Governance

Policies and procedures

Policy No.
UP13/7
Function
Technology And Telecommunications
Authoring Organisational Unit
Policy and Planning - IT Services
Date Approved
01/06/2012
Next Review Date
01/06/2015
Approving Body
Vice-Chancellor

The University of Western Australia

University Policy on: UWA Network

Purpose of the policy and summary of issues it addresses:

The purpose of this policy is to outline the principles and responsibilities for the operation and management of the University-wide network.

This policy does not apply to external research networks on campus.

Definitions:

Information Services - is the University division that will be responsible for the provision and management of the network.

Core Layer - is considered the backbone of the network and includes high end switches.


Distribution Layer - ensures that network traffic is properly routed between all areas of the University.

Access Layer - connects workstations and other end-user devices to the network.

24x7 - means twenty four hours a day, seven days a week.

Policy statement:

The following principles define the underlying rules for the use and management of the University network.

1 The network will be managed centrally.

Implications

Information Services will be responsible for the end-to-end management of the network. This includes management of:

Core, Distribution and Access layers

Active network devices and ports

Network communications rooms including environmental controls within these rooms

Network security and access management

Ownership of all IP addresses

The procurement and installation of all network equipment

Network access control

Firewalls including changes to firewall rules

Security incidents

Network capacity planning

Network traffic

2 The network will be built and maintained to standards

Implications

Information Services will be responsible for building and maintaining the network to appropriate standards. The following components are within scope of the standards:

Design (Core, Distribution and Access layers)

Cabling

Network communications rooms

Supported protocols and features

Security

3 The network will be supported according to agreed service levels

Implications

Information Services will be responsible for the support of the network according to service levels set out in Operation Level Agreements. These will include the following:

24x7 support

Agreed response times

The single point of contact for all network service will be the Information Services' Service Desk

Roles and responsibilities for network security and access management

Changes to the network will be in accordance with Information Services' change management procedures

The status of network services will be monitored for availability and performance

All network outages, whether planned, unplanned or taken-down (refer to University Policy on Exercising Take-Down Powers) will be communicated appropriately

4 Network traffic will be monitored and controlled

Implications

  • The network will be monitored 24/7 and faults reported to Information Services for corrective action to be taken
  • Network traffic volumes will be monitored and shaping of traffic may be performed where excessive or malicious network activity is suspected
  • Take-down powers will be exercised in appropriate circumstances

5 Management of the Network

Implications

Information Services will be responsible for the following:

5.1 Procurement of network components and services including:

  • Ownership and allocation of IP addresses
  • Procurement, installation, removal and disposal of all network equipment
  • Network capacity planning

5.2 Wired Network Security

  • Network security including intrusion detection and firewalls will be managed by Information Services
  • All changes to the firewall will be made on request via the Information Services Service Desk
  • All traffic between internal networks will traverse the core firewall and will be blocked unless explicitly allowed by the target network
  • The border router will perform basic filtering functions for all traffic leaving or entering the network
  • All requests for firewall changes will be reviewed by the Security Administrator before being applied
  • Where high security network requirements may be necessary, Information Services will conduct a risk assessment in consultation with the relevant area within the University to determine additional security measures that may be required (e.g. encryption across the network). Information Services will then implement the security infrastructure as required

5.3 Wireless Network Security

  • All wireless networks connected to the UWA network must be authorised by Information Services (refer to University Policy on Wireless Networks)
  • All wireless network traffic must be encrypted
  • All users of the wireless network must be authenticated
  • Wireless networks will be monitored by Information Services and action will be taken to shut down unauthorised wireless networks

5.4 Network Standards

  • Information Services is responsible for the design of the network, the installation and configuration of all network equipment including core, distribution and access layer according to standards
  • Information Services is responsible for all cable patching within communications rooms or communication panels

5.5 Communications Equipment

  • All network equipment will be housed in secure, fit for purpose premises
  • Only authorised personnel will be given physical access to network equipment
  • Information Services may suspend or revoke the network access of persons who put the University network at risk through unauthorised access to network equipment

5.6 Remote Network Access

  • All remote access to the network must be authenticated
  • All remote access must use secure protocols to protect user credentials as a minimum and if possible, all data should be transmitted using secure protocols
  • Information Services is responsible for the implementation and provisioning of remote access

5.7 External Network Access

  • Information Services must authorise all external networks that connect to the University network

5.8 Wide Area Network (WAN) Links

  • Information Services is responsible for provisioning, managing and maintaining all WAN links
  • All WAN links to the network from remote sites must either traverse private network infrastructure or use secure encrypted tunnels over public network infrastructure

5.9 Segregation of devices on the network

  • Servers, workstations, printers and appliances should be appropriately separated on the network and traffic between them should be controlled by appropriate configuration and/or policy

5.10 Network Threat Management

  • Information Services will be the primary point of contact for network based threat management and is responsible for associated procedures
  • Information Services will monitor the network for potential threats such as SPAM or any other threat that has the potential to degrade network performance
  • Information Services can delegate authority to any staff member to take action in response to network threats
  • In the event that a threat is detected, Information Services will take action to remove the threat or isolate the section of the network where the threat has occurred

5.11 Separation of Data and Voice on the Network

  • Data and voice traffic should be logically separated on the network
  • Information Services is responsible for defining University specific settings for IP phone registration

5.12 Network Traffic Monitoring

  • Information Services will actively monitor the network based on data types and other parameters in order to manage the efficient and effective flow of network traffic

Related forms: (Link)

TRIM File No:

F53794

Contact position:

IT Policy Officer

Related Policies or legislation: