You are here

Network Control

See the Network Control Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

The University campus Data Network Services are managed and operated by the following units:

  • Office of Information Technology (OIT)-Data Network Services for:
    • Extension Services
    • Morris campus
    • Research Outreach Centers
    • Rochester campus
    • Twin Cities campus
  • Technology Support Services (TSS) for the Crookston campus
  • Information Technology Systems and Services (ITSS) for the Duluth campus for:
    • Cloquet Forestry Center
    • Coleraine Minerals Research Laboratory
    • Natural Resources Research Institute
    • Boulder Lake Environmental Learning Center
    • RICH Center (Pharmacy program for Research on Indigenous Community Health)
    • Duluth Center for Economic Development
    • Amsoil Arena
    • Glensheen Mansion
    • Duluth Research and Field Studies Center

Data Network Services provides networking and support to an agreed upon network hand-off points. A hand-off point is the point where Data Network Services’ responsibility for support ends and that of the user or LAN network administrator begins (e.g., at the network wall jack of a user workstation).

User supported devices (e.g., computer, laptop, tablet) should use the fewest possible connections to the University network, preferably one. In some circumstances, multiple devices may be connected to a single Data Network Services switch port. If more than 12 media access control (MAC) addresses connect to a single switch port, the switch is considered an extension of the University network and must meet the network controls.

University Wi-Fi access points advertise the services they provide with a name programmed into the device called a Service Set Identifier (SSID). Wi-Fi network names that are managed by the University campus Data Network Services may not be used or operated by users or other units.

Controls to prevent unauthorized access to the network include, but are not limited to:

  • firewall
  • proxy
  • access control list
  • virtual private network (vpn)

Document the network access controls used as well as network hand-offs, including identification of LAN administrators.

IT staff and University employees are responsible for working with networking services, data owners and service directors on establishing the appropriate network access controls. IT staff and University employees may not change the fundamental security profile of the service provided (e.g., by adding a wireless access point on a PCI-DSS designated network jack).

LAN network administrators are responsible for maintaining the controls for their network and/or extension(s) of the network from the Data Network Services agreed upon hand-off point. This includes maintaining sufficient records for safety and security to positively identify or locate a user or device on the University network in real time.

Users, data owners and service directors are responsible for working with IT staff to properly use the network access in the roles they perform. Users, data owners and service directors may not escalate privilege without authorization, misrepresent authority, or deliberately interfere with the operation of the University network in ways that are contrary to the core mission of the University.

More Information

Document Owner: University Information Security

Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: August 2015