Standard and Process
See the specific requirements in the Network Management Standard in the University Policy library. The following supplements the requirements in University policy.
The University campus Data Network Services are managed and operated by the following units:
- Office of Information Technology (OIT)-Data Network Services for:
- Extension Services
- Morris campus
- Crookston campus
- Research Outreach Centers
- Rochester campus
- Twin Cities campus
- Technology Support Services (TSS) for the Crookston campus
- Information Technology Systems and Services (ITSS) for the Duluth campus for:
- Cloquet Forestry Center
- Coleraine Minerals Research Laboratory
- Natural Resources Research Institute
- Boulder Lake Environmental Learning Center
- RICH Center (Pharmacy program for Research on Indigenous Community Health)
- Duluth Center for Economic Development
- Amsoil Arena
- Glensheen Mansion
- Duluth Research and Field Studies Center
Data Network Services provides networking and support to an agreed upon network hand-off points. A hand-off point is the point where Data Network Services’ responsibility for support ends and that of the user or Local Area Network (LAN) administrator begins (e.g., at the network wall jack of a user workstation, or at the router for a LAN administrator).
Document the network access controls used as well as network hand-offs, including identification and responsibilities of LAN administrators.
User supported devices (e.g., computer, laptop, tablet) should use the fewest possible connections to the University network, preferably one. In some circumstances, multiple devices may be connected to a single Data Network Services switch port. If more than 12 media access control (MAC) addresses connect to a single switch port, the switch is considered an extension of the University network and must meet the network controls.
University WiFi access points advertise the services they provide with a name programmed into the device called a Service Set Identifier (SSID). WiFi network names that are managed by the University campus Data Network Services may not be used or operated by users or other units.
Controls to prevent unauthorized access to the network include, but are not limited to:
- access control list
- virtual private network (vpn)
Technical staff and University employees are responsible for working with networking services, data owners. data custodians, and service owners on establishing the appropriate network access controls. Technical staff and University employees may not change the fundamental security profile of the service provided (e.g., by adding a wireless access point on a network jack).
LAN administrators are responsible for maintaining the controls for their network and/or extension(s) of the network from the Data Network Services agreed upon hand-off point. This includes maintaining sufficient records for safety and security to positively identify or locate a user or device on the University network in real time.
Users, data owners, data custodians, and service owners are responsible for working with Technical staff to properly use the network access in the roles they perform. Users, data owners and service directors may not escalate privilege without authorization, misrepresent authority, or deliberately interfere with the operation of the University network in ways that are contrary to the core mission of the University.
See the Information Security policy appendices for additional information security standards that also apply.
- This standard is based on the principles of ISO/IEC 27002:2013.
- Tools & Resources:
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Bernard Gulachek, VP of Information Technology and Chief Information Officer
Effective Date: August 2010
Last Reviewed Date: May 2019