Security of the Network
At Tufts University, TCCS (Tufts Computer and Communications Services) manages the data and voice networks. In that capacity, TCCS management must assume the largest share of responsibility for identifying and analyzing potential threats to the networks as well as for network security planning, implementation, maintenance and monitoring.
- TCCS network managers will identify and analyze potential threats to uninterrupted voice and data network availability and identify appropriate responses. The analysis and preparatory work will be recorded, maintained and updated as conditions change.
- Network managers will implement appropriate controls to ensure that connected users or computer services do not compromise the security of any other networked service.
- TCCS network managers are responsible for the implementation of any controls necessary to ensure that access is limited to authorized users of the network.
- TCCS network or system managers as appropriate, will establish procedures to identify and remove network services, protocols and network devices that expose the network to unauthorized access or attacks.
- Each network manager will take reasonable action to provide necessary protection against natural disasters and will prepare adequate disaster recovery plans and procedures for that part of the network for which he/she is responsible.
- TCCS network managers are responsible for establishing and maintaining standards for network naming and numbering. The head of each school/division's IT support organization is responsible for managing the local implementation of TCCS' network numbering and naming standards in concert with several TCCS departments: Network Engineering, WebCentral and the Microsoft LAN group.
- TCCS network managers are responsible for the maintenance and publication of network services responsible use guidelines to maximize network integrity and performance.
- Each network manager is responsible for conducting periodic reviews of implemented security plans, measures, procedures and controls.
- Each network manager must provide the means to permit authorized personnel to audit and establish individual accountability for any activity involving the network and which may or does result in a security breach.
- Each system or network manager must initiate an investigation of any suspected security breach involving his/her network(s) and is responsible for documenting the suspected breach and actions taken.