Procedure 7.03.01 - Information Systems Network Security

---

Guidelines

The foundation of network security is based on the premise that all equipment attached to the network adheres to appropriate security procedures. To accomplish this objective, it is necessary that only Southeastern owned, configured, and updated equipment reside on the network. Any non-college owned equipment destined for network connectivity must have institutional approval (president or vice president of administrative services) and its’ configuration approved by the IT department prior to installation. It is also very important to make sure that any college owned equipment that has been connected to another network is free of any malwares (virus, trojan, adware, etc) it may have picked up from the other network. It is essential that employees take the time to scan and clean the equipment with antivirus software BEFORE it is connected back to the campus network.

Perimeter Defense

The first step in preventing network security breaches is to establish traffic patterns that allow information packets to go where they need to go and nowhere else. This process begins at the point where Internet traffic meets the colleges local network (SCCNET) traffic and encompasses three (3) broad strategies.

1. The first line of perimeter defense will be the firewall with next-generation Intrusion Protection System (NGIPS). The firewall will have at a minimum three (3) interfaces: external; internal; and demilitarized zone (DMZ).  All TCP and UDP ports on all interfaces will be closed to inbound traffic unless there is a specific reason for them to be open. Ports needed on intermittent bases will be closed when not in use.
2. The internal line of network defense consists of virtual local area network (VLAN) routing on SCCNET’s core switch. Each functional area of the network will have its own VLAN. Access lists will be written to keep inter-VLAN traffic to an absolute minimum.
3. There is an additional line of internal network defense, which consist of a firewall with Intrusion Prevention System between the administrative server (CIS) and the remainder of the internal network.

Intrusion Prevention   

The second step in preventing network security breaches is intrusions or incident detection.

The IT department uses a combination of tools to monitor the network for abnormal patterns. These abnormal patterns are picked-up from various logs (Firewall, Error, Authentication, etc.),

console screens, graphics, etc. The various monitoring points are defined and checked-off in a monthly document entitled SCCNET Monitoring.

Intrusion Response

The final step is to respond appropriately when there appears to be a security breach. The IT department will follow internal procedures (IS Business Continuity Plan) whenever an intrusion or incident is detected. The procedures will include steps such as:

1. Initializing a potential security breach event
2. Escalate an event to a security breach and assign it identification
3. Coordinate response team
4. Communicate security breach to parties needing to know
5. Contain and eradicate security breach
6. Perform forensic analysis of security breach
7. Eliminate a security breaches means of access and/or related vulnerabilities
8. Return system(s) to normal operation
9. Identify and Implement Security Lessons Learned
10. Create executive summary and file results

Reviewed and Last Updated on October 19, 2020.