Data Communication Network Security Policy

Farmingdale State College’s data network shall be run in a secure manner, with reasonable steps taken to protect electronic data assets owned and/or managed by Farmingdale State College, and the transmission of data from or within the College.

Responsibilities:
The Department of Information Technology (IT) is responsible for managing all devices on the campus network. IT is also responsible for the design, maintenance, and operation of the overall campus network. Each area on campus has the responsibility to run their individual networks in a manner consistent with Colleges Policies and Mission.

1. Addressing Devices - All devices that are connected to the campus network must have the appropriate authorization from IT. All such authorized devices will be allowed to use an Internet Protocol (IP) address within the 137.125.0.0, class B, address space, and managed by Farmingdale State College, in addition to other communications protocols as appropriate. Each area has been assigned a range of addresses to assign to the devices they are responsible for. Areas are not to use addresses outside assigned ranges without prior authorization from IT.

2. Connecting Network Devices - Each area of the College has assigned one or more technical contacts, who are responsible to provide IT with a list of all devices that are connected to the campus network. This list should include the device name, device location, IP and MAC address.

When IT detects or is made aware of a problem, the technical contact for the area will be notified and asked to repair or remove the faulty device. It is important to keep up-to-date information for each registered device on the campus network. If the technical contact for the area cannot be reached, the system in question will be taken off the network until the problem is resolved.

3. Wiring Closets/Cabinets. – IT is responsible for managing all campus data wiring closets/cabinets. In many buildings users are assigned to a specific port on a data communications device. Only IT personnel are permitted to add, change, or remove connections from wiring closets.

4. Data Communications Equipment. - Each building has one or more switches that are managed by IT. Each switch provides data connections to one or more classrooms and/or offices. Many rooms have the need for more devices than there are connections. Adding a switch or hub inside the office or classroom commonly solves this problem. If a switch or hub is incorrectly configured it can cause network outages. Therefore, adding switches, hubs, routers and/or firewall devices to network ports without the prior consent of IT is strictly prohibited.

5. Bandwidth Usage. - It is the responsibility of all users on campus to manage bandwidth to the best of their ability. Users should schedule large file transfers including downloads and backups between machines for off-peak hours.  Peak hours are defined as; 8am - 6pm Mon. - Fri. Users should avoid attaching large files to e-mails and avoid running file-sharing programs as both use a considerable amount of bandwidth.

5. Running Servers. - Servers of any type are prohibited unless authorized by IT prior to installation. A server is defined as any device that provides a service or resource to other devices. Services include, but are not limited to, WWW, FTP, SMTP (E-mail), SNMP, Telnet, SSH, SSL, DHCP, DNS, File sharing, and Active Directory.

6. Blocked Ports. - IT reserves the right to block the ability to reach network services to and/or from the campus by blocking ports and services at any level. Blocking ports is necessary to protect the security of our systems and the integrity of our data. Circumventing this policy by running services on non-standard ports is strictly prohibited.

7. Monitoring. - IT will take reasonable steps to monitor the campus network in a way that will detect common network attacks originating either on or off campus.

IT runs periodic network scans to test the integrity of the campus network resources.

Because attackers often scan as a precursor to an attack, and because a poorly written or configured scanner can cause problems on the network, only IT may do so.

IT may record network activity at its discretion. These records may be kept on file and may be used as evidence in the event that the network policy is violated. Users are prohibited from using any software or device to “hide” their computer from the network scanning programs.

8. Name Space IT maintains the DNS namespace “farmingdale.edu”. No user is permitted to register any DNS name that points to an IP address in the class B range 137.125.0.0, other than IT. IT maintains the campus primary DNS server. Users are not permitted to run their own DNS servers or use sub domains of farmingdale.edu without written permission of IT.

9. Reporting Security Events. - In the event you feel that a campus user has violated or has attempted to violate one or more of your resources, you must report this to IT. Security events are to be reported via e-mail to Email.

10. Re-enabling of blocked hosts. - Devices that have been disconnected from the network will be re-enabled if and when IT has a reasonable belief that the system is no longer a security risk. If the security risks continues, the host will be permanently disconnected from the network until IT can schedule a visit to verify the device is free from risk.

Please also see – Wired or Wireless Network Policy
Farmingdale State Acceptable Use Policy