Owner

Policy 

 

Les Cottrell

SLAC Network

IT-101 Rev: 01

This formalizes the Network & telecommunications policies.  The current (non formal) version can be found here.

Overview

SLAC networks and telecommunications are U.S. government property and, as such, are subject to "appropriate use" requirements found in federal law and the provisions of the SLAC contract. Access to and use of SLAC  networks and telecommunications is conditional upon adherence to the policies established for those individual resources, and to the general Stanford policies on Computer and Network Usage.

Purpose

The purpose of this policy is to outline the acceptable use of SLAC's networks and telecommunications. This ensures that proper control is setup to maintain the confidentiality, integrity and availability of information processing and communication services on systems managed by SLAC. Inappropriate use exposes SLAC to risks including virus attacks, compromise of network systems and services, legal issues, and network reliability.

Scope

This policy applies to all employees, contractors, consultants, temporaries and other workers at SLAC, including all personnel affiliated with third parties (“User”). This policy applies to all SLAC network and telecommunications that are managed by SLAC and equipment not owned by SLAC or DOE but connected to the SLAC network.

Policies

Networking and Telecommunications

  1. No Tampering with Telephone, Networking Cables, or Equipment
    1. Tampering with phone or data network cables or the wiring of individual phone lines or workstations or other network equipment is strictly prohibited without prior approval from IT Network Operations. This includes re-routing, splicing, bridging, cutting or converting existing cables with other types of cables and/or phone jacks or network connections, or adding unauthorized equipment (such as a shared hub or wireless access point) to the network.
    2. The costs for fixing a problem that results from user tampering with cables and connections will be billed to the user’s group. SCCS Network Operations will charge back all labor and other costs incurred for the repair.

Networking

  1. Only people who have read and agreed to the SLAC appropriate use document may use computers on SLAC subnets. A SLAC userid and password is required to access many of SLAC's computer services. A corollary is that, computers with guest accounts with no password are not allowed inside the SLAC firewall, since they could access SLAC protected services.
  2. Office wired connections
    1. Unless approved by SLAC networking, SLAC does not provide spare ports in offices, in case a casual user might want to connect to the SLAC network. Such ports are generally made available in public areas and are on the Visitors subnet. If extra ports are required in offices then the requester will need to justify and provide an account to charge. An example of such a requirement is for an office or areas where there are extra occupants such as students or visitors who are at SLAC for a short time.
    2. Shared hubs or unapproved switches not approved by SLAC networking must not be connected to existing switched ports (e.g. to add extra connections). Not only does this violate the policy on No Tampering with Telephone, Networking cables or Equipment, but also adding such hubs/switches can cause problems with the switch ports, and in the case of hubs reduces security since they facilitate sniffing of passwords etc.
  3. Visitor Subnet
    1. The Visitor subnet is located outside the SLAC firewall. Thus its security is the same as connecting to an ISP. It is the responsibility of users of the Visitors subnet to protect their communications, e.g. by using a Virtual private Network (VPN). Do NOT use applications (such as POP/IMAP/FTP/telnet) that will put unencrypted passwords onto the network.
    2. The Visitor subnet is meant for light casual use, including mobile SLAC user, visitors such as occasional collaborators, conference/meeting attendees, vendor demonstrations, and people not registered at SLAC.
    3. Do not place mission critical applications on the Visitor subnet.
  4. Wireless network access aka WiFi
    1. Anyone interested in deploying wireless network technologies or devices such as cordless phones, microwave ovens, wireless controllers, remote device connections (such as a VGA screen), any device to device connection using WiFi Direct etc., that use the WiFi frequencies (2.4, 3.6, 5GHz) that may interfere with other devices at SLAC, must first contact SLAC Networking (email to net-admin with the relevant information) before initiating any such purchases or starting any SLAC WiFi planning or deployment.
    2. Mission critical applications are not supported in the wireless network.
    3. Personal Wireless Access Points or Wireless Access Points not managed or authorized by the CD Networking group are not allowed to be deployed at SLAC. This includes using a smartphone as a personal HotSpot via a WiFi connection.
    4. Currently Wireless Access Ports (are only placed on the Visitor subnet and so fall under the policies and expectations for it (see above).
    5. Wireless Access Points for new installations are funded from group/department budgets. After purchase, the Wireless Access Points are owned, configured, supported and maintained centrally.
    6. Before any test network devices (a test device is a new, to SLAC, network device, or one with pre-production software), including wireless equipment, is connected to the SLAC network, the IT Networking group must be notified and approval granted (if appropriate).

