Network Port Policy
Enacted by FACIL on September 25, 2003The CS Department maintains two classes of networks, referred to as "trusted" and "self-managed". Both networks are located behind the department's main firewall providing equal protection from the greater internet. However, the "self-managed" network is logically separated from the "trusted" network. This provides the ability to block a compromised machine on the "self-managed" network from affecting machines on the "trusted" network.
If a machine is not managed by the tstaff, it will be restricted to the "self-managed" network and is subject to the following provisions:
- The machine has a hardwire connection to the network (i.e. an ethernet cable connected to a wall-jack)
- It is located in a secure office or lab (i.e an office not open to the public).
- The machine is managed by faculty, a research staff member, or grad student
- The person managing the machine agrees to be responsible for maintaining the latest security patches for all installed software and ensuring that the system is not a security risk to departmental computing resources. These machines may be subject to random security scans by the Technical Staff and if a vulnerability is discovered, the staff reserves the authority to shut down or isolate the machine.
- The machine is registered with tstaff (address, system name, user responsible). You can find information on how to register your machine on the Network Services page.
Exceptions to this policy by approval of Technical Staff/FACIL only.