Guideline for Network Security

I.  Purpose

The purpose of this document is to provide guidance in meeting the university’s obligation to protect the integrity of the university network and mitigate potential security threats to the network and connected information resources.

II.  Scope

This guideline is applicable to UNC Charlotte faculty, staff, students and all authorized users granted access to the university network.

III.  Contacts

Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliance-group@uncc.edu.

IV.  Guidelines

The following network security guidelines are intended to protect the integrity of the network and prevent unintended or unauthorized disclosure of university information.

  • All devices and systems placed on the university network must be registered with ITS and must have adequate security protocols installed and maintained in such a manner as to prohibit unauthorized access or misuse.  See the UNC Charlotte Standard for Operations Security and the Standard for System and Application Access Control.
  • Any faculty, staff, student, or other authorized user who needs to connect or contract with an outside vendor or other third party to connect any system or network device to the university network must obtain prior review and approval from ITS.

V.  Inappropriate Network Activity

The following activities are specifically prohibited and considered violations of network usage:

  • Establishing unauthorized network devices such as routers, gateways, remote access servers, or computers set up to act as such a device;
  • Engaging in network packet sniffing without prior approval from ITS;
  • Operating network servers of any sort in violation of the standards;
  • Setting up a system to appear like another authorized system on the network.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initial Draft   7/21/15
Information Assurance Committee Approval   8/07/15