NETWORK SEGMENTATION | Texas Tech University Health Sciences Center
TTUHSC students walking through Lubbock campus courtyard.

NETWORK SEGMENTATION

Image explaining Network Segmentation: hand icon with a line drawn thru it - text: blocking unauthorized endpoint, two people icons with a plus sign - text: providing secure guest access, police office icon - text: enforcing endpoint compliance, home icon with a person inside - text: quarantining non-compliant devices, settings icon connected to three different sections - text: assigning role-based access control, server icon - text: increasing network visibility


Creating Separate Networks for TTUHSC

Traffic will be sorted by Network Access Controls (NAC) and directed to either the TTUHSC domain or BYOD (bring your own device) network as appropriate. NAC consists of two key steps: authentication and authorization.

  • Authentication is when the system verifies the based on credentials, while authorization is when the system accepts or denies access based on the policies in place. 
  • The process of assigning and enforcing security policies based on those roles (endpoint integrity) , allows TTUHSC to control the behaviors of all of the devices trying to access our network.
  • Network access control can ensure intellectual property and sensitive data are protected from unauthorized use, capture, or modification.

NETWORK ACCESS CONTROL

NON-DOMAIN DEVICES
Will be directed to internet ONLY, without access to communicate with other TTUHSC domain resources.

 

PLAN AHEAD!!

Special Use Computers may be Affected

(Research/Lab Equipment, Environmental Controls, etc.) 

  • Develop remediation plan for all unsupported systems (Includes supported operating system and  appropriate security products for domain membership)
  • Single system or full lab review
  • Network access control can ensure intellectual property and sensitive data are protected from unauthorized use, capture, or modification to ensure compliance with institutional policies and the corresponding state and federal regulations.

REQUEST AN ASSESSMENT

Image of the internet form to request an unsupported device or equipment assessment

NETWORK VS. DOMAIN - What's the Difference?

'On the Network'

  • The network allows devices to communicate with other devices.
  • All staff, students and faculty have access to our network.
  • Not all devices on the network belong to TTUHSC.

'On the Domain'

  • Used to manage large groups of computers.
  • Allows access to TTUHSC ONLY resources:
    Licensed software, managed updates and patches, security applications
  • All devices on the domain belong to TTUHSC.
Single line drawing of a laptop computer with a mouse and then heading text reads Network Access Control Rollout

 

  • Dallas, including VA Campus and Mansfield Completed
  • Midland/Odessa - before end of 2025
  • Abilene - 1st QTR 2026
  • Amarillo then Lubbock to follow