BX:Network

From CCGB
Revision as of 15:45, 7 October 2010 by Phalenor (talk | contribs)

Jump to: navigation, search
Documentation for the various methods of getting network access.
Rj45.jpg

Security Policy

Devices connected to The Center for Comparative Genomics and Bioinformatics (CCGB) network (BX) and the users of those devices must be in compliance with University Policies AD-20, AD-23 and AD-53. In addition, The CCGB has the following policy regarding network devices:

  • To comply with University Policy, State and Federal Law, it must be possible for CCGB/BX IT staff to trace a device's network activity to an individual user. In accordance with this, the following requirements must be satisfied based on the connection method:
    • 802.1x - If the device connects via 802.1x, the user credentials used to "log in" will be considered the "user of record" for all activity generated by the device during the time that it is connected.
    • MAC-based - If the device is connected to an unauthenticated connection (based on its MAC address or other hardware address):
      • Users must be required to log in to the device with both a username and password.
      • All users of the device must have separate usernames/logins and passwords. Users must not share their userid and password with anyone.
      • Shared, or "Group" accounts are permitted only when in compliance with group account policy as specified in University Policy AD-20.
      • The device must maintain a log of logins and logouts containing at least the username and date/time for a minimum of 1 year.
      • When the device is registered with BX IT staff, contact information for the primary users, designated Custodian, and/or designated System Administrator for the device must be provided along with the MAC address of the device.
      • In the event of a security incident, if the device's System Administrator cannot produce the specified detailed usage information (logs of logins/logouts) upon demand, the designated Custodian and System administrator's contact information will be provided to security investigators for the case and the device will be permanently barred from connection to the BX Network. Additionally, other devices under the care of the System Administrator will be checked and barred if they are found to be out of compliance with this policy.
      • It is recommended, but not required, that the Device be integrated with the rest of the central BX infrastructure, where it will be properly and securely maintained in accordance with this policy.
  • Where applicable, the Device must have Anti-virus software installed and configured to obtain automatic updates. The Anti-virus software must also be enabled and active before it will be allowed to connect to any network.
  • Where applicable, the Device must be configured to obtain OS updates automatically.
  • AD-20 states that any Device connected to the BX network may be investigated for violations of University Policy or Law whether it is owned by the University or a Private Citizen. During an investigation, the College or University may search and/or seize a Device regardless of ownership. Owners who object to this requirement are discouraged from connecting private Devices to the network.
  • The University is concerned about Intellectual Property Rights. The BX Network is maintained to best support the Teaching and Research missions of the CCGB and University. Use of Peer to Peer (P2P) file sharing software should be limited to those occasions where it supports the mission of the University. Any Device found participating in an unauthorized P2P network may be disconnected from the network without prior notice. Any violations of Intellectual Property Rights discovered during routine maintenance activities will be reported to ITS Security Operations and Services (SOS)
  • Violations of these policies may result in any of the following without prior notice to the user:
    • Referral to Judicial Affairs or Human Resources
    • Limitation of access to some or all BX and University IT services.
    • Initiation of Legal action by the University.
    • Requirement of the violator to provide restitution for any improper use of service.
    • Disciplinary Sanctions, which may include dismissal.

Port Activation

Before you can gain access to our wired network, you must find an active wall port. If the port you wish to use is not active, you must request activation. Send an email to admin-at-bx.psu.edu with the following information:

  • Wallport number, of the form A0???
  • Room number
  • Justification for requesting a wired network connection

802.1x

802.1x network authentication is available in Wartik Lab for wired connections. This uses your BX username/password to authenticate your computer to the network.

Static/DHCP MAC-based

For those computers or devices (like printers, lab equipment, etc) which do not support 802.1x, and which also will not be managed by BX IT staff, they can be placed on a dedicated network for unmanaged devices using the MAC address alone.

Wireless

There are a multitude of wireless access points throughout Wartik lab. These currently broadcast the old pennstate wireless network, which requires use of the VPN.

Instructions on connecting to the pennstate wireless network: http://wireless.psu.edu/using.html

We are working to bring the new psu 802.1x wireless network as well as the AT&T visitor wireless network to Wartik lab. Depending on your location within the building, you might be able to connect to the psu wireless being broadcast from one of the adjacent networks, but signal strength and reliability obviously can't be guaranteed.

Retrieved from "http://wiki.bx.psu.edu/index.php?title=BX:Network&oldid=671"