Network Security Standard (2009)
The Network Security Standard provides measures to prevent, detect, and correct network compromises. The standard is based on both new practices and best practices currently in use at RIT. The new standard is effective on August 1, 2009.
What's New in 2009?
Here are some of the changes for 2009. Please consult the checklist or the standard for a complete list.
- Network devices require a trespassing banner where available
- Prohibited protocols include LDAP without use of SSLv3 or TLS, FTP, telnet, remote host protocols, SSHv1, SSLv1, SSLv2
- Management approval is part of change control process
- All manufacturers' default passwords must be disabled or changed
- ISO Vulnerability Scanning
- All devices must have corresponding IP and MAC addresses registered in a centralized registration system
Who does it apply to?
All systems or network administrators managing devices that:
- Connect to the centrally-managed Institute network infrastructure
- Process RIT Confidential or RIT Operationally Critical information
Currently, personal network devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. The use of wireless routers is prohibited in residential areas on campus. The use of wired routers is still acceptable; however, you must read and comply with the Resnet guide to Using a Router on the RIT Network prior to deployment.
See our Wireless and Personal Networking page for information on how to use wireless networks at RIT and how to set up and use a wireless network at home.
What do I need to do?
Use the Network Security Checklist to set up your networking device.
Check the Systems Administrators Resource page to find tools and additional information.
Protocols Prohibited for Network Management
The following protocols are prohibited for network management:
- LDAP w/o use of SSLv3 or TLS
- FTP
- Telnet
- Remote host protocols
- SSHv1, SSLv1, SSLv2
Approved Encryption Methods
Under Development.
Network Trespassing Banner
See the login/trespassing banner on the Systems Administrators Resource Page.
Network Security Standard
Because of the technical nature of this standard and its audience, we have not created a Plain English Guide.
- Network Security Standard (eff. 8/1/09)
- Network Security Checklist (eff. 8/1/09)
- Network Security Standard (previous version) (eff. 12/1/06)
- Network Security Checklist (previous version) (eff. 10/17/07)

