TTUHSC IT Policies
1.4.10 NETWORK ACCESS
Local Area Networks
Supported LANs are those designed, installed, and operated by the Enterprise Network team. Devices such as computers, printers, scanners, storage devices and arrays, and video-conferencing systems may be connected to a network outlet within a supported LAN with the approval of the campus RSC.
The following may not be connected to an outlet within the TTUHSC network without prior written authorization of the CIO or their designee:
- Proxy servers and firewalls
- Systems or devices providing Virtual Private Networking (VPN) capability to the Internet
- Wireless access points or other wireless networking equipment (Refer to Wireless Access)
- Systems or devices containing a network adapter operating in promiscuous mode where a node on a network accepts all packets, regardless of their destination address
- Systems performing Network Address Translation (NAT)
- Systems operating Domain Naming System (DNS), Windows Internet Naming System (WINS), or Dynamic Host Configuration Protocol (DHCP) services.
- Windows Domain Controllers
All TTUHSC owned PCs and servers attached to the TTUHSC network must be members of the TTUHSC domain and be defined in the appropriate Active Directory Organization Unit (OU)
All modem connections must be approved by the CIO or their designee, and routed through a modem pool or network device which utilizes an I.T. approved authentication system.
The connection of a device to the TTUHSC network that is accessible directly from the Internet, without going through the TTUHSC firewall or an I.T. managed modem pool, is a security risk. Typically, this is a modem device connected to a desktop computer or server on the TTUHSC network which is set to automatically answer incoming calls for connections to outside systems. Incoming connections to modems are not allowed without CIO approval.
Remote Access Policy and Procedures
Remote access to the TTUHSC network provides users with the convenience of accessing the Internet, their office computer, or information on network file shares to which they have access. Along with this convenience, comes the need for appropriate security controls to ensure that data transmitted is secure. Additionally, the network must be protected from illicit use; and to ensure that viruses, malware, and other malicious code are not allowed to propagate across the network.
This policy applies to all remote devices connected to the TTUHSC network infrastructure through Internet access or direct dialup connections.
State and federal legislation requires TTUHSC to provide protection for sensitive data such as patient information and student financial data. Therefore, TTUHSC personnel must use a secure mechanism for accessing the TTUHSC network infrastructure remotely. Additional information on remote access can be found at www.ITSolutions.ttuhsc.edu.
All users who connect remotely to the TTUHSC network must install an anti-virus software on each computer. This anti-virus software must be updated regularly with new anti-virus signatures. TTUHSC provides free McAfee Virus Scan licenses for home use by faculty, staff, and students. This software can be downloaded at https://eRaider.ttuhsc.edu.
Any user accessing the TTUHSC network through an Internet connection (Satellite or cable Internet connections) must connect using a Virtual Private Network connection (VPN).
VPN accounts are available at no cost for current faculty, staff, and students of TTUHSC. VPN accounts can be requested at www.ITSolutions.ttuhsc.edu. An email response will usually be returned with account information and setup instructions within 1 business day.
When a VPN account holder (employee or student) leaves TTUHSC, the account will be disabled as soon as Information Technology is notified of the termination date. VPN accounts will be set to automatically expire 12 months from the date the account is created or renewed. At least one week before an account expires, an email will be sent to the account holder reminding him/her to renew the account. The renewal request can be filled out at www.ITSolutions.ttuhsc.edu.
Client Connection Setup
VPN services from connections outside the TTUHSC network are supported, provided that VPN services are in compliance with the Internet Service Provider's policies.
All Institutional security policies are applicable to remote access users. Security controls in place include appropriate authentication and Intrusion Prevention Services (IPS). Monitoring and auditing will be conducted on the remote access connections in the event of unusual network activity. Information Technology will disable a dial-up or VPN account, based on recommendations from the I.T. Security Team, if network activity from any remote access computer is disrupting computing services on the TTUHSC network.
TTUHSC Software Requirements
All systems connected to the TTUHSC network must have approved anti-virus software (I.T. Policy 1.4.22, Viruses and other Malicious Code) installed and operational before the system is connected to the network. This software must be configured to receive regular virus signature updates from the anti-virus servers administered by the TTUHSC Information Security Officer and his/her staff.