This Policy defines the rights and obligations of staff who are responsible 1 for the administration of computers connected to the University Network. It has the force of University Discipline.
The University Network Manager 2 is
responsible for the performance and integrity of the University's network.
He is responsible, therefore, for authorising initial and continuing
connection of equipment to it.
If, at any time, he suspects a networked node 3 (or any facility on it) of affecting the performance of the network adversely, of putting the integrity of the other nodes at risk, of risking unauthorised access to the University's proprietary information, of jeopardising the University's ability to discharge its legal obligations, or of breaching the University's Computing Code of Conduct or other regulations, he is authorised to have it disconnected without further notice. Systems Administrators must advise the IT Security Officer and/or University Network Manager if they have any concerns about nodes not directly within their remit.
Persons who are responsible 4 for the establishment or ongoing administration of a networked node are also responsible for ensuring that the node is adequately secure. They must 5 ensure that the equipment (and any facilities offered by it) does not put at risk the performance or integrity of the network itself or of any of its nodes, whether by patch status, application design or otherwise. Consequently they are authorised 6 to take any reasonable and legal steps to ensure that this is the case.
Only IT Network Services are authorised to add active components (routers, switches, wireless base stations etc.) to the network itself. Only IT Network Services or their agents may make UTP sockets live. IT Network Services will install WLAN access points on request, subject to existing channel constraints and scheduling. Wireless services are subject to strict regulation to ensure operational continuity of existing services as well as security, given the need to maintain channel and air-space separations. IT-NSG needs to allocate wireless channels to prevent interference, so even off-net experimental services must be cleared in advance.
Anyone requesting a computer connection to the network must confirm that they have attended and will continue to attend to the items listed below. While not every item listed possesses am immediate risk to the network or other nodes connected to it, all issues are good practice and are likely to reduce the risk of accidental or deliberate corruption, or of unauthorised release, of data held on the system.
The service offered must not infringe the Open University's Computing Code of Conduct or the Network Terms of Business, especially paragraph 5.
Discs, software, scripts, documents, spreadsheets and databases from others (internal or external) should be virus checked with an up-to-date virus scanner.
The operating system, DBMS, web server and services, scripts and other services must be kept patched against all significant vulnerabilities. This should be done as soon as the patches are available. Administrators must ensure that the function is sufficiently well resourced to ensure cover during holidays or other absence.
All computers must comply with the requirements of the university’s Network Access control system. Machines not running the approved OU Desktop will be required to install the Bradford Campus Manager agent which ensures compliance with security standards. Temporary network devices including those connecting from remote locations will be screened using a network based agent
Email: The only approved external connection is through the OUMAIL service. Workstations or servers that are to receive Email (directly from OUMAIL) must first be registered. (Contact the IT Support (IT-Helpdesk@open.ac.uk) for further information.)
If a node permits network access for anything other than 'trivial' services (e.g. a read-only web server with public data), access must be password protected.
Services/ports should be disabled if not actively in use. This includes "server services" on workstations. If the host is in a DMZ, unused services/ports must be disabled.
The administrator must require good passwords on all accounts. This should cover both choice and privacy of password (i.e., not in a dictionary, not divulged to colleagues - see Computing Code of Conduct). High privilege accounts (e.g. root on UNIX) should have secondary passwords where possible. The IT Helpdesk can advise on the availability of password enforcement routines.
Routine user activity should be undertaken using accounts without special privileges. Access under privileged accounts should be reserved for uses that require the capabilities they provide (e.g. for system administration). Where available, administration should be undertaken by elevating to root from a normal account rather than by logging on as root.
Systems should be configured to ensure password ageing/expiration.
User accounts should be removed as soon as the user ceases to have a contract with the University and any privileged facilities must be removed.
Quiescent accounts (e.g. accounts used by computer engineers or external support agencies, those on long term leave, etc.) should be suspended and only activated when needed.
Restrict auto-login capabilities from remote hosts (e.g., 'rhost' file usage under UNIX). It is strongly recommended that such access is not permitted but, if essential, must be limited to specific nodes and, ideally, be transient.
File Permissions - should be set to the minimum necessary (e.g. files with a World Write attribute should be avoided).
Administrators must join the IT Security Information mailing list appropriate to the platform managed and must attend to any critical or serious alerts so that they can meet their obligations under 3(i)c above.
Administrators must monitor the system for possible 'hacking' (e.g. unauthorised or repeated login attempts, especially on privileged accounts). IT-Helpdesk can advise.
The IT Security Officer will check networked nodes periodically and inform the person responsible for the system of any issues causing concern. To permit this and where available, the vulnerability agent should be installed. Actions identified in this way should be implemented with immediate effect and to the satisfaction of the Security Officer. This is a condition of continued connection to the network.
Any external network must not be inter-connected to the University Network
other than through the University's approved external connections (i.e.
no other device is permitted to act as a gateway to the University Network.
This includes a modem connection from a node on an external network to a
node on ours.) Any direct external connection 7 must be declared (e.g. modem
or ISDN, ADSL or other) and used only for out-bound calling.
(This is a connection made directly to Local Area Network wired or wireless access points at Walton Hall, Regional Offices, Warehouses, and other permanently connected locations.)
Only equipment of a type that has been approved by IT should be connected
to the University network. Availability of an existing network access
point does not change this. New types of equipment need to be verified
by IT on a test network to ensure that they do not compromise live service.
Wireless equipment is subject to further constraints - see 6 (iii) below.
