Connection to IllinoisNet

Purpose

This policy is established to ensure that any component of communications or computing equipment connected to the University of Illinois network, IllinoisNet, will:

  1. comply with applicable laws and regulations and is consistent with the teaching, research, and service missions of the University;
  2. ensure that connected devices that use, store, and transmit information in electronic form comply with the University’s legal and ethical responsibilities to protect such information from illegal or inappropriate access, disclosure, modification, and destruction;
  3. ensure that connected devices maintaining critical University data operate in such a manner so as to provide for continuity of University business operations, research, and teaching in the event of significant disruptions;
  4. ensure that the connected devices operate effectively through adopted standards and use restrictions for compatibility and interoperability; and
  5. ensure that connected devices using new technology present risks consistent with the informed acceptance of such risk by the University.

Scope

This policy is applicable to any communications or computational equipment connected either electronically or wirelessly to IllinoisNet and includes equipment owned or operated by faculty, students, staff, contractors and guests.

Authority

This policy is established and promulgated under the authority of the Vice Chancellor for Academic Affairs and Provost. Responsibility for the implementation and enforcement of this policy shall be through the Office of the Chief Information Officer (CIO).

Policy

  1. Computing equipment attached to IllinoisNet shall interoperate with existing communications and computing equipment and systems and shall not cause adverse effects on the network to the detriment of the research, teaching, and outreach mission of the University.
  2. Computing equipment connected wirelessly to IllinoisNet shall not cause harmful interference to other computing endpoints and users.
  3. Unless operating as a guest or as a federated entity, any connection shall be authenticated against established credentials (“netid”) and authorized for the connection attempted. All IllinoisNet traffic shall be identifiable as to its source and anonymous traffic is disallowed for security reasons.
  4. Guest access to IllinoisNet shall be provided through credentials having minimum privilege for the use authorized. Guests shall be granted access in accordance with the procedures outlined on Technology Services website (https://answers.uillinois.edu/illinois/90275). Personnel from other institutions participating as federated entities may access the network in accordance with the restrictions established through the federation process established with the third-party institution.
  5. Communication equipment attached to IllinoisNet must be preapproved by Technology Services Networking. Any such equipment shall be tested by Technology Services to ensure that it conforms to established networking protocols in use on IllinoisNet and interoperates without adverse effects. Unapproved communications equipment attached to IllinoisNet, unless covered by the exceptions in this policy, will be removed from operation by Technology Services networking personnel in accordance with procedures outlined in this policy.
  6. Any protocol or network traffic that has been shown to support an illegal process, or that supports an application posing unacceptable risk to the University, will be blocked by University firewall policy and applications using such protocols may not work properly. Computing equipment found to be generating unacceptable amounts of traffic, emitting protocol fragments with an intent to deny services to other network users, or generate substantially sequential access to a range of ports or network addresses shall be automatically disconnected from the network.
  7. Any computing equipment found to contain high-risk data as classified in the DAT01 – Institutional Data Security Standard and is determined by the Office of Privacy and Information Security to be non-compliant with University policy and standards, shall be disconnected from IllinoisNet.
  8. All voice telecommunications, other than pre-approved analog lines established for life safety purposes, shall be provided by the University VOIP system and connected to IllinoisNet.

Definitions

IllinoisNet
The branded name of the campus communications and computing network in its entirety, including both inside and outside physical copper and fiber optic infrastructure; physical support spaces; network routers and switches, associated networking equipment including caches, load balancers, and firewalls; and computational equipment including servers, storage, and other technological elements. IllinoisNet specifically includes wireless spectrum in the UIN-II (5 GHz) and ISM bands (2.4 GHz) designated as Wi-Fi and includes devices connected wirelessly through this media.
CIMS
Cable Installation and Maintenance Service, a Technology Services group that provides physical network, fiber, and video installation and maintenance.
Federated Entity
An entity identified by a set of credentials (identifier and password including a possible multifactor authentication token), provided by a third party through a consensual agreement with the University, that provides assurances that the person attempting to access resources of the University is a valid, authenticated user, and is authorized to access and use those resources.
SSID
Service Set Identifier which is used to identify a particular wireless network, and announced as part of the wireless connection protocol. The IllinoisNet wireless system announces one or more of the following: “IllinoisNet”, “IllinoisNet_Guest” or “Eduroam”.
VOIP
Voice Over Internet Protocol, a protocol for voice communications supplanting the circuit-based legacy telephone system where voice is digitized and transmitted as packets over a TCP/IP network.

