Network Standards - University of Maryland, Baltimore

gazecummingΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

53 εμφανίσεις


1








University of Maryland, Baltimore



University of Maryland School of Medicine


University of Maryland Medical System Corporation

University Physicians, Inc
.





NETWORK STANDARDS MANUAL



Version 3.0









APPROVALS:

______________________________
__







David J. Ramsay
, D.M., D.Phil.







President, University of Maryland










Baltimore















_________________________________







Donald E. Wilson
, M.D., M.A.C.P.







President, University Physicians, Inc.







Vice President

for
Medical Affairs







Dean,
University of Maryland
School of Medicine





________________________________







Edmond F.
Notebaert







CEO, University of Maryland








Medical System Corporation



2

Purpose:


The University of Maryland Baltimore
(UMB), the University of Maryland Medical
System Corporation (UMMS) and University Physicians, Inc. (UPI)
and others

are
referred to collectively in these Network Standards as the "UM Network Service
Providers".
Because of the size, extent and unique netwo
rking requirements of the School
of Medicine, its Office of Information Services is considered to be one of the
four
UM
Network Service Providers for the purposes of this document
.

Each of the
four
P
roviders

maintains computer networks in its facilities on

or adjacent to the UMB campus and at
other locations.

These networks are essential assets of the organizations, and must be
managed as such.

Each organization’s computer network
s

must interrelate to some degree
with those of the other entities.


When it i
s appropriate, e
mployees of each
organization
may use the facilities and
software resources of the other
s
.

Students of UMB may also use the resources of the
se
organizations when appropriate
.



Recognizing the advantages of common Network Standards to reduc
e risk of network
failures and loss of communication and coordination among the networks
,

the UM
Network Service Providers
agree

to adopt these Network Standards as guidance for their
employees

and for UMB students.
Malicious

violations of these Network St
andards are

grounds for discipline under appropriate employment or academic policies.


References to "UPI" shall be deemed to include all professional associations under the
Medical Service Plan and their subsidiaries and controlled entities.

References t
o UMMS
shall include all corporate affiliates designated by UMMS, including UniversityCARE,
Deaton, and Kernan.




3

CONTENTS




I. Network Protocols



A.

Novell IPX






4




B.

Apple Talk







4


C.

TCP/IP







5



D.

DECnet/LAT






5


E.

Domain
Name Services





6


F.

SNMP







6



G.

Windows NT






7


II. General Network Practices

& Security




7


III. Network Violations and Enforcement




8



4

I.

Network Protocols


A.

Novell IPX


1.

EthernetII will be the standard IPX frame type for all Novell

networks.


2.

No IPX network will use a single digit network number or use a
single digit number preceded by all zeros (example IPX network
number 00001).

All Novell network numbers will consist of a
minimum of 5 digits.


3.

Novell servers will not function as
routers.

This function shall be
disabled on all servers.


4.

UMB
and the

School of Medicine

will continue
their

existing
Novell
network
-
numbering

scheme
which is

based on a
system
employed

by University of Maryland Baltimore County and
University of Maryland,

College Park.

UMMS and UPI
can
continue their existing numbering schem
e
based on the
hexadecimal value of the router port to which the segment is
connected.



B.

AppleTalk


1.

Only Extended AppleTalk will be supported on the networks of the
UM Network Servic
e Providers.


2.

All AppleTalk devices will be configured as soft seed routers.

Only Cisco routers will be configured as hard seed routers.


3.

UMB will continue its existing AppleTalk cable range scheme.


4.

UMMS and UPI
can


continue their existing AppleTalk cable

range
scheme.


5.

In all instances
,

UM Network Services will administer AppleTalk
cable ranges and zones.


6.

Single digit cable ranges (example: 1
-
1) will not be used.


7.

Cable ranges will not exceed 5 digits (example: 1
-
5, 6
-
11).


8.

Zone names shall not include a
ny of the following characters:
*asterisk, = equals sign, ~ tilde character, : colon.



5

9.

Novell servers will be configured for discovery mode only.

All
Novell servers will use the statement bind AppleTalk Macs net=0
-
0 to apply this function.


C.

TCP/IP


1.

If i
t is feasible,
a
ll router interfaces will be numbered 1 in the last
octet of the IP address (example: 134.192.123.1).


2.

RIP will not be used as a valid routing protocol.

In cases where
devices do not support routing protocols such as OSPF or EIGRP,
static r
outes will be applied


or RIP v2 may be used instead
.


3.

When multiple router interfaces are present on a segment, the
router interfaces
should
be odd numbered

if feasible
.


4.

UMMS or UPI requires the use of either BOOTP or DHCP
services for IP addressing.

UMB
does not require the use of DHCP
or BOOTP but recommend
it
.

Only workstations should use
BOOTP or DHCP. Devices such as servers, routers, bridges,
printers, etc., should have static IP
or DHCP reserved
addresses
.


5.

Only devices approved by

UM

Network Servic
es will be a
llowed

to use broadcast capabilities
.


6.

All IP
non
-
private

addresses will be administered by
UM

Network
Services
. Organization contacts are
:

UMB



CITS

6
-
DATA

UMM
S

-

UMMS Help Desk 8
-
0802

UPI

-

UPI NOC 8
-
8348




SOM

-

Office of Information Servi
ces

6
-
2881


7.

BOOTP and DHCP services will be supplied and administered by
UM Network
S
ervices personnel.

