Policy No.:ETP-1 Effective:05/11/13
KSAU-HS King Saud bin Abdulaziz University for Health Sciences
UNIVERSITY King Saud bin Abdulaziz University for Health Sciences
EDUTECH CorporateOffice of Educational Technology Services
DIRECTOR Director of the Corporate Office of Educational Technology Services
IT Information Technology
The purpose of this policy is to define the standards for connecting computers, users, services, servers or other devices to the University's network to minimize the potential loss or theft of data, or loss of integrity that could result from computers and servers that are not configured or maintained properly and to ensure that devices on the network are not behaving as if it could adversely affect network performance.
This policy applies to all University staff, students, contractors and guests who have any device connected to the University’s network, including, but not limited to, desktop computers, laptops, servers, wireless computers, mobile devices, smart phones, specialized equipment, cameras, environmental control systems, and telephone system components. The policy also applies to anyone who has systems outside the campus network which can access the campus network and resources.
- POLICY ETP-12-1 Remote Access Policy
- POLICY ETP-18-1 Internet Connection Policy
- POLICY ETP-18-2 Wi-Fi Hotspot Internet Access Policy
- POLICY ETP-18-3 Firewall Usage Policy
- POLICY ETP-25-4 Public Computer Usage Policy
- EduTech is responsible for providing reliable network services for the entire KSAU-HS campuses. As such, individuals or departments may not run any service which disrupts or interferes with centrally-provided services.
- Individuals or departments may not run or host any service or server without the approval of EduTech.
- All services and servers of colleges or departments should be installed/hosted only at the EduTech data center unless otherwise approved by the EduTech Director.
- Only University approved networked devices can be connected through data ports.
- All unassigned data ports should be disabled and will be enabled upon request and upon confirming the compliance of connecting devices with the University’s Security Standards.
- The University Security Standards are as follows:
- All University owned computers should be installed with University licensed operating systems.
- All University owned computers should be installed with University licensed antivirus and end point security software.
- All University owned computers should be installed with licensed software.
- All non-University owned systems such as computers, laptops, tablets, special purpose devices, etc., should have updated antivirus software and latest patches installed.
- No private internet connection for University devices through personal modems is allowed.
- Students and University Staff may connect computing equipment/systems to the University network upon approval of the EduTech department after confirmation of compliance with University Security Standards by EduTech technicians/administrators. Such equipment/systems are monitored by EduTech network operations in order to make sure of its compliance with University security standards.
- All network traffic passing in or out of the University network is monitored by an intrusion detection system for signs of compromises. By connecting a computer or device to the network, users acknowledging that the network traffic to and from their computer may be scanned.
- EduTech routinely scans the University network looking for vulnerabilities. At times, more extensive testing may be necessary to detect and confirm the existence of vulnerabilities. By connecting to the network, users agree to have their computer or device scanned for possible vulnerabilities.
- EduTech reserves the right to take necessary steps to contain security exposures and/or improper traffic on the University network. EduTech will take action to contain devices that exhibit the behaviors indicated below, and allow normal traffic and central services to resume:
- Imposing an exceptional load on a campus service;
- Exhibiting a pattern of network traffic that disrupts centrally provided services;
- Exhibiting a pattern of malicious network traffic associated with scanning, attacking others or sending unsolicited messages;
- Exhibiting behavior consistent with host compromise.
- EduTech reserves the right to restrict certain types of traffic coming into and across the University network. EduTech restricts traffic that is known to cause damage to the network or hosts on it. EduTech also may control other types of traffic that consumes too much network capacity, such as file-sharing traffic.
- By connecting to the network, users acknowledge that a computer or device that exhibits any of the behaviors listed above is in violation of this policy and will be removed from the network until it meets compliancy standards.
Director Corporate, Educational Technology Service
King Saud bin Abdulaziz University for Health Sciences