All users (students) are
accountable for their behaviors that result in network security concern. It is
responsibility of all users to be familiar with the guidelines of using the
service offered through DCSL network. It is also responsibility for every user
to report to the system administrator suspected inappropriate use or malicious
activity on the network.
Acceptable Usage Policy
DCSL network is
available for use by users anytime of the day and night for the sole purpose of
study. Using network resources for any function over and above that is
prohibited. DCSL may be allowed to be not available
sometimes for maintenance and trouble shouting purposes.
General Access Policy
will be strictly restricted. Access will be allowed by assuming that
ACCESS IS DENIED UNLESS SPECIFICALLY REQUIRED.
Access to network
resources is given on demand. Information assets are protected by giving access
to specific groups and denying access to all others. The changes in access
including increasing or decreasing privileges need approval from the manager of
Wireless user or
VPN client must have approval before access the resources of the LAB. Once
connected, wireless user or VPN client will have equal rights as local user of
the LAB network.
It is the
responsibility of the remote users or VPN users to ensure their equipments are
not used by unauthorized person to access the network resources.
Internet Access Policy:
two types of ?Internet access?:
(i) type 1 - users using the Internet to
access the assets in the DCSL network;
(ii) type 2 - users using the computers in
the DCSL network to access the Internet.
access should be available all the time for administrative and studying
Internet connection is used for VPN client to connect to the Lab network.
Internet connection is used for external access to DMZ web server.
access should be available for HTTP traffic of student workstation.
DMZ web-server, FTP server Access policy:
DMZ web-server is open to public. It has two areas: public area and private
Normal external users are encouraged to access to web-server public area for
advertised information of education and security services.
Access to private area is restricted to authorized users only.
FTP is only for authorized users to upload/download files or update web pages.
access to the network require authentication and will be logged for auditing and
and VPN users must go through 2 layers of authentication:
user will be authenticated by access server and second by individual resources
on the network.
Authentication is carried out using Access Control Server. This server must be
protected against attacks ands intrusions form both inside and outside network.
is ready to use all the time. But there will be outages for various reasons such
as system update, upgrade, installing new equipments, trouble shooting, and
implementing new security rules. The availability of the network is the highest
Information Technology Systems and Network Maintenance Policy
network equipment is managed by administrator appointed by Lab manager ? faculty
administration is allowed but connection must be first authenticated with access
server and then encrypted.
administration sessions both inside and outside must be encrypted
Violations ad Security Incident Reporting and Handling Policy
Documented processes must be setup to identify when intrusions and network
The following steps need to be set up for incident reporting and handling:
- A process must be invoked to inform administrator when attacks happen
- A process need to be set up to identify all the information to track the
attack and record it for later prosecution
- A process must be in place to trace the attack in order to identify all
vulnerability of the system so that future attacks can be avoided.
The LAB manager has ultimate responsibility for the security policy
The following table defines the responsibilities of people who are involved in
Defining and maintaining overall LAB security policy
- Main contact for changes to security policy
- Responsible for final approval of new network implementation
that will affect network security
- Responsible for cross-faculty communication on security issues.
- Administrative control over staff directly responsible for
- Main architect of network design and network security.
Managing the daily operation of the LAB network
- Ensure the security is followed in all network implementation
- Involve in the design of network and network security.
- Main contact for all network incidents
- Settle all the network troubles and attacks
Assisting network administrator in network administration
- Take the role of network administrator when main administrator is
- Involve in all network implementation
Table 2. Roles and Responsibilities