UPPS 04.01.05 - Network Use Policy

Prior to authorization, the Information Security Office will facilitate an information resources security assessment to ensure compliance with state and university standards and best practices. For registration and assessment details, see the Information Security Office Services website.

  1. receive authorization to operate the server from the Information Security Office;
  2. protect the server against exploitation of known vulnerabilities. The Information Security Office and Technology Resources provide guidance for achieving such protection in its Server Management Technical and Security Standards and Procedures and Server Administration Guidelines. Servers must comply with the provisions in this document any time they are connected to the university network. These standards and procedures will change over time to address new and evolving threats, so server administrators should refer back periodically for updates;
  3. address and resolve security problems identified with any device for which they are responsible. The Division of Information Technology provides training, consulting, and problem resolution services;
  4. utilize the protection benefits available through the university’s network edge protection mechanisms (e.g., firewall and intrusion prevention systems);
  5. accommodate risk assessments, vulnerability scans, and penetration tests of their server by the Information Security Office and take steps to mitigate the risks identified by these procedures; and
  6. immediately report system compromises and other security incidents in a timely manner to the Information Security Office at 512.245.HACK (4225) or infosecurity@txst.edu.
  1. The university provides a secure wireless network for students, faculty, and staff, as well as various secure and unsecure networks to support visitors and special events. Users with a Texas State NetID should use the secure network and avoid using the unsecure visitor network and other special purpose and event networks.
  2. Consistent with the provisions of UPPS No. 04.01.11, Risk Management of Information Resources, users are expected to use the secured wireless network when transmitting sensitive or confidential information, regardless of the application or service to which they are connecting.
  3. The university operates both wired and wireless networks, which complement each other. The wireless networks facilitate network connectivity for outdoor and roaming users and in locations that prove difficult or costly to reach with traditional, wired connections as well as connectivity for mobile devices with no wired network interface. The wired networks provide consistent, high-quality service for high-bandwidth or latency-intolerant applications, such as streaming media, IP telephony, online gaming, and large file transfers. Users should choose the type of network connection that best meets their specific needs.
  4. Wireless bandwidth is shared by everyone connected to a given access point. As the access point’s user numbers increase, available bandwidth per user decreases. Thus, departments and users should carefully consider the user-to-access point ratio and the characteristics of the expected transmissions and consult with Technology Resources prior to designing or implementing computer labs, classroom facilities, office spaces, or other new, renovated, or repurposed spaces that rely on wireless access for their network connectivity. Likewise, departments and individual users with wired connections to their desktop computers may not abandon those connections simply because wireless is available in their location.
  5. The university’s wireless networks utilize the unlicensed RF bands allocated by the FCC for wireless network data transmission. Transmissions from other devices (e.g., cordless phones and microwave ovens) that use these frequencies can seriously degrade network performance. The university has the authority to regulate unlicensed 2.4GHz and 5GHz RF bands on its premises and, through Technology Resources, may restrict the use of 2.4GHz or 5GHz RF devices it believes pose a disruption to the wireless network in university-owned or managed spaces.
  6. Consistent with the provisions of UPPS No. 04.01.02, Information Resources Identity and Access Management, only the owner of an individual Texas State NetID account is authorized to know and use the password to that account, and account owners are responsible for all computing and network activities attributable to that account. As such, the use of an individual user’s account to connect devices intended for shared or infrastructure purposes to the wireless network is prohibited; instead, owners and custodians of such devices should contact Technology Resources to determine appropriate, alternative methods of establishing connectivity.
  1. ResNet is the name given to the portion of the university network that serves university-owned and operated residence halls and apartment complexes. The university provides at least one active wired or wireless network connection per residence hall room or apartment in addition to wireless network access. Because most devices connected to the ResNet are personally owned and not under direct university management, the special provisions contained in this section are necessary to protect the university network against threats such systems may introduce. The above notwithstanding, all ResNet users are subject to all other sections of this policy, as well as all other university policies that govern the use of information resources at Texas State.
  2. ResNet users are responsible for the security of the networked devices they connect to the ResNet. Failure to maintain secure computing devices may result in diminished or suspended network access and repeated failures may subject the user to further disciplinary action.
  3. The university assumes no responsibility for a user’s loss of time, data, or other loss due to unavailable or diminished ResNet services. Network connectivity may be intentionally disrupted at any time as necessary to safeguard the university, its constituents, or its information resources.
  4. The university enforces the following network access policies for all ResNet connections:
    1. users must keep their operating systems and applications up to date with all security patches; and
    2. users must install, activate, and configure malware protection software to maintain up-to-date definitions.
    1. attempting to circumvent the authentication required for ResNet connections;
    2. eavesdropping or capturing packets intended for other systems;
    3. scanning other systems for open ports, open file shares, or other vulnerabilities;
    4. unauthorized use of or access to other users’ devices without permission of the device owner;
    5. operating any server or network service available to the public or to other users of the university network, including:
      1. video game servers (see Section 06.06);
      2. music or video servers (e.g., MP3, MPEG);
      3. peer-to-peer (P2P) services (e.g., BitTorrent);
      4. dynamic address assignment services (e.g., DHCP);
      5. electronic mail services (e.g., SMTP);
      6. file transport services (e.g., FTP);
      7. domain name translation services (e.g., DNS);
      8. network chat services (e.g., IRC); and
      9. web services (e.g., HTTP).
      1. The Information Security Office or Technology Resources will disconnect a device posing an immediate threat to the university network in order to isolate the intrusion or problem and minimize risk to other systems until the device is repaired and the threat is removed. In coordination with administrative departments and law enforcement, the Information Security Office and Technology Resources will investigate any incident involving unauthorized access or improper use of the university network. Devices involved in these and other incidents will remain disconnected from the university network until the user, owner, or server administrator brings the device into compliance with all relevant policies and standards. The Information Security Office and Technology Resources will attempt to notify appropriate departmental personnel when disconnecting departmental devices from the network under this provision.
      2. The Division of Information Technology may disconnect devices involved in repeated incidents for longer periods as required to reduce security risks to an acceptable level. The Information Security Office may require the responsible server administrator to demonstrate compliance with UPPS No. 04.01.09, Server Management Policy and the Server Management Technical and Security Standards and Procedures through an audit review or other assessment of the offending device and any other devices for which the administrator is responsible.
      3. Texas State cooperates fully with federal, state, and local law enforcement authorities in the conduct of criminal investigations. The university will file criminal complaints against users who access or utilize the university network to conduct any criminal act.
      PositionDate
      Associate Vice President for Technology ResourcesSeptember 1 E2Y
      Chief Information Security OfficerSeptember 1 E2Y
      Director, Network OperationsSeptember 1 E2Y
      Vice President for Information TechnologySeptember 1 E2Y