The University of San Francisco: Information Technology Services
Information Technology

Network Standards

Account Management

All departments managing servers and/or applications connected to the USF network must comply with the following standards for account management.

  1. Designate personnel with appropriate skills and experience to be responsible for account creation and account management.
  2. Establish and maintain an account management process that includes the following characteristics:
    2.1 Tracking of privileged accounts.
    2.2 Timely deletion of privileged accounts when an individual's affiliation with the University changes.
    2.3 Tracking of user accounts.
    2.4 Timely deletion of user accounts when user access to an application is no longer appropriate.
  3. Password Requirements
    3.1 Both system and application password utilities should restrict password choices to avoid security vulnerabilities associated with passwords that are easy to guess and/or can be found in a dictionary. The utility used should require that a password be at least six characters in length and contain at least one letter and one digit.
    3.2 Both system and application password utilities should require that passwords be changed regularly. The new password should be different from the current password.

Top Arrow

Network Access

  1. Access to USF Intranet services and resources from the outside is limited to USF-authorized entry points and facilities.
  2. All entry points into the USF network must be authorized including T1, DSL, ISDN, modems, and other types of connections.

Network Equipment

  1. Network equipment must be housed in USF-approved equipment rooms, spaces, or classrooms.
  2. An inventory of all network equipment must be maintained including configuration, IP address, physical location, and maintenance and warranty information.
  3. Only USF-authorized network equipment may be deployed on the USF network. Authorization requests must be submitted via email to the Infrastructure Director.
  4. Wireless access points not supported by ITS must meet the following requirements.
    5.1 Be authorized by ITS Infrastructure (send email to itshelp@usfca.edu).
    5.2 Be configured to require authentication for each user and device.
    5.3 Have DHCP disabled on LAN interface.
    5.4 Be configured with the default password changed.

Network Management

  1. Access to equipment rooms must be limited to authorized personnel.
  2. Distribution of keys to equipment rooms must be documented and tracked.
  3. Accounts on switches, routers, and other network equipment must be limited to authorized personnel and distribution of these accounts must be documented and tracked. When staff members with accounts leave or change positions, their accounts must be deleted in a timely manner.
  4. Network management tools should provide support in the following areas.
    4.1 Maintaining an inventory of all network equipment.
    4.2 Configuring network equipment from a central management console.
    4.3 Upload and download of network equipment configurations from a central management console.
    4.4 Tracking software versions on network equipment.
    4.5 Track changes in network equipment configuration.
    4.6 Monitor and log network equipment behavior.
    4.7 Monitor and log all access to network equipment.
  5. Whenever possible, remote sessions with network equipment must be encrypted.
  6. Network security should include the following mechanisms.
    6.1 Firewall mechanisms for network access control, restriction of unencrypted data transmissions, content security (e.g., virus protection), and detecting and preventing denial of service attacks.
    6.2 Access control lists.
    6.3 Intrusion detection mechanisms for detecting unauthorized network activity.
    6.4 Network Address Translation (NAT).
  7. Network management should include the following network traffic and performance monitoring activities:
    7.1 Monitoring network configuration and connectivity.
    7.2 Monitoring network traffic.
    7.3 Monitoring network performance levels and diagnosing network performance problems.
  8. Firewall protection is required at the following points in the USF network.
    8.1 Campus network connection to the Internet.
    8.2 Interface between the administrative network and the residence hall network.
    8.3 Entry points to campus Intranet.
    8.4 Connections to department networks whose research and/or instructional network activities could potentially interfere with the proper functioning of the campus network.

Reporting and Responding to Security Violations

  1. Detected incidences of security violations must be reported immediately to the Campus Security Team by either calling the Help Desk at x6668 or sending email to abuse@usfca.edu.
  2. If appropriate, a member of the Campus Security Team will inform Public Safety of security violations.
  3. Public Safety is responsible for involving the appropriate campus and outside law enforcement agencies as necessary.
  4. Public Safety is responsible for coordinating the University's response to security violations with outside agencies.
  5. Compromised systems or systems interfering with the functioning of the network will be immediately disconnected and will remain disconnected until the system has been appropriately secured.
  6. The Campus Security Team will make every effort to contact the system administrator responsible for the compromised or interfering system to inform them that the system has been disconnected and to involve them in the process of analyzing and securing the system.
  7. The Campus Security Team is responsible for submitting a report describing the incident, action taken, and resolution to the CIO. The CIO is responsible for distributing the report to other members of the Leadership Team as appropriate.
  8. Disciplinary actions will be conducted through existing disciplinary procedures detailed in the Fogcutter Student Handbook, the Staff Handbook, and the faculty Collective Bargaining Agreement.