Processes/Procedures/Guidelines

Anyone who wishes to attach devices to IllinoisNet shall use the following procedures:

  1. For wired computing equipment, use existing RJ-45 network jacks. In some facilities, RJ-45 wall jacks are unpatched to network switches. In these instances, users should contact local IT staff or call the Technology Services Help Desk to facilitate the complete connection of wired devices. This may involve patching the actual circuit, enabling the ports on the switches and establishing the connection security. If existing RJ-45 jack placement is inadequate or requires relocation, contact Technology Services or CIMS to place a work order to move, add, or change jacks.
  2. For communications equipment, including routers, switches and network hubs, contact Technology Services Networking for prior approval.
  3. For voice telephony, standard computing equipment with the Microsoft Exchange and Skype for Business packages are available through Technology Services. Contact Technology Services or view the services webpages for connection information (https://answers.uillinois.edu/illinois/page.php?id=49222).
  4. For computing equipment containing high-risk classified data, contact the Office of the CIO’s Office of Privacy and Information Security (http://techservices.illinois.edu/security/) for applicable standards and prerequisites for connection. The connected equipment will need to undergo an evaluation and assessment for compliance with the applicable standards established to ensure that the risk to the University is minimized and acceptable.
  5. For wireless connections, IllinoisNet announces the SSIDs “IllinoisNet” and “IllinoisNet_Guest” for access. Detailed instructions for setup and configuration are available at the Technology Services website (https://answers.uillinois.edu/illinois/page.php?id=90275).
  6. For people operating a wireless access point or personal hotspot on campus, such operation carries a responsibility not to generate harmful interference that adversely affects other wireless users. In general, personal hotspots should not be operated in other than greenspace areas where IllinoisNet wireless coverage is unavailable. People operating such equipment may be required to cease operation if it is determined by Technology Services that such operation is causing harmful interference. In no case shall an operator of a wireless access point announce SSIDs currently in use on IllinoisNet.
  7. For analog or wire line telephony as may be required for specific uses, information is available in the services pages of the Technology Services website, https://help.uillinois.edu/TDClient/42/UIUC/Requests/ServiceCatalog?CategoryID=79

Procedures Related to Removal of Non-Compliant Communications and Networking Equipment

Equipment found to be non-compliant, causing interference, or used for malicious purposes shall be disconnected and removed from IllinoisNet.

  1. IllinoisNet has been ‘hardened’ to prevent the connection of incompatible equipment from causing adverse operational impact on subnets. A part of this hardening is the automatic detection and disabling of switch ports to which such non-compliant or interfering devices are attached.
  2. Upon identification of a problem device, an attempt is made to disconnect and physically remove it from IllinoisNet. In cases where the non-compliant equipment is owned by a faculty member, Technology Services’ networking group works with the departments’ IT staff and with the faculty providing them with alternative approved equipment to achieve the same or better results as that provided by the non-conforming equipment. Technology Services generally attempts to retain the non-conforming equipment. For equipment purchased under sponsored funds, Technology Services works with the Principle Investigator with regard to disposition. Technology Services relies on departmental IT staff to remove and dispose of most equipment, although, if asked, Technology Services will assist in the proper disposal. Proper disposal refers to managing the assets and making sure that the non-conforming devices do not re-enter the system.
  3. Where departments attach non-conforming equipment, Technology Services will remove the equipment and maintain custody. Technology Services will initiate a unilateral transfer of inventory with the Office of Business and Financial Services property management to transfer custody from the owning department to Technology Services.
  4. If the equipment is non-conforming and cannot be made conforming, it will be surplused. Such equipment is immediately transferred to the State of Illinois Central Management Services as surplus under the State Property Control Act. This prevents the non-conforming equipment from re-entering the environment.
  5. When student, faculty, or staff attach small personal or non-inventoried non-conforming and interfering network devices to the network, these devices will be removed upon discovery. For faculty and staff devices, departmental IT will be informed and shall be responsible for removal and disposition. For students, devices will be disconnected and returned to students. If the student persists in attaching the equipment, the Dean of Students will be notified and other measures employed.

Exceptions

The following exceptions to this policy include:

  1. Specific computing and communications equipment employed as a part of a research effort under established guidelines. Prior consultation with Technology Services is advised so as to insure that the proposed installation does not adversely affect other users.
  2. Door access system, HVAC or other utility automation system, or other systems utilizing ZigBee (IEEE 802.15.4) protocols.
  3. Power distribution and switchgear monitoring and control networks installed and operating independently of IllinoisNet.

Contact

General: Technology Services Help Desk
consult@illinois.edu
(217) 244-7000
IT-Pros: net-trouble@illinois.edu
(217) 333-1000