, spyware, etc.).
      3. Have an installed, operational, antivirus program with up-to-date virus definition files. The highest level of antivirus protection is provided by using the auto-update feature. Managed, University-owned machines are equipped with site-licensed antivirus software.
      4. Use secure forms of authentication, as defined by the most recent NIST 800-63 standard.
    5. The connection of devices to the network not meeting such standards is strictly prohibited.
    6. Information Technology Services shall be responsible for the allocation and maintenance of the University’s assigned IPv4 and IPv6 address space.
  3. Suspension of network access
    1. Information Technology Services reserves the right to suspend the network access of any device connected to the network that represents a threat to the confidentiality, integrity or availability of University information assets, including systems in violation of University policies, any regulatory requirements, or state or federal laws. Suspensions will be documented with an incident response that can reviewed via the ITS Service Desk.
  4. This policy is effective immediately.