Professional Documents
Culture Documents
1.Introduction ...........................................................................................................................2
2.Purpose ..................................................................................................................................2
3.Scope......................................................................................................................................2
4.Responsible Authorities ....................................................................................................... 3
5.Policy Statements ................................................................................................................. 3
5.1 Users of the Network............................................................................................................3
5.2 Modifiers of the network .......................................................................................................3
5.3 Network devices...................................................................................................................3
5.4 User devices ........................................................................................................................3
5.5 Uses of the Network.............................................................................................................4
5.6 ISD’s Management Authority ...............................................................................................4
5.7 ISD’s powers of detection, prevention and restitution..........................................................4
6. Legislation ............................................................................................................................5
7. Sanctions ..............................................................................................................................5
8. References ............................................................................................................................5
IT Security Co-ordinator
Enquiry point : University of Salford
Information Services Division
Clifford Whitworth Building
SALFORD
M5 4WT
Std: 0161 295 5910
Mobile:
Fax:
Doc ref: Network Security & Connection Policy Page 1 of 5 Version: 1.1
This document is issued by Information Services Division (ISD). The only definitive version is that held and
controlled on the ISD website. It is not under document control when copied or printed
1. Introduction
This document sets out University policies for enabling access to and assuring the security of
the data communications network at the University of Salford. It establishes the
responsibilities of Information Services Division (ISD) in managing the network and users’
responsibilities in using it, as well as ISD’s authority in taking action to foresee, detect, prevent
or rectify security risks which threaten the activities of the University and its members.
2. Purpose
As a key part of its role Information Services Division (ISD) is responsible for the ownership,
development, installation, operation and maintenance of the data communications network on
behalf of the University and its members. With this responsibility comes the authority to take
action necessary to safeguard the security of the network to minimise and contain potential
risks to the University and its members, both operational and legal, from the consequences of
network-related security violations and misuse. In this context, the purpose of this policy is to
state clearly both ISD’s responsibility and authority for the University’s network infrastructure
and devices connected to that infrastructure, and users’ responsibilities in using such devices.
3. Scope
The coverage of this policy includes:
• the University’s internal data communications network, devices connected to it and
supplied by, or otherwise approved for, connection by ISD, and the network’s
connection to JANET and the internet . i.e.
o University network segments linked directly and indirectly to the Peel Park
campus infrastructure
o University network segments linked via Net North West
o University network segments linked via wireless technology
• all devices utilising this infrastructure, including those connecting via wireless
technology
• all users of such devices
• the protection, detection and action against threats, including but not restricted to:
o virus attacks
o denial of service attacks
o hacking internally or from external sources
o downloads and uploads of unacceptable material (as defined
by the JANET Acceptable Use Policy1)
o unacceptable content of outgoing email
o unsolicited bulk email
o theft, corruption or loss of data or software from external
sources
o theft of bandwidth
o breaches of the JANET AUP1
o unauthorised connection of devices to the network
The coverage of this policy includes threats from but excludes risks to:
• on-campus devices not approved for network connection by ISD
• on-campus devices connected both to the University’s network and to
external network connections
• on-campus networks not installed or approved by ISD
• off-campus networks and devices
Doc ref: Network Security & Connection Policy Page 2 of 5 Version: 1.1
This document is issued by Information Services Division (ISD). The only definitive version is that held and
controlled on the ISD website. It is not under document control when copied or printed
Also excluded are:
• IT security aspects not involving networks
• Other security aspects not specifically involving IT.
• the CCTV system
4. Responsible Authorities
The term “Designated ISD Authority “ used in this policy means the Director of Information
Services or his authorised delegate.
This policy is issued under the authority of the Director of Information Services who as an
Officer of the University is responsible for enforcing sanctions where necessary to safeguard
the University and its members. The IT Infrastructure is managed by the Head of IT
Infrastructure & Operations who is responsible for the prevention and detection of ICT misuse.
This policy is managed by the Head of Quality & Processes who is responsible for investigating
incidents of ICT misuse.
5. Policy Statements
Doc ref: Network Security & Connection Policy Page 3 of 5 Version: 1.1
This document is issued by Information Services Division (ISD). The only definitive version is that held and
controlled on the ISD website. It is not under document control when copied or printed
Operating System Security patches.
Client devices are defined as equipment generally used by one person. Examples are PCs,
Macintoshes or PDAs. Network connectivity is achieved by either plugging this equipment
directly into an activated data point on the University network or indirectly by enabling a
connection via a wireless access point.
University owned client devices may be connected to the network by any user of the University
provided the equipment is used in accordance with the aims and policies of the University (as
defined in the ISD regulations3) and JANET’s AUP1 , JANET’s Security Policy2 and for no other
purpose.
Users wishing to connect their own equipment may do so only in ISD’s designated areas (e.g.
approved areas within ISD libraries and student accommodation) and after ISD approval.
5.5 Uses of the Network
The University’s data network may be used for any purpose that is in accordance with the aims
and policies of the University (as defined in the ISD regulations3) and JANET’s AUP1, JANET’s P
Doc ref: Network Security & Connection Policy Page 4 of 5 Version: 1.1
This document is issued by Information Services Division (ISD). The only definitive version is that held and
controlled on the ISD website. It is not under document control when copied or printed
6. Legislation
The University has obligations under which it must comply with relevant UK and European
Community legislation including (but not exclusively):
The use of the computing and networking facilities is permitted by the University on the
condition that all users will comply with the conditions stated in the JANET Acceptable Use
Policy AUP1 and JANET’s Security Policy2. Users should note that the University’s access to
the Internet is solely through the JANET network and that violations of the JANET policies
could potentially lead to this access being withdrawn.
All users of the university network are required to comply with the approved University Policies,
Standards, relevant legislation and contractual requirements and should seek appropriate
advice when in doubt.
7. Sanctions
ISD, on behalf of the University are responsible for investigating, containing and resolving
breaches of security and may disconnect, block traffic to / from, impound, or log information
about any machine using the data network. Under University disciplinary procedures, ISD are
authorised to initiate investigations of users who abuse this policy. Such investigations may
result in ISD banning users without prior notice, pending resolution of the incident and
dependent upon the nature of the offence may involve the Police.
8. References
Doc ref: Network Security & Connection Policy Page 5 of 5 Version: 1.1
This document is issued by Information Services Division (ISD). The only definitive version is that held and
controlled on the ISD website. It is not under document control when copied or printed