Owners are responsible for ensuring that their machines meet the relevant security standards and for managing the security of the equipment and the services that run on it. For the sake of this policy, owners and caretakers are both referred to as owners. a staff member who has a computer in her office). a student who has a personal computer) or caretaker (e.g.
3.3 Responsibility for SecurityĮvery computer or other device connected to the network, including a desktop computer has an associated owner (e.g. For example, CIS would contact the registered owner of a computer when his or her computer has been compromised and is launching a denial of service attack or if a copyright violation notice has been issued for the IP address used by that person. The role of such an agent would be to audit the computer for compliance with security standards as defined in section 3.4 below.ĬIS maintains a database of unique machine identification, network address and owner for the purposes of contacting the owner of a computer when it is necessary.
#NETWORK CONNECTION INSTALL#
Users may also need to install an agent on their computers before they are allowed on the network. Users of the university network may be required to authenticate when connecting a device to it. Exceptions will be made by CIS for approved personnel in departments who can demonstrate competence with managing the aforementioned hardware. As a result, extending or modifying the Brown network must be done within the CIS published guidelines. These effects are not always immediate, nor are they always located at the site of modifications. Modifications or extensions to the network can frequently cause undesired effects, including loss of connectivity. You may connect devices to the campus network at appropriate connectivity points including voice/data jacks, through an approved wireless network access point, via a VPN or SSH tunnel, or through remote access mechanisms such as DSL, cable modems, and traditional modems over phone lines. Therefore, individuals who connect computers, servers and other devices to the Brown network must follow specific standards and take specific actions.
Universities that have experienced severe compromises have also experienced damage to their public image. Damages from these exploits could include the loss of sensitive and confidential data, interruption of network services and damage to critical Brown University internal systems. An unsecured computer on the network allows denial of service attacks, viruses, Trojans, and other compromises to enter the university's campus network, thereby affecting many computers, as well as the network's integrity. The standards are designed to minimize the potential exposure to Brown University and our community from damages (including financial, loss of work, and loss of data) that could result from computers and servers that are not configured or maintained properly and to ensure that devices on the network are not taking actions that could adversely affect network performance.īrown University must provide a secure network for our educational, research, instructional and administrative needs and services. The purpose of this policy is to define the standards for connecting computers, servers or other devices to the University's network. This policy is designed to protect the campus network and the ability of members of the Brown community to use it.