Network Access Compliance Policy

Originally Issued: July 2012

Contacts: Don Diener Lori Temple

Download Policy Document Download Procedure Document

Policy

The UNLV network is divided into publicly accessible and non-publicly accessible areas. Systems may be placed on the UNLV network only in consultation with and with the approval of the Office of Information Technology (OIT). Systems in the non-publicly accessible areas of the network can be accessed only through methods approved by OIT.

OIT Approved Method for Accessing Non-publicly Accessible Areas of the Network

VPN Software

Virtual Private Network (VPN) software allows for a temporary encrypted connection to the network from off campus.

Please visit the UNLV VPN information page for instructions on utilizing the UNLV VPN service.

If the approved method is not meeting your need, please contact the policy owner.

Statement of Purpose

The purpose of this policy is to:

  • Create a secure network environment for UNLV's computer and network resources by establishing different levels of network access to meet the needs of UNLV staff and students as well as the general public.
  • Ensure UNLV is in compliance with the Nevada System of Higher Education (NSHE) guidelines and network security best practices.

Entities Affected by Policy

Entities affected by this policy include UNLV students and employees and anyone who accesses the UNLV network.

Who Should Read This Policy

UNLV students and employees and anyone who accesses the UNLV network should read this policy.

Exceptions

  • Currently, there are no predefined exceptions to the Network Access Compliance policy
  • Exceptions will be made on a case-by-case basis

To make a request for expanded network access, please complete the IT Policy Exception Form.

Exception requests will be processed within 10 business days of receipt of the request.  If an exception is created, the exception will be audited on an annual basis. The owner of the system or a listed designee must respond to the annual audit and verify that the exception is still required.

Upon approval of the exception, OIT staff will work with the requester to establish the parameters for placing their system on the network. To establish appropriate placement on the network, the following information will need to be provided and/or developed:

  • Technical documents that detail the network protocols and services provided by the system
  • Beginning/end dates and hours of operation of the system
  • Topology diagrams showing interconnects with the UNLV network, the Internet, and other private networks
  • A risk mitigation and audit plan to protect sensitive data and preserve the integrity of the UNLV network
  • Designation of primary and secondary points of contact who will respond to changes or problems related to the system

Exceptions will be reviewed annually.

Changes to the exception may only be requested by the system owner or a documented designee appointed by the owner.

Frequently Asked Questions

What is the Network Access Compliance Policy?

The policy requires that all network connected devices at UNLV be protected from the internet by firewalls or other network security mechanisms. Devices which require inbound access from the internet such as servers should be located in a Data Center. All other network systems such as desktop computers, printers, mobile devices  etc. will not be allowed to act as servers or receive direct inbound connections from the public internet. 

Why is the Network Access Compliance Policy being implemented?

The policy is being implemented as a result of guidance provided through the NSHE Security Audit conducted in the Spring of 2011. The security audit directs UNLV to adhere to the NSHE Procedures and Guidelines manual (PGM) chapter 14 Section 3.3.  Providing a firewall between network devices and the public internet is also a best practice procedure by the National Institute of Standards and Technology.

How will the Network Access Compliance Policy affect my daily work at UNLV?

Most UNLV staff and students will not need to take any action and may not be aware of this policy. If you are operating a server or trying to reach your desktop computer from home or another remote location you may need to take action as described in the sections below.

How do I connect to my UNLV desktop computer from home or another remote location if it is behind the campus firewall?

UNLV provides a Virtual Private Network (VPN) for this purpose. The VPN allows you to connect from a remote location to the campus. The VPN client works with Windows, Mac, Android, and iPhone.

I manage a server which is located in my office. My department uses this server to improve our productivity. We need to connect to this server from the internet and around campus. Will the Network Access Compliance Policy prevent us from connecting to this server?

Access from the internet to this server will be restricted by the Network Access Compliance Policy. OIT staff can work with you on moving your server into a managed data center. Once the server is in a data center, we can make exceptions to network access rules so your server can be reached from the internet and from campus locations as necessary. The data center will also provide many other benefits such as redundant power and cooling systems, physical security, monitoring and easy remote access options.

I need to manage my own internet connection or maintain my own firewall. I do not want my network access filtered by the campus firewall. What options do I have?

Generally this approach is not necessary as UNLV can pass data to you through the campus firewall without blocking any protocols. However, if you request and receive approval for an unfiltered network connection, you will be provided with network addressing and network connectivity. Please note that this type of network service will be positioned outside of the security perimeter of the campus. With this configuration, your security relationship to UNLV internal resources will be similar to any other internet user. For example, connectivity to private networks, internal servers and services will not be available.

I have a research project which requires custom network access and may conflict with the Network Access Compliance Policy. Will this policy limit my research activity?

The Network Access Compliance Policy is not intended to limit research or academic activities. A simple process has been developed to help you request an exception to the policy. Once you complete the web-form linked below, an OIT staff member will review the request and work with you to configure your network access.

IT Policy Exception Form

We are working with a vendor who needs to connect to a computer system at UNLV from the vendor’s remote location. How do we allow the vendor remote access to manage or support our systems?

Many vendor solutions can be supported by the UNLV VPN service.

If the VPN service does not meet the requirements of the system, please complete the exception form below and an OIT staff member will be in contact to assist you with reviewing your requirements and designing a solution which meets your needs. 

IT Policy Exception Form