If you have a networked device or devices behind a SOHO or Building-level-type firewall on any of the HSEAS network segments, you are expected to know and abide by the following policy, and ensure that any users of those systems know and abide by this policy:
- Falsifying MAC (hardware/ethernet) addresses
- Providing gateway services to non-registered devices
- Do not provide services to other hosts behind the firewall and gateway those services outside of the firewall ( e.g., do not run a sendmail server to exchange mail with external hosts)
- Do not attempt to provide services to hosts/devices outside your protected LAN (i.e., do not make it possible for external hosts to enter the protected LAN, e.g., via peer-to-peer services, such as, but not limited to, Direct Connect, LimeWire, Kazaa, GNUtella, etc). Note that some forms of video-conferencing (e.g., Skype) may be allowed after discusssions with the CNG. Please be aware that peer-to-peer (p2p) file sharing is not necessary to conduct business within HSEAS. We have safer alternatives.
- Have good antivirus/anti-spyware software that is updated on a regular basis. Updating once a week is insufficient; daily updates are reasonable, and even better are those packages (newer versions of Norton, Trend, Sophos or AVG) that update on an almost real-time basis.
- Keep your systems up-to-date with patches.
- While you are behind a firewall, you are still required to observe privacy concerns. Specifically, you may not read anyone else's mail and may not read any user files that require administrator (root) privileges. To do so is a violation of Federal and State law, and UR policy.
- No pirated software or other copyright violations.
- Provide for backups (and make sure the backup media is secured).
- Good passwords (known only to the account holder), no shared accounts, no accounts without passwords.
- Accounts may only be assigned to members of HSEAS, and any names should not be in conflict with names in use as assigned by the CNG. That is, if 'joe' is the HSEAS login name for 'Joe Smith', then you may not use 'joe' for 'Joe Jones'. There should be no misrepresentation as to the identity of any user.
- We will normally attempt to contact you - but may have to act before we can do so.
- We will attempt to determine the source of the problem behind the firewall. If we are able to do so, we will then alter the firewall configuration so that traffic from the offending device is not passed outside the firewall (hosts behind the firewall may still be affected by the offending device). The firewall configuration will be restored once the problem is resolved by you or your agents.
- If we are unable to determine the source of the problem, and if we deem the problem sufficiently severe, we will disable the switch port providing network connectivity to the firewall. Connectivity will be restored as soon as the problem is resolved by you or your agents.
Last modifed: Thursday, 07-Apr-2011 09:34:45 EDT