Privileged Campus Network Access Operations Procedures

INTRODUCTION
Privileged campus network access enables an individual to take actions which may affect computing systems, network communication, or the accounts, files, data, or processes of other users. Privileged campus network access is typically granted to those who need to set up servers, provide network services, assign static IP addresses, distribute IP addresses, subnet IP addresses, or attach network devices such as networked end-user computers, networked printers, networked video and audio devices, hubs, switches, routers, appliances, wireless devices, repeaters, and bridges.

Individuals with privileged access must respect the rights of the current system users, respect the integrity of the existing campus network systems and related physical resources.

Individuals who are seeking privileged access must inform ITS in advance about the scope and types of work involved, and must obtain consent from ITS.

Individuals also have an obligation to inform themselves regarding any procedures, business practices, and operational guidelines pertaining to the activities of their local units or departments.

Individuals with privileged access must comply with applicable policies, laws, regulations, precedents, and procedures, while pursuing appropriate actions required to provide high-quality, timely, reliable, computing services. For example, individuals must comply with provisions of the AAMU Electronic Mail Operations Procedures which mandate the least perusal of contents and the least action necessary to resolve a situation.

GENERAL PROVISIONS
 1.  Privileged campus network access is granted only to authorized individuals. Privileged campus network access shall be granted to individuals only after they have read and signed this Agreement.
 2.  If it is deemed to be appropriate for the security and overall network performance, unauthorized network devices will be disconnected, disabled, blocked, unlinked or dismounted from the campus network without prior notification to the individuals.
 3.  Privileged campus network access may be used only to perform assigned job duties.
 4.  If methods other than using privileged campus network access will accomplish an action, those other methods must be used unless the burden of time or other resources required clearly justifies using privileged campus network access.
 5.  Privileged access may also be used in the following exceptional circumstances:

 •  Disabling an account apparently responsible for serious activities such as: making attacks on root (UNIX) or the administrator account (NT), using a host to send harassing or threatening email, scanning network devices, scanning ports, using software to mount attacks on other hosts, or engaging in activities designed to disrupt the functioning of the host itself and others;
 •  Disconnecting a host or subnet from the network when a security compromise is suspected;
 •  Disabling or blocking network ports or subnet when a moving average network traffic utilization exceeds normal and preset threshold utilization of network traffic;
 •  Accessing files for law enforcement authorities with a valid subpoena;
 •  In the absence of compelling circumstances, the investigation of information in, or suspension of, an account suspected to be compromised should be delayed until normal business hours to allow appropriate authorization and/or notification activities;
 •  Disabling devices with unauthorized use of network identification numbers;
 •  Disabling a network server (WWW, NNTP, SMTP/POP3 etc.,) that is providing services unrelated to the mission of the University;
 •  Disabling network devices that overuse connection time, central storage spaces, printing facilities, network capacity, and/or network utilities.

 6.  Privileged access may be revoked, changed, or denied temporarily in cases of misuse. Individuals with privileged access shall take necessary precautions to protect the confidentiality of information encountered in the performance of their duties.

SANCTIONS
Violation of the operations procedures described above will be dealt with seriously and will be subject to the loss of network access privileges. Illegal acts involving AAMU computing resources may also be subject to prosecution by state and federal authorities.