Permitting Internet Access to University Computing Resources
Central Connecticut State University has installed a number of system and network security components into the CCSU network, including two firewall devices, in order to meet the University's requirements of maintaining secure computing resources. These devices allow the University to manage resources that can be accessed from non-university and non-secure networks, such as the global Internet.
While the University provides centralized computing resources to the campus community for the purpose of making informational and academic materials available to students, faculty, staff and the general population, it is understood that some faculty and staff may need to make other computer resources available to the Internet for these purposes. While providing such access is desirable at an academic institution, it also creates a number of serious security risks. The overall goal of this policy is to allow faculty and staff the flexibility to offer resources, while maintaining the overall integrity and security of the campus computer systems and networks.
In order to secure Internet access to non-Information Services maintained resources, the requesting party must complete a Request for Public Internet Access to University Resources form available on the university web server at http://www.infoserv.ccsu.edu/forms/fwinternetaccess.htm.
Information Services will perform a security audit of the requested resource within three working days of the request. Before access to the device is granted, the resource must have the proper security configuration and system updates in place. Information Services will provide the client with a detailed report of what vulnerabilities need to be addressed in order to secure internet access and where possible how to complete those changes. Once the resource has been determined to be secured, Information Services will then allow inbound Internet access to the device for the services requested. The faculty or staff member responsible for the resource is responsible for the continued updating of security for such resources.
Information Services will periodically on a random basis perform a security audit for that resource and inform the client of any required updates to allow for continued secure operation on the campus network. From time of notification, the operator of the resource shall have up to five days to complete the required changes. If those changes are not complete, access to the resource will be disabled until such time the operator completes an updated Request for Public Internet Access to University Resources form and the system is determined to be operating securely.
In the event that a substantial security risk to university system and networking resources is determined, the University reserves the right to immediately disable access to the offending resource until such time as the required security modifications have been completed.