The University operates an institutional-wide network infrastructure (the Integrated Communications Network – ICN) and converged network applications and services, including voice and video, to support all of the information access, collaboration and interchange requirements of the University community, both internally and externally. Access to this network infrastructure and services by the University community will be available under the following principles:

• The University provides Network Access to the ICN:
  • to all authorised users within the University Community.
  • to network connecting devices that have been authorised for connection and that have been allocated an IP address within the University’s IP Address range.
  • for authorised users requiring remote access to business area subnets, then only via VPN tunnels over the Internet.
  • for authorised users wishing to use network connecting devices which are not the property of, nor under the control of the University, then only via the University’s authentication and access gateways.
  • for network connecting devices and any network devices used by non-ANU Entities that have been allocated an IP address within the University’s IP Address range, then only via a University managed boundary network device.
• Authorised users shall adhere to the University’s Policy on Acceptable Use of the Information Infrastructure.
• Only network devices managed by the University are authorised for connecting to and operating on the University’s ICN.
• In accessing the network, authorised users shall adhere to, and network connecting devices shall conform to, the University’s Policy on Information Infrastructure Security.
• Network connecting devices shall be configured and maintained so as to meet the relevant network interface Standards for the ICN, not cause network performance degradation, not cause excessive, unwarranted traffic flows, and be suitably hardened against network security threats.

Procedures:

University Responsibilities

1.      The University is responsible for:

1.1 Establishing and managing life cycles of user accounts for authorised users from those within the University Community requiring Network Access.

1.2 Providing and maintaining authorised users with Network Access for activities and uses approved by the University.

1.3 Securing the ICN against network security threats, such as denial of service, and information services security threats, such as viruses, worms, trojans, initiated either externally or internally, by:

1.3.1 applying intrusion detection, blocking and filtering strategies to external security attacks;

1.3.2 applying network blocking strategies to University network connecting devices which are significantly degrading network performance or are believed to be causing network security attacks;

1.3.3 instructing any authorised users identified responsible for network connecting devices which have been blocked from network access on obligations they must undertake before network access is restored;

1.3.4 requiring any network connecting device identified as a source of security attack, or suspected of being compromised, to be suitably hardened against network security threats before network access is restored;

1.3.5 suspending an authorised user’s network access for breaches of the Acceptable Use of the Information Infrastructure Policy resulting from penalties or disciplinary action imposed under the Information Infrastructure Rules.

1.4 Authorising and providing non-ANU Entities with Network Access and determining the form of the network access.

1.5 Ensuring the obligations of the University’s Access Agreement with AARNet Pty Ltd are met and requirements of the Policy on Allowed Access to AARNet are adhered to by authorised users and the staff and contractors of non-ANU Entities identified as 3rd Parties under this Access Agreement.

User Responsibilities

2. Heads of Budget Units are responsible for:

2.1 providing appropriate network access to respective business areas for authorised users requiring access to network connecting devices under the control of the respective Budget Unit;

2.2 authorising network connecting devices for network access on to any subnets allocated to them;

2.3 ensuring that IP addresses and host names allocated to their areas are only used by authorised users and approved network connecting devices;

2.4 setting up user accounts for Visitors and the ongoing life cycle management of these user accounts and visitor access;

2.5 ensuring Visitors are familiar with the obligations of the Acceptable Use of the Information Infrastructure Policy and the relevant areas of the Policy on Allowed Access to AARNet.

2.6 ensuring unapproved network devices are not given Network Access.

2.7 managing the flow of information from the Internet to their respective subnets and the meeting all traffic related costs associated with these flows and volume of flows.

3.   Authorised users must:

3.1 respect the rights of other users, respect the integrity of the network, systems and physical infrastructure, and observe all relevant policies, laws, regulations, and contractual obligations.

3.2 not connect any network devices to the ICN. In particular, authorised users must not extend their local network with hubs, switches or wireless LAN access points. Any additional network services or extensions to the network infrastructure will be provided by the University in accordance with the Network Operations Policy.

3.3 not launch or use communications applications or services for a purpose, in a manner or with a configuration which contravenes the Acceptable Use of the Information Infrastructure Policy or the Policy on Allowed Access to AARNet.

4. Non-ANU Entities must:

4.1 only allow network access to staff and contractors of the non-ANU Entity for the purposes of the business and\or activities of that non-ANU Entity;

4.2 only allow network access to network connecting devices under the control of the non-ANU Entity.

Authorisation

The University responsibilities identified in this Policy are vested with the Division of Information.

Relevant Contractural Obligations:

AARNet Access Agreement

AARNet Policy on Allowed Access to AARNet

AARNet Regional Connection Agreements

Definitions

Authentication and access gateway: is a security mechanism managed by the Division of Information to allow authorised users using network connecting devices, which are not the property of nor under the control of the University, access to the ICN.

Authorised user: is a person defined under Rule 6 of the Information Infrastructure and Services Rules, 2006, and includes University staff, students, Visitors with a currently active user account count.

Heads of Budget Units: includes College Conveners, Deans and Directors of Faculties, Schools and Centres, and Directors of Administration and Information Divisions, as defined in the Delegations of Authority Policy.

Network access: means access to the University’s Integrated Communications Network (ICN) for Authorised Users to access the University’s information infrastructure and services, and for non-ANU Entities, a transiting service to external Carriers and ISPs.

Network connecting devices: include servers, desktop computers, laptop computers, printers, scanners, photocopiers, personal computing devices and other computing devices with networking interfaces capable of connecting to the ICN.

Network Devices: are active network equipment which are required for the end-to-end operation of the ICN and include core network switchouters, distribution network Ethernet switches and routers, access network Ethernet switches, optical fibre transceivers, copper line drivers, microwave radio point-to-point and point-to-multipoint terminals, wireless access points, network monitoring devices, network security devices, network application servers, network gateways, authentication and access gateways, Carrier gateways, voice servers and voice support application servers.

Non-ANU Entity: is a separate legal entity to the ANU and, for the purposes of this Policy, has a presence within the University boundary. It therefore requires, as a minimum, access to the ICN’s passive network infrastructure and requires and may require either network and\or voice services from the ICN.

Subnet: is a contiguous group of IP addresses from the University’s IP Address range assigned to a Head of Budget Unit or non-ANU Entity for local network connections of network connecting devices within their respective area of responsibility.

University community: includes staff, students and visitors of the University and, therefore, are entitled to access to the information infrastructure and services via the ICN.

Visitors: are authorised users who are within the University Community, but who are not ANU staff or students, who have been approved by a Head of Budget Unit to have access to specific information infrastructure and services. This term replaces the term Affiliate.

VPN: virtual private network access is a secure, authenticated Internet access mechanism into the ICN for remote authorised users.

Introduced: 10 December 2004

Review Date: 8 June 2009

Extensive Revision 2007, re-released 8 June 2007