Computer Security Policy

Black Hills State University Computer Security Policy


1.0 Purpose

This policy establishes information security requirements for Black Hills State University computers/labs to ensure that Black Hills State University confidential information and technologies are not compromised, and that production services and other Black Hills State University interests are protected during lab activities.

2.0 Scope

This policy applies to all internally connected labs, Black Hills State University employees and third parties (students) who access Black Hills State University's labs. All existing and future equipment, which fall under the scope of this policy, must be configured according to the referenced documents.

3.0 Policy

3.1 Ownership Responsibilities

1. Lab owning departments are responsible for assigning lab managers. Technical Support Services (TSS) is responsible for lab maintenance and upgrade installations. Purchase of lab equipment/upgrades is the responsibility of the owning department.

2. Lab managers are responsible for the security of their labs. Lab managers are responsible for adherence to this policy and associated processes. Where policies and procedures are undefined lab managers must do their best to safeguard Black Hills State University from security vulnerabilities.

4. The Lab Manager is responsible for controlling lab access. Access to any given lab will only be granted by the lab manager or designee, to those individuals with a need within the lab, either short-term or as defined by their ongoing job function. This includes continually monitoring the access list to ensure that those who no longer require access to the lab have their access terminated.

5. TSS must maintain access lists between the university production network and all lab equipment.

6. TSS reserves the right to interrupt lab connections that impact the production network negatively or pose a security risk.

7. TSS must manage all lab IP addresses, which are routed within Black Hills State University networks. IP databases and log information is maintained by TSS.

9. All user passwords must comply with Black Hills State University's Password Policy.

10. No lab shall provide production services. Production services are defined as ongoing and shared business critical services that generate revenue streams or provide customer capabilities.

11. TSS will address non-compliance waiver requests on a case-by-case basis and approve waivers if justified.

3.2 General Configuration Requirements

1. All traffic between the university production and the lab network must go through a TSS maintained ACL. Lab network devices (including wireless) must not cross-connect the lab and production networks.

2. Original ACL configurations and any changes thereto must be reviewed and approved by TSS. TSS may require security improvements as needed.

3. Labs are prohibited from engaging in port scanning, network auto-discovery, traffic spamming/flooding, and other similar activities that negatively impact the corporate network and/or non-Black Hills State University networks.

4. Traffic between production networks and lab networks, as well as traffic between separate lab networks, is permitted based on needs and as long as the traffic does not negatively impact on other networks. Labs must not advertise network services that may compromise production network services or put lab confidential information at risk.

5. TSS reserves the right to audit all lab-related data and administration processes at any time, including but not limited to, inbound and outbound packets, firewalls and network peripherals.

6. Lab owned gateway devices are required to comply with all Black Hills State University product security advisories and must authenticate against the university authentication servers.

7. The enable password for all lab owned gateway devices must be different from all other equipment passwords in the lab. The password must be in accordance with Black Hills State University's Password Policy. The password will only be provided to those who are authorized to administer the lab network.

8. In labs where non-Black Hills State University personnel have physical access (e.g., training labs), direct connectivity to the university production network is not allowed. Additionally, no Black Hills State University confidential information can reside on any computer equipment in these labs. Connectivity for authorized personnel from these labs can be allowed to the university production network only if authenticated against the university authentication servers, temporary access lists (lock and key), SSH, client VPNs, or similar technology approved by TSS.

10. All lab external connection requests must be reviewed and approved by TSS. Strong passwords must be used for authentication.

11. All lab networks with external connections must not be connected to Black Hills State Universitys production network or any other internal network directly or via a wireless connection, or via any other form of computing equipment.

4.0 Enforcement

Any employee/student found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Please see the Employee or Student Handbook for guidelines.

5.0 Definitions

  • Internal - A lab that is within Black Hills State University's corporate firewall and connected to Black Hills State University's production network
     
  • Lab Manager - The individual responsible for all lab activities and personnel
     
  • Lab - A Lab is any non-production environment, intended specifically for developing, demonstrating, training and/or testing of a product.
     
  • External Connections (also known as DMZ) - External connections include (but not limited to) third-party data network-to-network, analog and ISDN data lines, or any other Telco data lines.
     
  • Lab Owned Gateway Device - A lab owned gateway device is the lab device that connects the lab network to the rest of Black Hills State University network.
     
  • Traffic - Mass volume of unauthorized and/or unsolicited network Spamming/Flooding traffic.
     
  • Firewall - A device that controls access between networks. It can be a PIX, a router with access control lists or similar security devices approved by TSS.
     
  • Extranet - Connections between third parties that require access to connections non-public Black Hills State University resources.
     
  • DMZ (De-Militarized Zone) - This describes network that exists outside of primary corporate firewalls, but are still under Black Hills State University administrative control.


6.0 Revision History

1.1 March 16, 2005
1.2 March 15, 2006 (clerical corrections)
 

Black Hills State University

CONTACT IITS:
E.Y. Berry Library Room 007
7:00 AM - 4:00 PM M-F
IITS Office: 605.642.6020
IITS Help Desk: 605.642.6580
BHSUHelpDesk@BHSU.edu

Helpful Hints

Are you in a hurry and need to print something quick? Using a software system called Uniprint, BHSU students, faculty, and staff can have consistently fast, reliable and seamless printing from anywhere, anytime, to select campus printers.

Connect to a printer today...