This policy prohibits network activities undertaken within a UCSF unit that may result in security risks or inappropriate use of the campus network and online resources. Examples of this type of activity include installation of modem pools, proxy servers or VPN gateways. This policy does not cover the installation of hubs, switches, and other network devices that extend the internal network without providing external access.
A common connection point for devices in a network.
A proxy server that does not require users to be identified or authorized to use the proxy, although it does make them appear to be authorized users of the network hosting the proxy server.
Also called a"proxy"or"application level gateway,"it is an application that breaks the connection between sender and receiver. All input is forwarded out a different port, closing a straight path between two networks and preventing a cracker from obtaining internal addresses and details of a private network.
A network device that selects a path or circuit for sending a unit of data to its next destination. A switch also may include the function of the router, a device or program that can determine the route specifying to which adjacent network point the data should be sent.
Campus units shall not install devices that allow access to the campus network if those devices compromise network security or otherwise allow inappropriate use of UCSF network resources. Campus units may install the following or similar devices to meet departmental operational requirements only after providing indicated basic registration information to Information Technology Services (ITS):
- Proxy Servers other than Open Proxy Servers – Proxy servers must not be deployed to circumvent UCSF network and systems security policies. Campus departments implementing proxy servers must describe their purpose and constituency to ITS and provide a contact phone number.
- Circuit-switched Remote Access Gateways – Dial-up access to university systems for purposes such as system maintenance and monitoring must be password-protected with call-back, and must not be deployed to circumvent UCSF network and systems security policies. Campus departments implementing dial-up gateways must describe their purpose and constituency to ITS and provide a contact phone number.
- Other Gateways (NAT, T-1, etc.) – Gateways must not be deployed to circumvent UCSF network and systems security policies. Campus departments implementing network gateways must describe their purpose and constituency to ITS and provide a contact phone number.
- Unsecured Wireless Access Points – Any access device on the campus network must be appropriately installed and configured to prevent unauthorized use of the campus network or computing resources.
- When the campus establishes policies for network border security through the IT Governance process, all entry points to the campus network must comply with those policies through implementation of firewalls or other access control methodologies.
Open proxy servers are not allowed on campus. ITS will regularly monitor the campus for open proxies and notify the appropriate administrator if one is found.
Contact Responsible Office (see above) with any questions.