Network Control Standard
Appendix to Policy
To ensure the availability of University network and to protect information security for networked services and systems, access must be controlled to the University network (both wired and Wi-Fi), including local area networks (LANs) and external network services.
Type of network extensions allowed
The following table defines the type of network extensions permitted on the University Network.
|NC.A.01||Locally-managed networks, defined by agreed-upon Network Hand-Off points||Not Allowed||Allowed||Allowed|
|NC.A.02||Network Address Translation (NAT)||Not Allowed||Not Allowed||Not Allowed|
The following table defines baseline network security controls for the University network (both wired and Wi-Fi) and local area network (LAN).
|NC.B.01||Approval from Data Network Services to extend the University network or connect to third-parties||Required||Required||Required|
|NC.B.02||Approval from the LAN network administrator to extend the network beyond the network hand-off point for their unit||Required||Required||Required|
|NC.B.03||Use controls to protect network infrastructure against attacks and misuse||Required||Required||Required|
|NC.B.04||Segment networks according to the security level and/or data classification||Required||Recommended||Recommended|
|NC.B.05||Document ownership for the network at the hand-off point||Required||Required||Required|
|NC.B.06||Use controls to prevent unauthorized access to the network||Required||Required||Optional|
|NC.B.07||Maintain logs to identify devices and users that attach to the network in real time||Required||Required||Required|
|NC.B.08||Detect and verify that network extensions are authorized||Required||Required||Required|
|NC.B.09||Periodic review of network access controls for appropriateness||Required||Required||Optional|
|NC.B.10||Deploy and monitor network based intrusion detection and/or prevention technology||Required||Required||Optional|
|NC.B.11||Document network access controls used||Required||Required||Required|
Additional Wi-Fi Network Controls
The following table defines baseline network security controls specifically for Wi-Fi.
|NC.C.01||Use strong encryption for transmitting authentication information and the data||Required||Required||Recommended|
|NC.C.03||Detect and remove unauthorized (rogue) Wi-Fi networks||Required||Recommended||Recommended|
This applies to IT resources owned or contracted by the University.
This applies to University community members who use or manage University IT resources.
More information on Network Control
- December 2014
- October 2015