posterhoogl.blogg.se - School vpn monitor

#School vpn monitor iso

#School vpn monitor iso

In such cases, ITS-Networking or the ISO shall notify the local IT-Networking Custodian of the disconnection.is a threat to the Internet community, in general.has demonstrated an operational hindrance or threat to UTnet, or.ITS-Networking and the ISO have the authority to discontinue service to any network or network device that:.Off campus access to monitoring data stores and logs must be authorized and updated by ITS-Networking as part of the monitoring point agreement. All personnel must show due care in protection, handling, and storage of all monitored data and logs. Monitoring data stores and logs may not be accessible from the public Internet.Usage logs must be purged as per campus policies. ITS-Networking and the ISO may store aggregated data and usage logs for operational, compliance, and statistical purposes. Unrelated monitored data may not be stored by anyone except as required by law.

ITS-Networking and the ISO may store incident related data as required. Monitored data and usage logs will not be stored past the period of active investigation.ITS-Networking shall maintain written records of all monitoring points, architectures, and agreements. Monitoring points and associated devices may not be extended physically or virtually (such as through a VPN) or changed without written approval from ITS-Networking. All monitoring points will be architected, approved, and configured by ITS-Networking.The ISO will be the contact for resolution of security-related anomalies or other suspicious activity noticed by representatives in ITS-Networking or in other departments.No authorized personnel shall use network monitoring devices to monitor employee electronic transmissions for job performance evaluation, or as part of an unofficial investigation, without first receiving signed approval from the Office of the Vice President for Employee and Campus Services and the Office of Institutional Relations and Legal Affairs.Personnel authorized to analyze network traffic shall not disclose any information realized in the process without approval of the respective Vice President or department head and the Office of Institutional Relations and Legal Affairs or the Office of Compliance (with the exception of escalation to the ISO or ITS-Networking for investigation or assistance).Only ITS-Networking and the ISO may monitor public networks and inter-campus networks. Authorized staff may not exceed specified scope of monitoring (for example, users, address ranges, protocols, signatures).All monitoring shall be as narrow in scope as possible. Authorized staff may also analyze certain network-based anomalies to determine the security risk to the university and conduct statistical/operational studies.or to troubleshoot and analyze network-based problems.the improper release of confidential employee or student data.known patterns of attack or compromise.

Authorized staff shall use network monitoring devices only to detect:.

Authorized personnel must demonstrate a need for and an understanding of the operation of network monitoring devices. This approval shall also be communicated to the ISO and ITS-Networking. The individual(s) must also complete a Acceptable Use Policy Acknowledgement form and undergo a standard background check if not already completed. Authorization must be attained from the respective IT Owner(s) of the given College, School, or Unit and the Office of Institutional Relations and Legal Affairs or the Office of Compliance. Additional campus IT staff may be approved to access and monitor specific traffic on specific networks for which they are responsible. These groups are Information Technology Services-Networking and the Information Security Office (ISO).

Two groups on campus are authorized to routinely monitor traffic on university networks.