Rationale: The UND Network is a common and strategic resource for members of the UND community and its constituents and must be secured to retain availability and confidentiality. Network authentication can help UND identify those who may threaten network security or use the network for illegal activities. NDUS Network Technology Standards states, “Access to network resources should be authenticated and users should be accounted for with appropriate timestamps and IP addresses.” UND’s network is considered ‘private’ to avoid costly network changes as may be required by Communications Assistance for Law Enforcement Act of 1994 (CALEA). For these reasons, the UND network will implement authentication to the UND Network.
Network Definition: The UND network is comprised of the campus physical components such as cable, switches, telecommunications equipment, wireless access points, routers, firewalls, virtual private network (VPN) concentrators, dial-up and DSL access and connection points to the ND’s Statewide Technology Access for Government and Education network (STAGEnet), Internet, Internet2, and Northern Tier Network Consortium. The UND network also has logical components such as IP addresses, directory services, and routing.
Any computer or device using an Internet address assigned to the University or connected to a UND campus physical port or wireless access point is considered to be connected to the UND Network.
ITSS will lead a campus wide effort for network authentication including the following steps: 1) developing an identity and access management system to identify who may access the UND network; 2) determining what capabilities are provided with network access; 3) implementing existing policies and procedures and seeking additional ones as may be needed, 4) determining an appropriate technology solution for authentication; and 5) seeking funding and implementing. We anticipate complete implementation of campus wide network authentication within 3 years.
Network Encryption: Network encryption is the practice of using code to ‘scramble’ communication in preparation for transit and ‘unscramble’ it on the receiving end making it difficult for someone to capture a network stream and read the information. There are some network segments in which network encryption is used, however there is no campus-wide standard or established expectation that all UND network traffic is to be encrypted.
Applications that accept, provide or store private, confidential or protected information should include encryption in the system planning and development. Individuals who use encrypted applications should be cautioned to not use the same password on unencrypted systems as it may be captured and misused for secure applications.