Printed on: 08/18/2018. Please go to http://policy.umn.edu for the most current version of the Policy or related document.

APPENDIX TO POLICY

Network Control Standard

Objective

To ensure the availability of University network and to protect information security for networked services and systems, access must be controlled to the University network (both wired and Wi-Fi), including local area networks (LANs) and external network services.

Security Controls

Type of network extensions allowed

The following table defines the type of network extensions permitted on the University Network.

Control

Security Level

ID

Description

High

Medium

Low

NC.A.01

Locally-managed networks, defined by agreed-upon Network Hand-Off points

Not Allowed

Allowed

Allowed

NC.A.02

Network Address Translation (NAT)

Not Allowed

Not Allowed

Not Allowed

Network controls

The following table defines baseline network security controls for the University network (both wired and Wi-Fi) and local area network (LAN).

Control

Security Level

ID

Description

High

Medium

Low

NC.B.01

Approval from Data Network Services to extend the University network or connect to third-parties

Required

Required

Required

NC.B.02

Approval from the LAN network administrator to extend the network beyond the network hand-off point for their unit

Required

Required

Required

NC.B.03

Use controls to protect network infrastructure against attacks and misuse

Required

Required

Required

NC.B.04

Segment networks according to the security level and/or data classification

Required

Recommended

Recommended

NC.B.05

Document ownership for the network at the hand-off point

Required

Required

Required

NC.B.06

Use controls to prevent unauthorized access to the network

Required

Required

Optional

NC.B.07

Maintain logs to identify devices and users that attach to the network in real time

Required

Required

Required

NC.B.08

Detect and verify that network extensions are authorized

Required

Required

Required

NC.B.09

Periodic review of network access controls for appropriateness

Required

Required

Optional

NC.B.10

Deploy and monitor network based intrusion detection and/or prevention technology

Required

Required

Optional

NC.B.11

Document network access controls used

Required

Required

Required

Additional Wi-Fi Network Controls

The following table defines baseline network security controls specifically for Wi-Fi.

Control

Security Level

ID

Description

High

Medium

Low

NC.C.01

Use strong encryption for transmitting authentication information and the data

Required

Required

Recommended

NC.C.02

Authenticate access

Required

Required

Optional

NC.C.03

Detect and remove unauthorized (rogue) Wi-Fi networks

Required

Recommended

Recommended

Resources Covered

This applies to IT resources owned or contracted by the University.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

More information on Network Control

Published Date

  • December 2014

Last Reviewed

  • October 2015

Document Feedback