Any devices that can provide
BOOTP and/or DHCP functionality must have these services
disabled, unless approved by UM Network Services.


8.

All application

host devices will be referred to by name and not by
IP address for connectivity

if feasible
.

Only router gateways and
DNS's will be referred to by their IP address.


D.

DECnet/LAT


1.

DECnet/LAT is no longer support
ed

through UMB routers.




6

E.

Domain Name Se
rvices (DNS)


1.

Only DNS servers approved by U
M

Network Services will be
allowed on the network.


2.

Only UM Network Services will obtain, administer, delete or
change Internet domain names.


3.

UM Network Service Providers will follow the
BIND conventions.


4.

Devic
e names must start with a letter, and will consist of
alphanumeric characters

a
a
n
n
d
d


h
h
y
y
p
p
h
h
e
e
n
n
s
s
.
.



5.

Only
the
UM Network Service
Providers
will provide Reverse
Host and Mail Exchange Records
.


6.

HINFO Records will not be included.


7.

A secondary DNS must be provided.



F.


Simple Network Management Protocol (SNMP)


1.

All Campus SNMP devices must be configured so that the READ
ONLY community string will be public

provided this does not
pose an unnecessary security risk to an organization
.

UMMS and
UPI
may
continue using t
heir existing scheme of configuring the
READ ONLY community string.


2.

All network management software and hardware/software packet
decode platforms will be used only by UM

Network Services
personnel.

Any
other individual or group
desiring the capability to
monitor/manage its own local segment must
obtain
approval from
UM Network Services.

UM Network Services can remove any
network management software and hardware/software packet
-
decode platforms from the network that have not been approved by
UM Network Serv
ices
.


3.

For all SNMP devices, READ WRITE community strings must be
changed to an approved UM Network Services community string

provided this does not pose an unnecessary security risk to an
organization
.


4.

Access lists should be used for SNMP devices.



7

5.

SNMP
polling rates
should
be no more than once every 300
seconds (5 minutes) for all non
-
UM Network Services SNMP
management platforms.


6.

All network infrastructure devices (routers, hubs, switches, etc.)
must have SNMP capabilities enabled

provided this does no
t pose
an unnecessary security risk to an organization
.


7.

In all instances, all network infrastructure equipment not installed
by UM Network Services must be
approved

by UM Network
Services prior to installation.


8.

If you have any questions regarding the co
nfiguration of SNMP
compatible equipment
,

please call
the applicable U
M

Network
Service

Provider
:

UMB

-

CITS
6
-
DATA

UMM
S
S

-

UMMS Help Desk 8
-
0802

UPI

-

UPI NOC 8
-
8348

SOM

-

Office of Information Services
6
-
2881


G.

Windows NT


1.

NetBEUI protocol should be dis
abled when configuring NT
servers.



II.

General Network Practices & Security


General network practices are defined to protect the integrity of organizational
networks.

These practices must be followed to assure adequate protection of
system security, as
well as appropriate user access.



A.

No network capable games
or non
-
business related software

is

allowed on
any workstation or server owned by one of the
organizations

without the
express written consent of

UM Network Services
.

Use of illegal
ly
obtained

sof
tware is
strictly
prohibited.


B.

Only UM
N
N
etwork
S
S
ervices personnel will configure and connect devices
to backbone infrastructure.

These devices include, but are not limited to,
bridges, firewalls, intrusion detection devices, network monitoring tools,
VPN
devices, routers and hubs and wireless access points.


C.

No device that is directly connected to a LAN segment
controlled by UM
Network Services

will connect to an external Internet Service Provider or
other system by remote control/access services unless th
at

connection is

8

established through a secure connection or VPN
approved by UM
Network Services
.


D.

Any requests for waivers
to
these Standards

must be approved by the CIO
of the initiating organization
.


E.

No network equipment will be installed or located out
side
of
designated
wiring close
t or equipment room

accessible only to authorized personnel.
These devices include, but are not limited to bridges, firewalls, intrusion
detection devices, network monitoring tools, VPN devices, routers,
switches, hubs, etc.


F.

The use of all security devices or security software monitoring tools must
be with the approval of

UM Network Services
.



G.

No
data or files
shall be shared illegally
on
the network
s
.


H.

UM Network Services must approve installation of all wireless LAN

networ
k equipment.




III. Network Violations and Enforcement Procedures


A.

Violations of Network Standards are subject to disciplinary action.
Violations include, but are not limited to:


1.

Knowingly breaking into ("hacking") a network device or
workstation/server.


2.

Malicious
or intentional

destruction of network infrastructure.


3.

Broadcasting over the entire Class B network.


4.

Knowingly stealing or

forging

(

spoofing

)

another user's
connection or TCP/IP address.


5.

Installation and operation of non
-
approved infrastruc
ture
equipmen
t or software
.


6.

Sharing of the username and password for network devices.


7.

Use of peer
-
to
-
p
eer software
illegally

to transfer or share material.





9

Disciplinary action for
people

found to be

in
violation

of these Standards

will be in
accordanc
e with the
H
uman
R
esources policies of the

person’s
employer or
, in the case
of

student
s,

discipline policies of the appropriate UMB School.

In addition,
a
UM
Network S
ervice
P
rovider may take a
ny

action it deems appropriate, including disabling
an account

or user connection, in order to protect the integrity of the IT system.

These
actions must be taken promptly
and may

remain in effect

pending further review and
investigation of an incident.