Network Management Policy

Contents

  • Introduction
  • Scope
  • Management of the Network
  • Network Design and Configuration
  • Physical Security and Integrity
  • Change Management
  • Capacity Management
  • Connecting Devices to the Network
  • Access Controls
  • Network Address Management
  • Further Guidance

1.0 Introduction
This Network Management Policy is a sub-policy of Aberystwyth University’s (AU) Information Security Policy and sets out the responsibilities and required behaviour of those who manage communications networks on behalf of the University.

2.0 Scope
All of AU’s communications networks, whether wired or wireless are in scope, irrespective of the nature of the traffic carried over the networks (data or voice)

3.0  Management of the Network
AU’s communications networks will be managed by suitably skilled staff to oversee their day-to-day running and to ensure their on-going security (confidentiality, integrity and availability). Network staff are in highly privileged positions and play a key role in contributing to the security of AU’s information assets. They are expected to be aware of AU’s Information Security policy in its entirety and must always abide by the policy. Network staff are authorised to act promptly to protect the security of their networks, but must be proportionate in the actions which they take, particularly when undertaking actions which have a direct impact on the users of the network. Any actions which may be potentially invasive of users’ reasonable expectations of privacy must be undertaken in accordance with instructions approved by AU’s Data Protection Officer (or their nominee). Network staff must immediately report any information security incidents to the Director of Information Services, and to AU’s Computer Emergency Response Team (is-cert@aber.ac.uk)

4.0  Network Design and Configuration
The network must be designed and configured to deliver high levels of performance, availability and reliability, appropriate to AU’s business needs, whilst providing a high degree of control over access to the network. The network must be segregated into separate logical domains with routing and access controls operating between the domains to prevent unauthorised access to network resources and unnecessary traffic flows between the domains.

5.0  Physical Security and Integrity
Networking and communications facilities, including wiring closets, data centres and computer rooms must be adequately protected against accidental damage (fire or flood, for example), theft, or other malicious acts. The network should, where appropriate and possible, be resilient to help mitigate the impact of the failure of network components. Any device that is running a service that conflicts with centrally managed services such as OSPF, DHCP, RIP, BOOTP etc. must not be connected to the network without prior agreement with the Network Manager.

6.0 Change Management
A record of the configuration of all network devices will be kept, and any changes to the network device configuration, recorded in accordance with Information Services Change Control process.

7.0 Capacity Management
For future capacity planning, Information Services will monitor and record levels of network traffic capacity throughout AU’s network infrastructure.

8.0 Connecting Devices to the Network
It is not permitted to connect personally owned equipment to any network socket which has not been provided specifically for the purpose. It is permissible to connect personally owned equipment to AU’s wireless networks. Any device connected to a University network must be managed effectively, and devices which are not, are liable to physical or logical disconnection from the network without notice. All devices connected to the network, irrespective of ownership, are subject to monitoring and security testing, in accordance with normal operational practices.

9.0 Network Address Management
The allocation of network addresses (IPv4 and IPv6) used on AU’s networks shall be managed by Information Services’ Network Team. Network addresses (IPv4 or IPv6) assigned to end-user systems will, wherever possible, be assigned dynamically (and will therefore be subject to change).

10.0 Access Controls
Access to network resources must be strictly controlled to prevent unauthorised access. Access control procedures must provide adequate safeguards through robust identification and authentication techniques. Information Services is responsible for the management of the gateways which link AU’s network to the Internet. Controls will be enforced at these gateways to limit the exposure of University systems to the Internet to reduce the risks of hacking, denial of service attacks, malware infection and propagation and unauthorised access to information. Controls will be applied to both incoming and outgoing traffic.

Further Guidance

Reference:
Status: Draft
Version: 0.1
Date: 12/10/2017 (reviewed 23/10/2018)