Network Security Policy

Purpose

Clemson University provides an extensive computing network infrastructure to support the University’s teaching, research, and service missions. This policy is an extension to the existing Student Misuse Policy and the Employee Misuse Policy , and focuses on network connectivity.

The campus has seen an increase in malicious network scans and subsequent attacks against vulnerable equipment. Therefore, it is the purpose of this policy to help protect the assets of Clemson University from these intrusions, while maintaining an open computing environment.

Computing and network communications technology is changing rapidly and this policy may be amended at any time to meet security challenges to ensure Clemson University’s teaching, research, and service missions are not impacted. These changes will be communicated via area Consultants and TSPs in addition to being posted on the Web. Campus units may create guidelines that clarify or supplement, but not lessen, this policy.

User Responsibility

Users are responsible for all activities on their userid or from activities that originate from their systems. Users are encouraged to use strong passwords and maintain their virus protection software and system software at current levels.

Policy

  1. All workstations and servers must be registered with the Clemson University network registration system before those systems can use the Clemson Network. Lab workstations should be registered under the departmental support person’s userid. If the ownership of the workstation changes, or the workstation is replaced, the user must notify their Consultant or TSP that the registration needs to be deleted. The registered user is responsible for all activity of registered workstations.
  2. The installation of network electronic equipment that includes, but is not limited to: routers, remote access devices, modems, wireless access points, or any other devices that allow access to the Clemson Network is prohibited. Persons needing network connectivity provided by such devices must contact their area Consultant or TSP.
  3. Installation of servers (Web, email, etc.) must be coordinated with the area Consultant or TSP. This includes devices with Web interfaces for management. The use of centrally provided resources is strongly encouraged; however, if the centrally provided resources are unable to satisfy the need, a local server could be considered.
  4. Systems that do not require Internet access, or the primary function is local to the Clemson Network, should use private addressing. Examples of such systems are Energy Management, Tiger 1 Card, or other embedded systems that use IP for management.
  5. Unauthorized network services such as DHCP, BOOTP, DNS, Proxy, etc. are prohibited; such services are centrally provided on the Clemson Network. Clemson IP addresses may not be registered with outside DNS authorities; users needing DNS entries must contact their Consultant or TSP.
  6. Access to certain areas of the Clemson Network from the Internet will require the use of a Virtual Private Network to authenticate and encrypt the communication.