��쿪��ֱ��������

1 PURPOSE

The purpose of this standard is to provide acceptable use and security guidance to protect the integrity of the ��쿪��ֱ�������� (��쿪��ֱ��������) network, mitigate risks, and ensure secure and reliable network access and performance for the community.��

---

2 SCOPE

This standard applies to all ��쿪��ֱ�������� business and academic units and ��쿪��ֱ��������-owned information systems that collect, store, process, share, or transmit institutional data. Personally owned devices connecting to the University Campus Network must meet the Bring Your Own Device standard requirements.��

---

3 STANDARD

3.1.1��Unless authorized by ��쿪��ֱ�������� ET&S Cybersecurity, any software that explores “sniffs” or probes the network for any reason is strictly prohibited. ET&S tests and investigates all actions or conditions that pose risks to network security and will take corrective and/or protective measures as necessary to ensure the continued proper function of the campus communications networks.��

3.1.2 Any entity identified as a potential unfriendly host is immediately denied access to the campus network and reported to the proper authorities for further investigation and subsequent action.��

3.1.3 ET&S manages and configures the Campus/Enterprise firewalls according to the guidelines contained within this policy. The Firewall Policy shall be reviewed yearly.��

3.1.4 The guest wireless network is available for parents, vendors, and other guests of ��쿪��ֱ�������� and shall be utilized in strict adherence to all ��쿪��ֱ�������� policies.����

3.1.5 The guest wireless network cannot directly access any non-public ��쿪��ֱ�������� resources. Information about access to the ��쿪��ֱ�������� guest wireless can be found at: ��

3.1.6 ��쿪��ֱ�������� networks shall be physically and logically segmented.����

3.1.7 ��쿪��ֱ�������� shall use sandboxes to test new applications that may contain viruses or cause compatibility issues with other systems.����

3.2 Network Hardware/Software (routers, switches, servers, other network devices)��

3.2.1 The connection of any network device (routers, switches, servers, other network devices) to the campus network without prior knowledge and expressed permission from ET&S is prohibited.��

3.2.2 Although other protocols are not strictly prohibited, the primary protocol supported on the ��쿪��ֱ�������� communications networks is TCP/IP using secure encrypted protocols such as HTTP or SFTP.��

3.2.3 ET&S will centrally manage and keep logs for network equipment.����

3.2.4 Network administrators shall restrict access by the principle of least privilege and, when possible, enable multifactor authentication (MFA).��

3.2.5 ��쿪��ֱ�������� change management policies shall be followed for all configuration changes.��

3.2.6 Critical security firmware/software patches will be coordinated and applied by the ��쿪��ֱ�������� change management policies.��

3.3 Disaster Recovery

ET&S is responsible for maintaining, testing, and continuously improving a plan for recovery of the communications networks in the event of a disaster. Community members can find details in the ET&S Disaster Recovery Plan.��

3.4 Device Registration and Address Allocation��

3.4.1 Users shall register all hosts (computers) on the ��쿪��ֱ�������� network using an accurate and unique addressing scheme assigned by ET&S.��

3.4.2�� Users needing help connecting a new device to the campus network should contact the ET&S Help Desk for assistance at /it/need-it-help��

3.4.3 Users may request a static address allocation by contacting the ET&S Help Desk. Requests for static addresses or creating a new network will be reviewed and acted upon as appropriate in the best interests of the campus network and the user community at /��

3.4.4 ET&S Networking Group manages domain registrations and follows the ��쿪��ֱ�������� format (usnh.edu, keene.edu, plymouth.edu, unh.edu) for domain administration. Any request needs to be approved by ET&S.��

3.4.5 A security scanning audit is periodically performed on all networked devices on the ��쿪��ֱ�������� networks to ensure hardening procedures are in place for security purposes.��

3.5 Network Guidelines

The campus communications networks are a limited resource that facilitates the goals and mission of ��쿪��ֱ��������.��

3.5.1 Users may not infringe or encroach on the availability or use of the campus network by others. Examples of activities not allowed include (but are not limited to):��

�� 3.5.1.1 Using an IP address that has not been assigned or approved by ET&S.��

�� 3.5.1.2 Monitoring or “sniffing” data on the network.��

�� 3.5.1.3 Flooding the network, either intentionally or unintentionally.��

�� 3.5.1.4 Running a commercial or for-profit service on the network.��

�� 3.5.1.5 Registering a system without using usnh.edu or other ��쿪��ֱ��������-approved domains.��

�� 3.5.1.6 Establishing, enabling, or providing network services that interfere with the regular operation of the campus communications networks or users of the network or create a security risk and exposure.��

�� 3.5.1.7 Installing wireless access points, switches, routers, and firewalls (other than software firewalls on their personal devices.����

3.6 Physical connections

Physical connections to the network will follow industry standards, such as EIA/TIA Standards for cabling, FOA Standard for Fiber Optics cabling, and IEEE 802.11X for wireless connections.��

---

• Approved by: Thomas Nudd, Chief Information Security Officer, January 29, 2022��
• Reviewed by:��Dr. David Yasenchock, Director Cybersecurity GRC, January 21, 2022
• Revision History:����V1.1 April 23, 2024, Cybersecurity GRC Working Group��
  • Revised formatting, K SWEENEY, 30 MAY 2024��