All departments managing servers and/or applications connected to the USF
network must comply with the following standards for account management.
- Designate personnel with appropriate skills and experience to be responsible
for account creation and account management.
- Establish and maintain an account management process that includes the
- 2.1 Tracking of privileged accounts.
- 2.2 Timely deletion of privileged accounts when an individual's
affiliation with the University changes.
- 2.3 Tracking of user accounts.
- 2.4 Timely deletion of user accounts when user access to an application
is no longer appropriate.
- Password Requirements
- 3.1 Both system and application password utilities should restrict
password choices to avoid security vulnerabilities associated with passwords
that are easy to guess and/or can be found in a dictionary. The utility
used should require that a password be at least six characters in length
and contain at least one letter and one digit.
- 3.2 Both system and application password utilities should require
that passwords be changed regularly. The new password should be different
from the current password.
- Access to USF Intranet services and resources from the outside is limited
to USF-authorized entry points and facilities.
- All entry points into the USF network must be authorized including T1,
DSL, ISDN, modems, and other types of connections.
- Network equipment must be housed in USF-approved equipment rooms, spaces,
- An inventory of all network equipment must be maintained including configuration,
IP address, physical location, and maintenance and warranty information.
- Only USF-authorized network equipment may be
deployed on the USF network. Authorization requests must be submitted via
email to the Infrastructure Director.
- Wireless access points not supported by ITS must meet the following requirements.
- 5.1 Be authorized by ITS Infrastructure (send
email to firstname.lastname@example.org).
5.2 Be configured to require authentication for each user and device.
- 5.3 Have DHCP disabled on LAN interface.
- 5.4 Be configured with the default password changed.
- Access to equipment rooms must be limited to authorized personnel.
- Distribution of keys to equipment rooms must be documented and tracked.
- Accounts on switches, routers, and other network equipment must be limited
to authorized personnel and distribution of these accounts must be documented
and tracked. When staff members with accounts leave or change positions,
their accounts must be deleted in a timely manner.
- Network management tools should provide support in the following areas.
- 4.1 Maintaining an inventory of all network equipment.
- 4.2 Configuring network equipment from a central management console.
- 4.3 Upload and download of network equipment configurations from a
central management console.
- 4.4 Tracking software versions on network equipment.
- 4.5 Track changes in network equipment configuration.
- 4.6 Monitor and log network equipment behavior.
- 4.7 Monitor and log all access to network equipment.
- Whenever possible, remote sessions with network equipment must be encrypted.
- Network security should include the following mechanisms.
- 6.1 Firewall mechanisms for network access control, restriction of
unencrypted data transmissions, content security (e.g., virus protection),
and detecting and preventing denial of service attacks.
- 6.2 Access control lists.
- 6.3 Intrusion detection mechanisms for detecting unauthorized network
- 6.4 Network Address Translation (NAT).
- Network management should include the following network traffic and performance
- 7.1 Monitoring network configuration and connectivity.
- 7.2 Monitoring network traffic.
- 7.3 Monitoring network performance levels and diagnosing network performance
- Firewall protection is required at the following points in the USF network.
- 8.1 Campus network connection to the Internet.
- 8.2 Interface between the administrative network and the residence
- 8.3 Entry points to campus Intranet.
- 8.4 Connections to department networks whose research and/or instructional
network activities could potentially interfere with the proper functioning
of the campus network.
Reporting and Responding to Security Violations
- Detected incidences of security violations must be reported immediately
to the Campus Security Team by either calling the Help Desk at x6668 or
sending email to email@example.com.
- If appropriate, a member of the Campus Security Team will inform Public
Safety of security violations.
- Public Safety is responsible for involving the appropriate campus and
outside law enforcement agencies as necessary.
- Public Safety is responsible for coordinating the University's response
to security violations with outside agencies.
- Compromised systems or systems interfering with the functioning of the
network will be immediately disconnected and will remain disconnected until
the system has been appropriately secured.
- The Campus Security Team will make every effort to contact the system
administrator responsible for the compromised or interfering system to inform
them that the system has been disconnected and to involve them in the process
of analyzing and securing the system.
- The Campus Security Team is responsible for submitting a report describing
the incident, action taken, and resolution to the CIO. The CIO is responsible
for distributing the report to other members of the Leadership Team as appropriate.
- Disciplinary actions will be conducted through existing disciplinary procedures
detailed in the Fogcutter Student Handbook, the Staff Handbook, and the faculty Collective