This Policy is intended to protect RISD's ability to:
- Provide a reliable College network and Internet connection to conduct the College's business
- Provide only authorized access to institutional, research or personal data and information on the College network
- Provide computer system and network integrity at RISD, and specifically, to protect College computing resources from unauthorized access to College resources and/or information; unintended and/or unauthorized disclosure of College information. This Policy applies to any existing or future connection(s) to the College's data network.
Threats to the College Network
Threats from the Internet scan the College network every day. Much of this scanning is done to determine the number and location of potentially vulnerable systems on the campus network. Attacks from the Internet have occurred in the past, and will most likely be attempted again in the future. These include the loss or corruption of data or unauthorized disclosure of information on research and instructional computers, student records, financial systems, and other aspect of College operations.
Network Connections
RISD maintains a high speed connection to the Internet and Internet2. RISD departments, faculty, staff, or students have access to this high speed connection in all campus buildings. Devices connecting to the college network must be registered as they connect to the college network so that it can be identified in the event of a malicious attack. Network connections at public access ports are restricted to authorized members of the College community. Physical access to College networking equipment (routers, switches, hubs, etc.) is not permitted.
Firewall Operations
RISD will take action to prevent source network address forgery (spoofing) of internal network addresses from the Internet and will also take action to protect external Internet sites from source address forgery from the College’s network.
The College's external Internet firewall will ensure that only authorized activity will gain access to the RISD network. All unauthorized Internet traffic to the College's network will be denied access.
Some network services through standard ports are supported. For example, electronic mail SMTP, Port 25, POP3, Port 110 and IMAP, Port 143 and standard HTTP Port 80 will be permitted, but via some other arbitrary port number may not be permitted.
Limited encrypted tunnels for passing through the firewall to internal resources, such as Virtual Private Network (VPN), may be permitted.
Network Security
In collaboration with the RTC and academic and administrative departments, RISD shall identify the appropriate network security level for College systems. RISD will investigate, or cause to be investigated; any unauthorized access to College computer systems
Systems on the network must have adequate security (e.g. Symantec Anti Virus, Microsoft Updates turn on) installed and maintained. All systems connecting to the College network must be configured and maintained in such a manner as to prohibit unauthorized access or misuse. For example, guest accounts are strongly advised against. Use of guest accounts will be restricted to certain sub-sets of the campus network on a case by case basis. It is the responsibility of all RISD network users to report security problems to OIT for investigation.
Some activities deemed inappropriate include, but are not limited to:
- Establishing unauthorized network devices, including a router, gateway, or remote dial-in access server; or a computer set up to act like such a device.
- Engaging in network packet sniffing or snooping, operating network servers of any sort.
- Setting up a system to appear like another authorized system on the network.
- Other unauthorized uses prohibited by this Policy, or RISD Computer Use Policy.
Monitoring and Auditing
To safeguard the integrity of the College's computing and electronic communication resources, and to minimize the risks to both those resources and the end users of those resources, RISD will monitor data traffic to detect unusual network activity and will review, (based on RISD Computer Use Policy Access Authorization) and/or disclose data communications when in the College's judgment there is reasonable cause to suspect a violation of applicable College policy or criminal law.
Any device found to be in violation of this Policy, or found to be causing problems that may impair or disable the network in any way, is subject to immediate disconnection from the College's network. RISD may require specific security improvements where potential security problems are identified.
Attempting to circumvent security or administrative access controls for information resources is a violation of this Policy. Assisting someone else or requesting someone else to circumvent security or administrative access controls is also a violation of this Policy.
Policy Management
Changes in this policy must be reviewed by the RTC as necessary.
Latest Revision - March 2007