Computer Lab Security Policy
Revised: 06/30/2009
1. Purpose.
This policy establishes TCCC-RYSS Information Technology Network Information Security requirements for the TCCC-RYSS Computer Labs, to ensure that confidential information and technologies are not compromised, and to ensure that production Services and other TCCC-RYSS interests are protected from TCCC-RYSS computer lab activities.
2. Scope.
This policy applies to all TCCC-RYSS Computer Labs, as well as all Authorized Users who use the TCCC-RYSS Computer Labs. All existing and future equipment, which falls under the scope of this policy, must be configured in accordance with the following requirements.
3. Policy.
Ownership Responsibilities
1. TCCC-RYSS Computer Lab operational groups are composed of faculty and staff members designated as managers of one or more computer labs. An operational group may consist of members from several departments.
2. TCCC-RYSS Computer Lab operational groups are responsible for assigning lab managers, a point of contact (POC), and a back-up POC for each lab. TCCC-RYSS Computer Lab owners must maintain current POC information with the Information Technology Services department.
3. TCCC-RYSS Computer Lab managers are responsible for the Security of their labs and the labs’ impact on the TCCC-RYSS Information Technology Network and non-TCCC-RYSS Networks.
4. TCCC-RYSS Computer Lab managers are responsible for assuring the labs’ and Authorized Users’ compliance with all TCCC-RYSS Security policies. The following policies are particularly important: Acceptable Use Policy, Password Policy, Wireless Security Policy, Anti-Virus Policy, and Physical Security Policy. Where policies and procedures lack specificity, lab managers must do their best to safeguard TCCC-RYSS from security Vulnerabilities.
5. TCCC-RYSS Computer Lab managers are responsible for controlling lab access. Access to any given lab will only be granted by the lab manager or authorized designee.
6. The Information Technology Services Department must maintain a Firewall device between the TCCC-RYSS Information Technology Network and all lab equipment.
34
7. The Information Technology Services Department and Information Security personnel have the right to interrupt lab connections that negatively impact the TCCC-RYSS Information Technology Network.
8. All lab Internet Protocol (IP) addresses are recorded by the Information Technology Services department. These IP addresses, which are routed within the TCCC-RYSS Information Technology Network, are stored in a TCCC-RYSS Address Management System along with current contact information for that lab.
9. Any TCCC-RYSS Computer Lab operational group that desires additional external connections to other Network segments must provide a diagram and documentation to appropriate Information Security personnel with a business justification, the equipment, and the IP address space information. Information Security personnel will review the provided documentation for Security concerns, and must approve the implementation of such connections.
10. All Authorized User passwords must comply with the TCCC-RYSS's Password Policy documentation.
11. No TCCC-RYSS lab shall provide production Services. These must be managed by the Information Technology Services department.
General Configuration Requirements
1. All traffic between the TCCC-RYSS Information Technology Network and the TCCC-RYSS Computer Lab Networks must go through a Firewall maintained by the Information Technology Services department. TCCC-RYSS Computer Lab Networks, wireless or physical, must not circumvent the Firewall.
2. Original Firewall configurations and any changes to them must be reviewed and approved by appropriate Information Security personnel. Security improvements are requested by Information Security personnel as needed.
3. Authorized Users utilizing TCCC-RYSS Computer Labs are prohibited from engaging in port Scanning, Network Auto-Discovery, Traffic Flooding, and other similar activities that negatively impact the TCCC-RYSS Information Technology Network or non-TCCC-RYSS Networks.
4. Traffic between the TCCC-RYSS Information Technology Network and the TCCC-RYSS Computer Lab Networks is permitted based on business needs, as long as the traffic does not negatively impact other Networks. Authorized Users utilizing TCCC-RYSS Computer Labs must not advertise Network Services that may compromise the TCCC-RYSS Information Technology Network or put confidential information at risk.
5. Information Security personnel have the right to audit TCCC-RYSS Computer Lab-related data and administration processes at any time, including, but not limited to: in-bound and out-bound packets, Firewalls, Network peripherals. etc.
35
6. Network devices within TCCC-RYSS Computer Labs must comply with all TCCC-RYSS product Security advisories and must be authenticated against TCCC-RYSS-provided authentication servers.
7. The “enable” password for all TCCC-RYSS Computer Lab Network devices must be different from all other equipment passwords in such lab. The password must comply with the TCCC-RYSS's Password Policy, and must only be provided to those Authorized Users who are authorized to administer the TCCC-RYSS Computer Lab Network.
8. In TCCC-RYSS Computer Labs where non- TCCC-RYSS personnel have physical access (e.g., training labs), direct connectivity to the TCCC-RYSS Information Technology Network is not allowed. Additionally, no Authorized User may enter confidential information into nor permit such confidential information to reside on any information technology resources in TCCC-RYSS Computer Labs. Connectivity for authorized personnel from TCCC-RYSS Computer Labs can be allowed to the TCCC-RYSS Information Technology Network only if authenticated against TCCC-RYSS-provided authentication servers, temporary access lists (lock and key), Secure Shell (SSH), Virtual Private Networks (VPNs), or similar technology approved by appropriate Information Security personnel.
9. Infrastructure devices (e.g. IP Phones) needing TCCC-RYSS Information Technology Network connectivity must adhere to the Open Areas Policy.
10. All TCCC-RYSS Computer Lab Networks with external connections must not be connected to the TCCC-RYSS Information Technology Network or any other internal Network directly, via a wireless connection, or via any other form of computing equipment.
4. Enforcement.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
