08:18:00 - Network Access
- Introduction: Technology Division is responsible for ensuring the network, both wired and wireless, is Chattanooga State's first line of defense against viruses, worms, hackers, and individual misuse that can compromise the critical computer systems and data that support Chattanooga State's business. The standards described herein are those Technology Division intends to use in the normal operation of its network systems. This document does not waive any claim that the College may have ownership or control of any hardware, software, or data created on, stored on, or transmitted through College computing systems. This policy functions as network standards and specifies security requirements for the College network, both wired and wireless. It also specifies the requirements for using wireless technologies and for accessing Chattanooga State computer systems from off campus.
- These standards apply to all Chattanooga State faculty/staff, students, authorized users, contractors and visitors that have access to College facilities, computing resources or College data. It impacts all inside and outside networks, (e.g., LAN, WAN, WLAN, wired, wireless, etc.), wireless access points (i.e., WAPs), routers, bridges, hubs, modems and various peripheral equipment. All wireless network access devices and technologies that provide a bridge between the College's wireless and wired networks (hereafter "wireless access points"), or any device that is designed to communicate with such a device via the College's wireless network.
- Wired and wireless networks are viewed the same and, therefore, must comply with any and all Chattanooga State guidelines/standards related to College networks and computer systems. Chattanooga State Technology Division has the responsibility and authority to scan computers attached to the Chattanooga State networks to ensure appropriate security, and support network operations and performance. The Technology Division reserves the right to restrict access to services and resources that are disruptive to its networks, or pose a threat to the College information security, audit or accreditation status. No change to any wired/wireless network device, hub, router, switch, ports, firewall configurations, including changes to any device within network closets throughout the campuses will be done without prior Technology Division network approval and a service request.
- Network connections are deployed to benefit the entire College and support its missions of education. These network connections are not to be used to provide commercial services not related to the College's missions nor shall they be used in any illegal activities. Network wiring, component, software and hardware requirements shall be documented for all Chattanooga State networks. College networks should be designed and implemented to the extent technically and reasonably possible so that:
- No single point of failure, such as a central switching center, could cause network services to be unavailable.
- Critical communications may immediately be sent via multiple long distance carriers over physically diverse routes.
- Peer-to-Peer (P2P) File Sharing software/applications, such as Bit Torrent, are not permitted at Chattanooga State due to possibility of violation of copyright laws, negative impact to network load, and can provide a conduit for malware. For business needs that require this type of software/application, please submit a service request to Technology Division containing the business justification.
- Firewall configurations must prohibit direct public access between the Internet and any system component in the cardholder data environment. All in-bound dial-up lines to administrative and research computer systems shall be protected with extended user authentication systems. Both ends of a dial-up connection shall be dropped when the access session is terminated.
2. Direct network connections between any Chattanooga State network carrying administrative or research data and computers at external organizations via the Internet or any other public network, are prohibited unless specifically approved by the appropriate Dean, or their designee and Director of Communication Technology.
- Adequate controls exist to restrict access to and use of network troubleshooting equipment, audit and network management software.
- Wireless networks do not offer the same performance, stability or security as wired networks. The wireless network should be thought of as an extension of the wired network to promote mobility. This section outlines the processes, requirements and standards needed to implement a secure, reliable and usable wireless network at Chattanooga State.
- Wireless access points should be installed in physically secure areas accessible only by authorized Technology Division personnel to prevent unauthorized access and physical tampering. Devices should not be placed in easily accessible public locations. Wireless clients accessing the campus wired infrastructure must meet certain data networking and security standards to ensure that authorized and authenticated users are able to connect to the campus network and that College computing resources are not exposed to unauthorized users.
- Access control and security mechanisms such as gateways, firewalls and network-based intrusion-detection systems will be deployed.
- All access via the wireless infrastructure requires user authentication. Wireless clients must not be used for connecting to campus business systems such as Human Resources and Financials, student information, or other systems that contain confidential data, or are critical to the mission of Chattanooga State unless using encryption protocols or other appropriate and equally secure methods. No portion of access to these systems, or saving/printing related data will be conducted on a wireless medium without appropriate security. Applications access via the wireless infrastructure shall include appropriate password and data protection controls.
- Research groups and labs should be aware that conditions of some federal grants include data confidentiality and protection. No data or network protection can be guaranteed on wireless networks.
1. Payment Card Industry (PCI) Compliance and Questionnaire 2. 1. National Institute of Standards and Technology,
2. Special Publication 800-46 Rev 2, Guide to Enterprise Telework, Remote Access and Bring Your Own Device (BYOD) Security, 7/2016
3 The State of Tennessee Department of Finance and Administration Strategic Security Program, 12/15/2016
4. Additionally, other College Policies, Guidelines, Standards, and/or campus procedures might impose certain restrictions that are not specifically covered by state and federal statue or regulations.
5. Chattanooga State Technology Division Policy 08:14 Responsible Use Policy, 5/30/2017
Dr. Rebecca Ashford, President October 24, 2017
Signature Date Approved
Division Name: Technology Division
Policy Number and Title: 08:18:00 Network Access
- Reformatted the whole policy to new format.
- All pages - Information Technology Services was changed to new division name - Technology Division.
3. Section C sentence was added: ....No change to any wired/wireless network device, hub, router, switch, ports, firewall configurations, including changes to any device within Network closets throughout the campuses will be done without prior Technology Division Network approval and a Service Request.
4. Section C para 2 was added:
Direct network connections between any Chattanooga State network carrying administrative or research data and computers at external organizations via the Internet or any other public network, are prohibited unless specifically approved by the appropriate Dean, or their designee and Director of Communication Technology.
Dr. Rebecca Ashford, President October 24, 2017
Signature Date Approved
President's Cabinet, 02/1/2012
Dr. James L. Catanzaro, President, 05/7/2012
Implemented by: Computer Services, 3/27/09 Reviewed and Revised by: Computer Services, 12/1/2011 Rev 1