Guideline for Network Security

I. Purpose

The purpose of this document is to provide guidance in meeting the university’s obligation to protect the integrity of the university network and mitigate potential security threats to the network and connected information resources.

II. Scope

This guideline is applicable to UNC Charlotte faculty, staff, students and all authorized users granted access to the university network.

III. Contacts

Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@uncc.edu.

IV. Guidelines

The following network security guidelines are intended to protect the integrity of the network and prevent unintended or unauthorized disclosure of university information.

• All devices and systems placed on the university network must be registered with OneIT and must have adequate security protocols installed and maintained in such a manner as to prohibit unauthorized access or misuse. See the UNC Charlotte Standard for Operations Security and the Standard for System and Application Access Control.
• Any faculty, staff, student, or other authorized user who needs to connect or contract with an outside vendor or other third party to connect any system or network device to the university network must obtain prior review and approval from OneIT.

V. Inappropriate Network Activity

The following activities are specifically prohibited and considered violations of network usage:

• Establishing unauthorized network devices such as routers, gateways, remote access servers, or computers set up to act as such a device;
• Engaging in network packet sniffing without prior approval from OneIT;
• Operating network servers of any sort in violation of the standards;
• Setting up a system to appear like another authorized system on the network.

Related Resources

• University Policy 311 Information Security
• Standard for Communications Security
• Standard for Operations Security
• Standard for System and Application Access Control
• Guideline for Security of Endpoints
• Guideline for Security of Applications
• Guideline for Security of Systems
• ISO/IEC 27002

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee 8/07/15
Updated 10/07/21