UC IRVINE ADMINISTRATIVE POLICIES & PROCEDURES

Federal Electronic Communication and Privacy Act of 1986


UCI Administrative Policies & Procedures

Section 714-18, Computer and Network Use Policy
Section 800-12, Data Communications Systems Guidelines
Section 800-18, Security Guidelines for Computers and Devices Connected to UCInet

A. Introduction

B. UCInet Components

1. Access-Layer Network Infrastructure - network wiring and electronics (network switches and/or hubs) in UCI buildings that interconnect UCI's computers and other devices.

2. Wireless Network Access "Air Space" - radio spectrum used for wireless network access at UCI.

3. Network Backbone and Building Switches - top-level network switches/routers in each building and the core UCI network backbone that connect UCI building networks together and to off-campus networks.

4. Wide Area Network Connections - Wide Area Network (WAN) that connects together distributed portions of UCInet (North Campus, UCI Medical Center, etc.)

5. Connections to Regional and National Networks - off-campus connections to the commercial Internet, and to academic networks such as CalRen-2 and Abilene.

6. Core Network Services - protocol-based services required for network operations (Domain Name Service, e-mail transport, directory services, etc.).

C. General Provisions

1. UCInet as a Campus Utility

UCInet is a critical campus utility available to all faculty, staff and students, at all campus locations. UCInet provides end-to-end "wallplate to wallplate" service from any computer on campus to any other, as well as to off-campus computers and resources. A set of services, UCInet Basic Network Services (BNS), is available to users at no cost. Additional Network Services (ANS) are available for an additional fee. BNS and the general operation of the network are funded by the campus.

2. Extension of the Backbone into New Buildings

The extension of UCInet into new buildings housing UCI academic and administrative functions should be included and funded as part of building construction projects. Buildings should not be erected without the capability to communicate with UCInet.

3. TCP/IP - UCI's Network Protocol

To facilitate interoperability among UCI systems, the network backbone supports only TCP/IP and other IP based protocols (UDP, FTP, Telnet, HTTP, etc.)

4. Involuntary Disconnection

To assure the integrity of UCInet, it may be necessary for NACS to disconnect a host, a group of hosts, or a network that is disrupting network service to others. This includes hosts involved in network security problems, such as those used by unauthorized parties to attack other systems on UCInet or on the Internet. If the situation allows, NACS will make an attempt to contact the local network administrator or owner of the host or hosts involved. If those individuals are not available, the disconnection may proceed without notification.

With regard to security issues, a disconnection might be a "partial" one that isolates the host from attacking hosts, or from off-campus access in general. A host that has been compromised by unauthorized parties may need to stay disconnected until the host's operating system can be updated and all changes made by the attacker reversed.

5. Physical Access to Wiring Closets

Only NACS and Facilities Management are authorized to place equipment or cabling in wiring closets, equipment rooms, etc., unless special arrangements are made with NACS and approved by the NACS Director. Departments maintaining their own networks must use other space for their equipment and cable.

D. Responsibilities of Network and Academic Computing Services

1. Network Maintenance

NACS maintains building and campus network wiring and fiber, local switches, building routers/switches, backbone routers/switches, and other network devices that comprise UCInet. This includes troubleshooting problems, identifying their cause, and replacing or repairing defective equipment and wiring.

2. Network Documentation

NACS is responsible for creating and maintaining the detailed documentation of the network required for proper network maintenance, operation, and planning.

3. Administration of UCInet Connections to Other Networks

NACS maintains relationships and agreements with off-campus service providers to keep UCInet well connected to the commercial Internet and academic networks. NACS administers all interfaces between networks and connections between UCInet and other networks.

4. Administration of UCI Network Name and Address Space

NACS coordinates the UCI network name space and the assignment of names and network addresses (IP numbers).

5. Administration of UCI Wireless Networking

NACS coordinates use of wireless networking at UCI to ensure compatible access to all UCI users.

6. Provision of Central Network Services

NACS provides central services required for operation of the network which include, but are not limited to, Domain Name Service (DNS), directory and user authentication services, and electronic mail transport services.

7. Traffic Monitoring

NACS monitors traffic flow to optimize network usage, detect network problems, and ensure equitable access. NACS provides network administrators and campus users with periodic reports summarizing traffic data. reports.

8. Security Monitoring

To the extent possible, NACS monitors incoming network traffic to detect the "signatures" of known network intrusion scenarios, viruses, or the like. NACS is also responsible for periodically scanning UCInet hosts to assess their vulnerability to attack. It should be noted that there is no guarantee that NACS will be able to detect all potential system vulnerabilities.

9. Campus-wide Network Security Coordination

NACS promotes campus-wide network security and coordinates campus-wide response to unauthorized access. This also includes working with local supporters, computer users, and Internet Service Providers to protect the campus from network intrusions, denial of service attacks, and other unauthorized and/or inappropriate activities that impair network access and use.

10. Planning for Network Growth

NACS interacts with campus departments to ensure current and future communication needs are addressed.

Responsibilities of Local Network Administrators

1. NACS/Unit Network Liaison

The network administrator:

• Coordinates the collection of network trouble reports and ensures that UCInet malfunctions are properly reported to NACS for resolution.
• Supports NACS staff efforts to troubleshoot and resolve network problems involving the operation of end-user or school equipment.
• Works with NACS staff to track down and correct excessive use of network resources, especially off-campus network usage. Encourages members of the unit to utilize network bandwidth and resources efficiently.
• Acts as a liaison between NACS and network users for the purpose of scheduling maintenance periods, coordinating system changes, and disseminating information concerning UCInet.
• Participates in campus discussions of new directions for UCInet and NACS' network services.

2. Network Security Maintenance

The network administrator implements and maintains sound network and computer security practices in the unit. This includes host-based security mechanisms such as password-protected logins, file protections, encryption, security patch maintenance, etc. It also includes encouraging end-users to select good passwords and change them regularly, and to use security-minded access tools.

3. Network Name and Address Coordination

The network administrator serves as the unit coordination point for the assignment of network name and addresses.

E. Responsibilities of Computer Owners

1. Abiding by UCI's Computer Use Policy

Users should efficiently use network resources and follow UCI's Computer and Network Use Policy (see Section 714-18).

2. Reporting Problems

Users should promptly report network problems to either the local network administrator or to NACS, and cooperate with support staff in correcting malfunctions.

3. Taking Proper Security Precautions

Users should select good passwords and change them regularly. Security-minded network access techniques (such as encryption) should be used whenever practical.

4. Keeping the Operating System Secure

Users should make sure their computer's operating system is kept up-to-date with current security patches. This may be accomplished by the owner, local support staff, or central staff.