Telecommunications

  1. Sharing Phone Extensions
    1. In labs or offices occupied by two or more persons, a single phone extension may be assigned to be shared by the occupants. A voice menu can be programmed to direct callers to individual mailboxes for each of the persons sharing the extension.
    2. The shared extension policy may also be implemented for phones in common areas, such as lobbies, where it will be determined that multiple extensions are not normally needed.
    3. Justified exceptions may be made through your Division Director.
    4. In addition to understanding and supporting the new policy, you can help considerably by actively identifying any unneeded phones and existing phones that could share an extension. If you are aware of a phone that could be recycled, discuss this with your phone ATOM or send an email message to Phone Administrator, with the extension and location information. Someone will arrange to pick up the unneeded phone instrument and reuse the switch and cable resources supporting the phone.
  2. Shared telephones
    1. The telephones at SLAC are for official business. Although personal calls are sometimes necessary, please keep them to a minimum in number and time. Personal calls may be made to most 408, 415, 650, 510, 925, and 831 prefix numbers. Long distance calls may be made from any SLAC telephone using a Calling (Credit) Card. Follow the instructions usually printed on the back of the card. See “How to Make Personal Calls” for more information.
  3. Collect Calls
    1. SLAC telephone users are not authorized to accept collect, or third party billed, calls. Employees who need to place a call to SLAC from off-site should consider getting a SLAC calling card. If you need assistance, please email the Phone Administrator.
  4. Voice Mail Passwords
    1. Voicemail passwords are required to be a minimum of six digits in length. Passwords should be non-trivial in nature. At a minimum, they should not include your mailbox number or a string of repeated digits.
    2. Voicemail passwords must be changed at least annually. We strongly recommend that all users update their voicemail passwords on the same cycle as they update passwords for other computer accounts (every six months). For information on how to change your password, see "Getting Started with Voice Mail."
  5. Voice Mail Messages Retention Policy
    1. Voice Mail messages are automatically deleted from the voice mail system after specified periods of time. The voice mail system does not permanently archive old messages after they are listened to. The system is set up so that:
      1. Messages that have NOT been listened to or deleted are stored indefinitely. (Messages that have been deleted by the mailbox owner are gone from the system and cannot be recovered.)
      2. Messages that have been listened to and not deleted by the mailbox owner are automatically deleted by the system after 14 days. "Listened to" includes listening to only a part of the message, not necessarily the entire message.
      3. Users with Remote Notification on their mailbox will have their "listened to" but undeleted messages retained for 30 days, then automatically deleted by the system.
  6. International Calling Privileges
    1. International calling privileges require your group leader’s or department head’s approval.
  7. Monitoring for Telephone Abuse
    1. Please be aware that SLAC management can and does monitor telephone usage for abuse. For more specific information, see your group leader or department head.
  8. Modem Lines for Individual PC Fax Modems
    1. Requests for individual PC fax modem lines will be considered on a case by case basis.
  9. Call Forwarding
    Any phone-set may be forwarded to another on-site extension. One example would be to forward your phone directly to voice mail while you are not available to take calls. Call forwarding is described in the Telephone Features section for both the single-line and multi-line telephone sets.
    1. Call forwarding to a non-SLAC extension (for example forwarding calls to your cell phone) is known as external call forwarding and requires approval from your supervisor or group leader.

Any SLAC employee found to have intentionally violated the policy herein stated, shall be subject to disciplinary action up to and including termination. A User violating this policy may have his/her device removed from the network and any SLAC network or computer access disabled. Reinstatement will require the review and approval of the Chief Information Officer (CIO) with concurrence from the appropriate Associate Lab Director. Equipment may be confiscated for forensic review with concurrence or direction from Legal and/or Human Resources.

EXCEPTIONS TO POLICY

Any exception to this policy must be in writing and approved by the CSO with concurrence from the CIO. The exception shall include detailed explanation and be distributed to the owner of this policy.

UPDATING THIS POLICY

The head of networking and telecommunications or his designee will update this policy as necessary to comply with new laws and regulations. This policy will be reviewed by the CIO or his designee at least annually

REFERENCES

Basis for Issue:
Memo from Lab Director

Related SLAC or Stanford Policies, Memos or Directives:
Stanford University Computer and Network Use Policy

Stanford Information Security Incident Response

Limited Personal Use of Government Office Equipment including Information Technology
Related Computer Security References:
Use of SLAC Information Resources Guidelines

Definition: The term “users” applies to all SLAC staff, contractors, assignees, visitors, and individuals that have custody of or access to SLAC information, systems, or network.

Reviewed: November 2011
Owner: SLAC Computing Division
Last updated: November 2011
For comments or corrections contact: cd-neteng @slac.stanford.edu

  • No labels