Network Security Policy
This policy is intended to protect the integrity of the campus network, to mitigate the risks and losses associated with security threats to computing resources and to ensure secure and reliable network access and performance for the University community. This policy is necessary to provide a reliable campus network to conduct the University's business and prevent unauthorized access to institutional, research or personal data. In addition, the University has a legal responsibility to secure its computers and networks from misuse.
2. Policy Statement
- University Information Technologies (UNIT) is solely responsible for managing any and all Internet domain names related to the university (e.g. villanova.edu). Individuals, academic colleges/departments or administrative departments may not create nor support additional Internet domains without prior approval from UNIT.
- To ensure the stability of network communications, UNIT will solely provision and manage both the public and private IP address spaces in use by the University.
- UNIT may delegate administrative responsibilities to individuals for certain network ranges, but retains the right of ownership for those networks.
- Villanova University faculty, staff or students may not connect, nor contract with an outside vendor to connect, any device or system to the University's networks without the prior review and approval of UNIT. Colleges or departments that wish to provide Internet or other network access to individuals or networks not directly affiliated with the University must obtain prior approval from UNIT.
- In order to maintain reliable network connectivity, no other department may deploy wireless routers, switches, bridges, and/or DHCP (Dynamic Host Configuration Protocol) services on campus without prior review and approval of UNIT.
- Users are permitted to attach devices to the network provided that they are:
- for use with normal University business or student operations
- do not interfere with other devices on the network
- are in compliance with all other Villanova policies.
- Unauthorized access to University networking equipment (firewalls, routers, switches, etc.) is prohibited. This includes port scanning or connection attempts using applications such as SSH/SNMP, or otherwise attempting to interact with University network equipment.
- Unauthorized access to University equipment/cabling rooms is also prohibited.
1. UNIT is solely responsible for managing the unlicensed radio frequencies (wireless networking) on campus, which includes the 2.4 GHz and 5 GHz spectrum and may include future wireless spectrum standards, as defined by the IEEE, such as 60GHz.
2. UNIT is responsible for maintaining a secure network and will deploy appropriate security procedures to support wireless networking on campus.
3. The University will maintain a campus wireless network based only on IEEE 802.11 standards. UNIT will collaborate with academic departments where devices used for specific educational or research applications may require specific support or solutions.
- UNIT will provide a general method for network authentication to University systems. The IEEE 802.1x standard is the currently supported authentication method. Additional security protocols may be applied as needed.
- UNIT will take action to prevent spoofing of internal network addresses from the Internet. UNIT will also take action to protect external Internet sites from source address forgery from devices on the University's network.
- The University's external Internet firewall default practice is to deny all external Internet traffic to the University's network unless explicitly permitted. To facilitate this, academic colleges/departments and other administrative departments must register systems with UNIT which require access from the Internet. Users that would like to request access through the University firewall must open a help desk ticket and complete a firewall access request form.
- Access and service restrictions may be enforced by device, IP address, port number or application behavior.
- UNIT reserves the right to decrypt SSL traffic which transits the University network.
- UNIT may investigate any unauthorized access of computer networks, systems or devices. UNIT will work with academic or administrative departments and law enforcement when appropriate.
- All devices connecting to the network must have adequate security installed/maintained and must be configured and maintained in such a manner as to prohibit unauthorized access or misuse.
- If a security issue is observed, it is the responsibility of all Villanova University users to report the issue to the appropriate supervisor or UNIT for investigation.
- UNIT reserves the right to quarantine or disconnect any system or device from the University network at any time.
- Network usage judged appropriate by the University is permitted. Some activities deemed inappropriate include, but are not limited to:
· Attaching unauthorized network devices, including but not limited to wireless routers, gateways DHCP or DNS servers; or a computer set up to act like such a device.
· Engaging in network packet sniffing or snooping.
· Setting up a system to appear like another authorized system on the network (trojan).
· Other unauthorized or prohibited use under this or any other University policy.
Students may consult the Student Acceptable Use Policy for further information.
Employees may consult the Employee Acceptable Use Policy for further information.
- Any device found to be in violation of this policy, or found to be causing problems that may impair or disable the network or systems connected to it, is subject to immediate disconnection from the University's network. UNIT may subsequently require specific security improvements where potential security problems are identified before the device may be reconnected.
- Attempting to circumvent security or administrative access controls for information resources is a violation of this policy. Assisting someone else or requesting someone else to circumvent security or administrative access controls is a violation of this policy.
3. The University reserves the right to test and monitor security, and to copy or examine files and information resident on university systems related to any alleged security incident or policy violation.
- UNIT will maintain and monitor traffic logs for all network devices and systems for security auditing purposes.
- UNIT reserves the right to monitor, access, retrieve, read and/or disclose data communications when there is reasonable cause to suspect a University policy violation, criminal activity, monitoring required by law enforcement or with appropriate management request. Reasonable cause may be provided by the complaint of a policy violation or crime or as incidentally noticed while carrying out the normal duties of UNIT staff.
- UNIT may perform penetration testing of any University owned devices or systems on its networks in order to determine the risks associated with protecting University information assets. UNIT may further perform non-intrusive security audits of any system or device attached to the University's networks in order to determine what risks that system may pose to overall information security.
This policy applies to all Villanova University faculty, staff, students, vendors/contractors, guest account holders, and any other agents who may connect to Villanova University network computing resources. This policy also applies to all devices which are used by those individuals for network access, whether personally-owned, university issued or otherwise obtained. These devices include but are not limited to workstations, laptops, tablets, smartphones, servers, consoles, controllers, and any other computing device which is capable of communicating on Villanova’s networks.
The latest version of this document can be found on the Villanova University website here.
Complete listings of all University IT Policies can be found here.
UNIT staff can provide recommendations and support for this policy and any aspect of network provisioning, connectivity or access controls. Requests may be directed to firstname.lastname@example.org
Public and Private IP address space is defined as the network address space in use by the University. This includes the 188.8.131.52 /16 publically routable space, as well as all RFC1918 (IPv4) and RFC4193 (IPv6) private network subnets.
IEEE or Institute of Electrical and Electronics Engineers is defined as the body responsible for publishing technical standards, including: power and energy, biomedical, health care, information technology, robotics, telecommunication, transportation, information assurance, and many more.
Spoofing is defined as masquerading as or otherwise forging the IP address of another system in an effort to gain access to that system’s network traffic.
Packet sniffing or snooping is defined as capturing the network traffic (packets) of other users with the intent to analyze that traffic.
This policy was in existence on or before 9/10/2010.
Version 1.0 Approved April 18, 2016 by VP&CIO Stephen Fugale and the University Council on Information Technology (UCIT).