POLICY:
Registration of Internet Service Devices and Access Management
PURPOSE:
Any computer, server, printer, or network-attached device that is located on campus and is directly accessible from off-campus locations requires special access through the campus firewall. Such special access introduces a vulnerability to the campus computing infrastructure.
To manage this vulnerability, all such devices must be identified and appropriate controls enabled. These controls will help to ensure that the services provided by an identified device, the device itself, and the campus computing infrastructure maintains a high level of performance for the end user.
Such controls are necessary to reduce the campus's vulnerability to cyber attacks, which will limit accessibility to these resources (e.g., via a Denial of Service Attack (DoS)).
PROCEDURES:
Each device that is directly accessible from off-campus locations must be registered with Information Technology (IT).
Only devices registered with IT and that have appropriate controls applied by the technical administer will be directly
accessible from the Internet. The following procedures are associated with the registration of these devices.
1. The organizational administrator (e.g., Director, MAR, Dean, etc.) responsible for the device must submit a request to the University Helpdesk. This request must contain the following information:
- a. The contact information for the organizational administrator
- b. The 24x7 contact information for both the primary and secondary technical administrator
- c. The DNS name and IP address for the device: (A DNS name and static IP address must also be associated with this device.)
- d. The physical location of the device
- e. The list of ports that need to be accessible from off-campus locations (refer to http://www.iana.org/assignments/port-numbers for assigned port numbers)
- f. A general description of the unique services being provided by this device, including the following information:
- i. The services (or applications) that are offered via this device
- ii. The community served by these services
- iii. The reasons why existing Internet services currently do not meet the needs in which this device would provide.
2. The Chief Information Officer (CIO), or designee, shall review and approve, as appropriate, all requests.
3. IT/Network Engineering and Operations (NEO) shall make appropriate configuration changes to the Campus Firewall to
permit access to all approved Internet Service Devices.
4. A yearly review of all registered devices and associated firewalls rules shall be conducted at the end of each spring
semester by IT in conjunction with the technical administrators of each device.
RESPONSIBILITIES:
1. The technical administrators are responsible for keeping IT informed of the status of their Internet Service Devices.
In addition, these devices must conform with campus policy and adhere to prevailing IT standards.
2. IT must assist campus entities with their requests for expanded data communication needs.
3. IT/NEO is responsible for all configuration and maintenance of the firewall devices.
REFERENCES:
State Administrative Manual (SAM), Section 8643
FURTHER INFORMATION:
Chief Information Officer (hilary.baker@csun.edu)
Approved by the President
