Network Protocols and Use Policy | University Technology, [U]Tech

Title: Network Protocols and Use Policy
Approved by: Office of the President
Date approved by President or Board of Trustees: May 12, 2010
Effective date: May 12, 2010
Responsible Official: UTech Security and Policy
Responsible University Office: UTech Security and Policy
Revision History: 2
Related legislation and University policies: None
Review Period: 3 Years
Date of Last Review: July 26, 2024
Relates to: Faculty, Staff

Summary

The purpose of this policy is to establish standards for management of network access and communications. This policy applies to all information technology systems that are connected to and use the �ǿմ�ý network infrastructure. Cloud-based services are outside the scope of this policy.

Purpose

All networks and communications technologies owned and managed by �ǿմ�ý are considered to be private in nature, and access is granted for the exclusive use of �ǿմ�ý faculty, staff, students, and affiliates in accordance with the �ǿմ�ý Acceptable Use of Information Technology Policy (AUP). The privilege of use of all �ǿմ�ý networks requires adherence by all �ǿմ�ý users to a minimal set of standards to assure efficient and effective management of network resources. The doctrine employed by �ǿմ�ý IT Services is to assure the fulfillment of the mission of the University through access to and availability of �ǿմ�ý networks, which are deemed a critical resource.

General policy of approved protocols and usage thresholds will be determined and implemented by �ǿմ�ý University Technology (“[U]Tech”). The implementation of standards shall be the responsibility of all IT systems owners and administrators.

�ǿմ�ý network users shall not provision network-based services for non-�ǿմ�ý third parties.

Access Requirements

All networks on the �ǿմ�ý campus are installed and maintained by �ǿմ�ý [U]Tech. To assure the integrity and availability of network services, no other network communications (with the exception of commercial cellular telephony networks) shall be permitted on University facilities. No networking equipment (routers, managed switches, DHCP servers, DNS servers, WINS servers, VPN servers, remote access dial-in servers/RADIUS, wireless access points, hardware firewalls) shall be permitted without a written exception from Case [U]Tech.

All devices connected to �ǿմ�ý networks shall be registered with �ǿմ�ý [U]Tech when initially attached to the network. This applies to printers, computing systems, laboratory equipment, and communications devices that use TCP/IP network protocols. The registrant must be a current faculty, staff, student, or affiliate account user with a valid and active NetworkID. Information on how to register a network device can be found at the �ǿմ�ý Help Desk. Unregistered devices are subject to disconnection from the �ǿմ�ý Network, without notice, whether or not they are disrupting network service.

Currently devices connected to the CaseGuest wireless network are unregistered. All university-purchased or owned hosts shall be registered in a similar manner to wired network registration, using the CaseWireless or other registered wireless networks the University provides. �ǿմ�ý users accessing the �ǿմ�ý IT resources via wireless networking may assure the privacy of the network communications by using these encrypted networks or �ǿմ�ý VPN software.

No device or program that has the potential to disrupt network service to others is permitted on the �ǿմ�ý Network without prior arrangement with [U]Tech.

Protocol Standards

The management of network protocols shall be performed by information systems administrators and network administrators to assure the efficiency, availability, and security of the common resources, in accordance with the governing �ǿմ�ý Acceptable Use Policy.

Simple Mail Transfer Protocol (SMTP):

All email protocol traffic shall utilize the centralized mail gateways (smtp.case.edu). Inbound mail traffic with destination addresses for servers other than those operated by [U]Tech shall utilize an DNS MX record to relay that traffic through the centralized mail gateways. All outbound traffic shall utilize the SMTP gateway.
The use of SSL or TLS based communication standards for email client to email server communication is preferred such that the authentication session is the protected transaction.

Domain Name Services Protocol (DNS):

All hosts on �ǿմ�ý networks shall utilize the �ǿմ�ý DNS systems. All hosts connected to �ǿմ�ý networks receive a cwru.edu or case.edu domain name extension. No host connected to �ǿմ�ý networks shall be addressable by any DNS name other than that provided by �ǿմ�ý.
No host with a case.edu or cwru.edu domain name (and an IP address within the �ǿմ�ý network spaces) will use an IP address outside the University's registered name space without a written exemption from �ǿմ�ý [U]Tech (Technical Infrastructure Services).
cwru.edu and case.edu versions of every hostname must be the same.

Dynamic Host Configuration Protocol (DHCP):

All hosts on �ǿմ�ý networks shall either obtain and use a static IP address (see for setup) or use the �ǿմ�ý DHCP service to obtain an assigned IP address. Users shall not use a self-assigned IP address, or operate a DHCP server. The use of bootstrap (BOOTP) shall be governed in the same manner as DCHP.

Banned Protocols:

[U]Tech keeps a listing of which have been shown to interfere with the architecture and management of the �ǿմ�ý network environment.

Definitions

MX record- An MX record or Mail exchanger record is a type of resource record in the Domain Name System (DNS) specifying how Internet e-mail should be routed. MX records point to the servers that should receive an email, and their priority relative to each other.

SSL- secure sockets layer, an encryption method for communication between the mail client and mail server.

TLS- transport layer security, an encryption method for communication between a mail client and a mail server, or between mail servers.

TCP/IP- transmission control protocol and internet protocol, which define how communications are currently implemented in the �ǿմ�ý network infrastructure.

IP address- internet protocol address, an essential networking element which permits traffic to be routed to a specific host.

Cloud services- software and/or systems that are hosted in off-campus data centers that rely on network communications to permit access for users in the �ǿմ�ý network environment. An example is �ǿմ�ý Google Applications.