Security of the Network
At Tufts University, UIT (University Information Technology) manages the data and voice networks. In that capacity, UIT management must assume the largest share of responsibility for identifying and analyzing potential threats to the networks as well as for network security planning, implementation, maintenance and monitoring.
- UIT network managers will identify and analyze potential threats to uninterrupted voice and data network availability and identify appropriate responses. The analysis and preparatory work will be recorded, maintained and updated as conditions change.
- Network managers will implement appropriate controls to ensure that connected users or computer services do not compromise the security of any other networked service.
- UIT network managers are responsible for the implementation of any controls necessary to ensure that access is limited to authorized users of the network.
- UIT network or system managers as appropriate, will establish procedures to identify and remove network services, protocols and network devices that expose the network to unauthorized access or attacks.
- Each network manager will take reasonable action to provide necessary protection against natural disasters and will prepare adequate disaster recovery plans and procedures for that part of the network for which he/she is responsible.
- UIT network managers are responsible for establishing and maintaining standards for network naming and numbering. The head of each school/division's IT support organization is responsible for managing the local implementation of UIT's network numbering and naming standards in concert with several UIT departments: Network Engineering, WebCentral and the Microsoft LAN group.
- UIT network managers are responsible for the maintenance and publication of network services responsible use guidelines to maximize network integrity and performance.
- Each network manager is responsible for conducting periodic reviews of implemented security plans, measures, procedures and controls.
- Each network manager must provide the means to permit authorized personnel to audit and establish individual accountability for any activity involving the network and which may or does result in a security breach.
- Each system or network manager must initiate an investigation of any suspected security breach involving his/her network(s) and is responsible for documenting the suspected breach and actions taken.