Only IT Network Services or their authorised agents may make UTP sockets live. Interference with patch panels, cable looms or cable ducts by any other person is strictly prohibited: sanctions for malicious or negligent interference include dismissal.
Operating Systems and other Networking Software may only be used on
nodes connected to the live network if approved by NPT. Any operating
system and networking software used must be kept up to date, in a timely
manner, with security and other NPT required fixes.
Wireless connections should be configured to use IEEE802.1x and WPA. (Note, as notified in 2 b above, users must not install wireless base stations. This function is strictly restricted to IT Network Services).
TCP/IP is the only approved protocol and other protocols should not be used. TCP/IP version 4 is the only protocol supported actively, though version 6 is in testing. (Any intent to test IPv6 equipment must be notified in advance to IT-NSIT). Systems and protocols other than these are not facilitated on the University Network and their use is strongly discouraged. Any such use must be notified to IT-NSIT and should be justifiable in relation to relevant research. Systems using them will be disconnected without notice if suspected of interference with supported systems or protocols. In any event, they will not be forwarded through any router.
Although higher level protocols are not explicitly included or excluded here, (since interference tends to be rare), users are strongly advised to use the University's preferred systems (NFS and SAMBA on UNIX and Microsoft Windows SMB for PCs and Macs) to ensure that they will be able to interwork with colleagues.
Certain important network services and management functions (including, but not limited to, DNS, DHCP, WINS, NIS/NIS+, ILS, NTP, SNMP and periodic ICMP) are centrally managed and alternate services must not be established. Programmatic or scripted use of traceroute (or ping to network infrastructure components) is not permitted unless specifically authorised by the University's Network Manager.
All hosts must have a unique name and [IP] address (or DHCP registration). Any host named in a domain other than open.ac.uk must have the name approved by a senior University Officer, advised by the Network Manager. The naming policy is set by the Web Policy Committee. IT will register the name and allocate any addresses.
Names other than one in the open.ac.uk (or other approved domain) must not be mapped to an IP address in the Open University allocated address ranges. In the highly exceptional event of hosts being in a domain not owned by the University, they must still be registered in our DNS.
There is a similar central registration procedure for Remote Procedure Call (RPC) routines.
Remote equipment (home, third party) must not be connected to the OU network except through an ISP or other Internet connection, using the university's internet gateway (and VPN where appropriate). Direct connection into the network must not be created. There is a highly constrained list of authorised exceptions to this rule.
Where a vendor requires a dial-up link for remote support, this must be disconnected when not in active use. Administrators should use the systems that IT has established for such use.
An inter-network gateway must not be created. See 5 above.
Deliberate tampering with or snooping on the network is regarded as identical to reading another person's letters or eavesdropping on a private conversation. Attempts to do so will be subject to the same disciplinary procedures as would be used in those circumstances and may lead to sanctions that include dismissal. Additionally, the Computer Misuse Act may apply and criminal charges brought. The availability of a privileged tool on some systems should not be taken as giving permission to use it.
Even though the University has a network firewall, this is by no means a total block. System Managers must take precautions against vandalism and snooping. Users of Personal Computers must recognise that the security of the simple operating systems controlling them is weak and should not store confidential or critical data on their hard discs. Encryption may be wise for sensitive traffic and data stores.
The University Network is linked to national and world wide academic community networks. Observance of these ethical standards is equally expected in the use of these networks (and abuse is subject to the same disciplinary procedures and legal sanctions).
The OU is not a commercial Internet Service Provider (ISP); services are provided for educational purposes; are resourced at the level required for university business and educational purposes; and any misuse is reducing the resource available to a legitimate user. Systems staff regularly monitor the performance of the services provided and when problems are noted the reasons are investigated; any activity that is not considered legitimate within the terms of the codes of conduct is rigorously pursued through official channels. These statements apply equally to all members of the University, staff as well as students.
The current University Network Manager is Adrian Wells, Head of IT Infrastructure, IT. The current C&IT Security Officer is Marilyn Moffat, IT Systems Account Manager (Working Environment Team).
November 1999, with minor editorial updates 2001, 2002. Revised June 2003.
Revised August 2006, Revised December 2009
Updated 2 November 2010
1 This policy does not concern the vast majority of users who use the standard OU desktop without significant modification.
2 This is currently the IT Head of Technical Services or his delegate in his absence.
3 i.e. an individual host, server, workstation, PC, Mac, etc. on the network
4 Under most circumstances, this will be an IT professional appointed to perform these tasks on behalf of a number of users who accept a standard configuration without altering it significantly: these users delegate their responsibility to this person. A System Administrator is anyone who is responsible for looking after one or more nodes (i.e. PCs, Macs, workstations, hosts, servers, etc.) and who handles the necessary administration associated with any such system. They may be IT Support Person, System Managers or individual with their own workstation. Any other individual should consult AACS, in the first instance via the Specialist Support Group. It is important to recognise that IT does not support departmental systems - it only advises. In the event that a node ceases to have a designated person responsible, it must be disconnected from the network.
5 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 www.ietf.org/rfc/rfc2119.txt.
6 This authorisation is as required by the Computer Misuse Act. Administrators should be aware that abuse of privilege is likely to be considered to be "gross misconduct". For more detailed advice, see Guidelines for System and Network Administrators
7 Only a modem connected to a networked node need be declared. It is not intended that modems attached to home based or other completely stand-alone equipment be included.