Information Technology Policies
Network Security Policy
I. Justification and Statement of Policy
This policy defines the requirements for network security at Franklin & Marshall (F&M). At their discretion, the College Infrastructure Committee (CIC) reserves the right to modify the scope of this policy at any point in time.
Information security requires the participation and support from all members of the F&M community with access to information assets. It is the responsibility of every member of the F&M community to help ensure that all information assets are kept secure and available.
II. Scope
This policy applies to all members of the F&M community, which includes, but is not limited to employees, students, alumni, visitors, volunteers, third parties, contractors, consultants, clients, temporaries, former employees, and others (collectively known as "users"), who have access to, support, administer, manage, or maintain F&M information assets.
III. Policy
Strong network security is essential to an effective information security program. Network security controls should be implemented and maintained to ensure a secure computing environment that strives to maintain the confidentiality, integrity, and availability of F&M information assets.
Inbound Connections
Unsolicited, inbound connections to systems providing services on the Franklin & Marshall network shall be limited to those systems which are used by the public at large (e.g. public web servers) or by currently enrolled students (course management, email, student portal, etc). Direct connections from untrusted networks to systems outside of the campus data center or systems not managed, maintained, or contracted by Information Technology Services are not permitted. Systems which provide administrative functionality that supports the business and operational needs of the College shall not be directly connected to the internet. Administrative systems can be accessed only from designated portions of the on-campus network, or remotely through a virtual private network (VPN) connection.
Potentially Harmful Applications
To protect the security and integrity of College systems, it may become necessary to block applications and protocols that pose potential risk to operations, security, or compliance. This includes, but is not limited to, applications that are known to contain malware, have vulnerabilities, or attempt to engage in unauthorized access.
Additionally, to ensure the safest possible environment for our user community, when applications or services are used for inappropriate means, harassment, or to threaten, the College may prevent access to those specific applications or services from the College network.
-
-
Any applications or services that are blocked will be reviewed annually
-
Any applications or services will be blocked on networks within the administrative control of Franklin & Marshall College.
-
It may not be possible to block certain applications or services.
-
Access to the specified applications or services via other networks, such as public wifi, residential Internet service, or mobile/cellular networks, etc., may or may not be affected by our efforts.
-
Perimeter Security
All connections which flow between the campus network and the Internet are inspected by intrusion detection and intrusion prevention systems in order to detect and mitigate cyber attacks, virus outbreaks, and other attacks.
Remote Access for Users
Remote access to the campus network by way of a virtual private network (VPN) connection is available to current students and employees of the College. VPN access is available to former employees and non-employee accounts (such as contractors, visiting scholars, etc.) demonstrating a need by individual request. Members of the College community may not install or use any other remote-access or screen sharing technology without the express permission of the Chief Information Officer and the Chief Information Security officer. Exceptions to the above stated procedures will be reviewed and granted according to the exceptions to policy section of the Information Security Policy.
Remote Access for Vendors
Remote Access by virtual private network (VPN) is permitted for vendors, on a case-by-case basis, where the vendor needs to maintain software or equipment on the F&M network. Access is approved by the Chief Information Officer (CIO) or the Chief Information Security Officer, and only through technology approved and maintained by the IT department.
Guest Network Access
A guest wireless network is provided for use by visitors to our campus. This network provides internet access only and does not provide access to any on-campus resources beyond what is available directly from the internet. Guests with a demonstrated need to access additional on-campus resources will be treated as vendors and granted temporary credentials and access in accordance with the vendor procedures outlined above.
----
Policy Maintained by: Information Technology Services, Associate Vice President and
Chief Information Officer
Last Reviewed: October 2, 2024