Network Security and Management Standard

1 PURPOSE

The purpose of this standard is to provide acceptable use and security guidance to protect the integrity of the University System of New Hampshire (USNH) network, mitigate risks, and ensure secure and reliable network access and performance for the community. 


2 SCOPE

This standard applies to all USNH business and academic units and USNH-owned information systems that collect, store, process, share, or transmit institutional data. Personally owned devices connecting to the University Campus Network must meet the Bring Your Own Device standard requirements. 


3 STANDARD

3.1 Security

3.1.1 Unless authorized by USNH ET&S Cybersecurity, any software that explores “sniffs” or probes the network for any reason is strictly prohibited. ET&S tests and investigates all actions or conditions that pose risks to network security and will take corrective and/or protective measures as necessary to ensure the continued proper function of the campus communications networks. 

3.1.2 Any entity identified as a potential unfriendly host is immediately denied access to the campus network and reported to the proper authorities for further investigation and subsequent action. 

3.1.3 ET&S manages and configures the Campus/Enterprise firewalls according to the guidelines contained within this policy. The Firewall Policy shall be reviewed yearly. 

3.1.4 The guest wireless network is available for parents, vendors, and other guests of USNH and shall be utilized in strict adherence to all USNH policies.  

3.1.5 The guest wireless network cannot directly access any non-public USNH resources. Information about access to the USNH guest wireless can be found at: https://td.unh.edu/TDClient/60/Portal/KB/ArticleDet?ID=3190 

3.1.6 USNH networks shall be physically and logically segmented.  

3.1.7 USNH shall use sandboxes to test new applications that may contain viruses or cause compatibility issues with other systems.  

3.2 Network Hardware/Software (routers, switches, servers, other network devices) 

3.2.1 The connection of any network device (routers, switches, servers, other network devices) to the campus network without prior knowledge and expressed permission from ET&S is prohibited. 

3.2.2 Although other protocols are not strictly prohibited, the primary protocol supported on the USNH communications networks is TCP/IP using secure encrypted protocols such as HTTP or SFTP. 

3.2.3 ET&S will centrally manage and keep logs for network equipment.  

3.2.4 Network administrators shall restrict access by the principle of least privilege and, when possible, enable multifactor authentication (MFA). 

3.2.5 USNH change management policies shall be followed for all configuration changes. 

3.2.6 Critical security firmware/software patches will be coordinated and applied by the USNH change management policies. 

3.3 Disaster Recovery

ET&S is responsible for maintaining, testing, and continuously improving a plan for recovery of the communications networks in the event of a disaster. Community members can find details in the ET&S Disaster Recovery Plan. 

3.4 Device Registration and Address Allocation 

3.4.1 Users shall register all hosts (computers) on the USNH network using an accurate and unique addressing scheme assigned by ET&S. 

3.4.2  Users needing help connecting a new device to the campus network should contact the ET&S Help Desk for assistance at https://www.usnh.edu/it/need-it-help 

3.4.3 Users may request a static address allocation by contacting the ET&S Help Desk. Requests for static addresses or creating a new network will be reviewed and acted upon as appropriate in the best interests of the campus network and the user community at https://networking.usnh.edu/provision

3.4.4 ET&S Networking Group manages domain registrations and follows the USNH format (usnh.edu, keene.edu, plymouth.edu, unh.edu) for domain administration. Any request needs to be approved by ET&S. 

3.4.5 A security scanning audit is periodically performed on all networked devices on the USNH networks to ensure hardening procedures are in place for security purposes. 

3.5 Network Guidelines

The campus communications networks are a limited resource that facilitates the goals and mission of USNH. 

3.5.1 Users may not infringe or encroach on the availability or use of the campus network by others. Examples of activities not allowed include (but are not limited to): 

  3.5.1.1 Using an IP address that has not been assigned or approved by ET&S. 

  3.5.1.2 Monitoring or “sniffing” data on the network. 

  3.5.1.3 Flooding the network, either intentionally or unintentionally. 

  3.5.1.4 Running a commercial or for-profit service on the network. 

  3.5.1.5 Registering a system without using usnh.edu or other USNH-approved domains. 

  3.5.1.6 Establishing, enabling, or providing network services that interfere with the regular operation of the campus communications networks or users of the network or create a security risk and exposure. 

  3.5.1.7 Installing wireless access points, switches, routers, and firewalls (other than software firewalls on their personal devices.  

3.6 Physical connections

Physical connections to the network will follow industry standards, such as EIA/TIA Standards for cabling, FOA Standard for Fiber Optics cabling, and IEEE 802.11X for wireless connections. 


DOCUMENT HISTORY
  • Approved by: Thomas Nudd, Chief Information Security Officer, January 29, 2022 
  • Reviewed by: Dr. David Yasenchock, Director Cybersecurity GRC, January 21, 2022
  • Revision History:  V1.1 April 23, 2024, Cybersecurity GRC Working Group 
    • Revised formatting, K SWEENEY, 30 MAY 2024