Oregon State University Network Security Policy
May 26, 2000
OSU's network shall be run in a secure manner, with reasonable steps taken to protect electronic data assets owned and/or managed by Oregon State University, and the transmission of them.
Information Services is the appropriate agency to manage and register data networks and their connection to other data networks for Oregon State University. Network Engineering is responsible for the design, maintenance, and operation of the overall OSU network. Each department has the responsibility to run their sub networks in a manner consistent with University Policies and consistent with the University Mission and Goals.
All computers connected to OSU's network must have the appropriate authorization from a recognized representative of OSU. All such authorized computers will be allowed to use an Internet Protocol (IP) address within the 220.127.116.11 class B address space owned and managed by OSU in addition to other communications protocols as appropriate. All computers connected directly to OSU's network are subject to this policy.
Actions to be taken by Network Engineering Team (NET) personnel for various Network Security Events as defined later in this document:
1. Monitoring. NET will take reasonable steps to monitor the campus network in a way that will detect common network attacks originating either on or off campus.
2. Reporting of Security Events. Security Events are to be reported to the email alias firstname.lastname@example.org and to the node and or network administrator originating the event. Reports made by phone must be followed up with an email report. In addition to log files showing dates, times, and specific host information regarding the event, the report must include the name and contact information for:
3. Response. Once NET has determined the nature of the Event, and has an understanding of who is doing what to whom, the following actions may be taken by NET personnel:
Both of these actions will usually be done at the campus border router in which case, email will be sent to the following aliases informing them of the block:
Assuming there is no evidence that the system has been compromised, the following aliases will also be informed:
In some cases, it may be appropriate to disable access to a node at a point closer to the node than the border router.
For single user workstations it may only be possible to notify the Network administrator.
4. Re-enabling of blocked hosts. Hosts that have had their access to the network blocked by NET will be re-enabled once NET Security personnel have a reasonable belief that the system is no longer a security risk.