The University of Vermont

Skip Main Content Area
computer and network security policy

Network Security Policy Summary

A number of security policies are described throughout the computer/network use policy and network security Web sites. For the convenience of the casual reader, the policies especially relevent to network security are summarized here.

Individual Rights

Intellectual Freedom: Subject to the limitations set forth in the University's Computer and Network Use Policy, the University encourages the free and open expression of ideas, including those that are unusual or unpopular.

Safety From Harrassment: While unwanted or unsolicited contact cannot be controlled on the network, network users who receive threatening communications should bring them to the attention of University Police.

Privacy: Information traversing the campus network is not private. The University reserves its right, as owner of the network and the computers in question, to examine, capture, archive, and otherwise inspect any messages transmitted over the campus network and any data files stored on University-owned computers. Electronic communications are by no means secure, and, in the course of ordinary management of computing and networking services, support personnel may inadvertently view user files or messages. In addition, if a user is suspected of violations of the responsibilities as stated in this document, that user's privacy is superseded by the University's need to maintain the network's integrity and the rights of all network users.

University Rights and Responsibilities

  1. In order to help protect the campus network and assets connected to it, the University may need to take certain actions when a networked system is discovered to have been compromised or, in some cases, when it is especially vulnerable to attack. Those actions include, but are not limited to, the following:
    • moving the system to a more protected security class;
    • disabling the internet address of the computer; or
    • physically disconnecting the system from the network.
       
  2. The University will routinely scan networked systems to detect vulnerabilities, especially for systems in the least protected security classes. Information gathered will be shared with the respective system administrators and their management.
     
  3. The University reserves the right to inspect the content of any computer connected to the campus network or owned by the University.

User Responsibilities*

  1. Users agree
    • to be responsible for the use of computer accounts, passwords and network ID and all computer accounts that are assigned to them;
    • not to misrepresent themselves on the network; and
    • not to gain or attempt to gain unauthorized access to other systems.
       
  2. Users agree not to violate system security; to interfere with system performance or another user's use of the system; or to access network accounts, files or passwords intentionally and without authorization.
     
  3. Users agree to abide by laws and contractual agreements including licensing agreements and copyright laws.
     
  4. Users agree not to use the network to infringe on the rights of any person or give unauthorized access to another system.

*See the computer and network use policy for full official use policy.

Server Administration Responsibilities

Departments, their managers and systems administrators who run departmental servers agree:

  1. to maintain security on departmental servers;
  2. to promptly respond to security exposures and emergencies;
  3. to weigh the costs and benefits of funding/managing local servers compared to employing institutional servers and related services.

*** Security Note for Researchers ***

Proposed Language To Be Included In Federal Research Grant Documents

Any Internet-connected information technology acquired or otherwise supported using funds from this grant must be configured in compliance with minimum security benchmarks such as those published by the Center for Internet Security and must have applicable operating system and application security patches and updates installed within seven days of their availability on the vendor's web site.
 
The institution receiving the grant will maintain automated records containing compliance scores and patch history information for each of the systems supported under this grant. This information should be available to the granting agency upon request.

 

 

Last modified January 07 2002 12:35 PM

Contact UVM © 2009 The University of Vermont - Burlington, VT 05405 - (802) 656-3131