Responsible University Official:

Executive Vice President & Treasurer

Responsible Office: Information
Systems and Services
Origination Date: June 4, 2003

NETWORK USAGE POLICY

Policy Statement
All IT computing resource users are expected to comply with this policy. In addition, this policy
and the use of computing and network services provided by the campus shall comply with all
applicable State and Federal laws, as well as existing university policies, such as the Code of
Conduct for Users of Computing Systems and Services. This policy does not override protections
offered and procedures specified in the Faculty Code. Violations of this Network Usage Policy
can lead to revocation of system privileges and disciplinary action up to and including dismissal
or expulsion.

Reason for Policy/Purpose

The purpose of this policy is to address the role and authority of the Information Systems and
Services (ISS) department in the management of the University’s data network and computing
systems that utilize the data network.

Who Needs to Know This Policy

All faculty, staff, students, contractors, consultants, temporaries, as well as those who represent
themselves as being connected, in one way or another, with the University, who make use of
University computing and/or information technology (IT) resources need to be familiar with this
policy.

Table of Contents
Policy Statement ................................................................................................................ 1
Reason for Policy/Purpose ............................................................................................... 1
Who Needs to Know This Policy...................................................................................... 1
Policy .................................................................................................................................. 2
Involved Systems ............................................................................................................ 2
Information Systems and Services Authority ................................................................. 2
Network Design .............................................................................................................. 2
Protocols ......................................................................................................................... 3
Domain Name Standards (DNS)..................................................................................... 3
Virtual Private Network Usage....................................................................................... 3
 Wireless Network Usage................................................................................................. 4
Network Security ............................................................................................................ 4
Administrator Responsibilities.................................................................................... 4
User Responsibilities .................................................................................................. 4
Network Security Violations....................................................................................... 5
Management of Security Violations ........................................................................... 5
Funding Model................................................................................................................ 6
Procedures ......................................................................................................................... 6
Website Address for This Policy...................................................................................... 6
Contacts/Responsibilities.................................................................................................. 6
Definitions .......................................................................................................................... 6
Related Information.......................................................................................................... 8
Who Approved This Policy .............................................................................................. 8
History/Revision Dates ..................................................................................................... 8

Policy

Involved Systems
The University network is broadly defined to include the campus computer and data
communications infrastructure, independent of ownership. It includes the campus backbone and
local area networks, the Virtual Private Network, all Wireless Networks and all equipment
connected to those networks that are managed by University Information Systems and Services
(ISS) personnel, and all computers in the GWU.EDU address domain or any other domains
administered by Information Systems and Services or any equipment managed by other
departments and schools.
This policy applies to all computer and network systems owned by and/or administered by the
University. Similarly, this policy applies to all platforms (operating systems), all computer sizes
(personal computers to mainframes), and all application systems (whether developed in-house or
purchased from third parties).

Information Systems and Services Authority

ISS is responsible for the design, operation and management of the computing and network
communications services provided at the campus level. Responsibilities include the selection,
purchase, setup and maintenance of all network equipment, the choice of protocols supported by
the network, and the definition of campus standards necessary for efficient operation of the
network or for the security of transmitted, stored and processed data and networked computers or
other equipment.

Network Design
Information Systems and Services has sole authority to purchase network equipment and to build
and maintain the University’s network infrastructure, except where ISS has delegated specific
authority to a local network administrator for an area of the University. All systems and
equipment connected to the network must be approved by ISS, including but not limited to
switches, hubs, routers and wireless devices. (See appendix for more information.)

2
Protocols
ISS shall dictate the protocols and services present on the University’s network. At the present
time the campus backbone universally supports the IP protocol. The University primarily uses
Dynamic Host Control Protocol (DHCP) to dynamically assign IP addresses to workstations as
needed. In addition, Information Systems and Services shall determine the specific routes that
network traffic will take across the University. (See the Procedures section for instructions on
how to make a DHCP request.)
IP addresses shall not be assigned from within the University IP address space for individuals or
organizations that are not affiliated with The George Washington University. In requesting an IP
address, each requesting person, organization, or service agrees to abide by all applicable
University policies and agrees not to give access to the University networks (through their
connected machine) to others who are not affiliated with the University.

Domain Name Standards (DNS)

Only ISS-approved domains may be operated within the University network address space.
According to the University’s DNS Standards (refer to http://dns.gwu.edu for a detailed version
of these standards), all services that are provided by members of the University Community as
part of their official functions and as part of the mission of the institution will be registered within
the “gwu.edu” domain. All services provided by members of the University Community that are
not part of their official functions as members of the community or as part of the mission of the
institution, will be registered outside the gwu.edu or the gwumc.edu domain. Domain names
outside gwu.edu will not be allowed on the University network (within the 128.164.x.x or the
161.253.x.x IP address ranges). Very rare exceptions may exist with approval from the CIO.

Virtual Private Network Usage

In addition to abiding by the various rules and conditions stated elsewhere in this Network policy,
employees of the University may use the Virtual Private Network (VPN) under the following
stipulations. ISS shall limit access to the VPN to individuals who have a justifiable
administrative, business, academic or research need to access University-owned systems from a
remote or wireless location. VPN users who require privileged access to administrative
University systems must receive written approval from their department head before access to the
VPN service will be granted. VPN users must use the VPN client in accordance with all
University policies. In addition, they must use the standardized VPN client offered by ISS and
may not reconfigure the VPN client. They must not allow others who have not received written
permission from their department head or other University-authorized official to use the VPN
client. Finally, anyone using the VPN client must maintain all of the workstation security
measures as defined in the section below, under User Responsibilities.
Upon graduation or termination of employment with the University, all VPN users must uninstall
the VPN client and return all University equipment, if applicable. Accessing any system via VPN
after termination is a violation of federal law if the user no longer has permission to access
University-owned systems. VPN user accounts will be deleted after 90 consecutive calendar days
of inactivity. The VPN user’s department head must again provided written permission for the
user’s account to be reinstated.

3
Wireless Network Usage
The University Wireless Network utilizes the VPN client to authenticate users. ISS requires that
Wireless Network users maintain the workstation security measures as defined in the section
below, under User Responsibilities.

Network Security
ISS is responsible for monitoring the University’s network and will act accordingly to protect
University data, other electronic assets or quality of service. Because of the interconnections
provided by the network, a security violation on one machine can threaten security of other
systems on the network. Policies in this section describe the steps that will be taken in response to
security threats. They also describe circumstances when data normally considered private could
be collected and examined by an individual managing a LAN, server, or system.
Designated personnel within the Information Security Office may conduct scans against
Uinversity owned network segments, hosts, and systems connected to the University network.
The security threat increases in relation to remote access (through the VPN) and wireless access.
Thus, all wireless and VPN connections and transmissions are logged and subject to scanning by
ISS-approved officials.

Administrator Responsibilities
The administrator of a server on a University network-connected computer is responsible for the
security of that system. The system administrator must monitor and log accesses and keep other
system logs that could be useful in establishing the identities and actions of people, programs and
processes who use the system to breach network or system security. All servers that provide
access to the University network or Internet services must require user authentication in order to
restrict access.
Units that operate publicly accessible computers connected to the University network must
implement safeguards against network abuse appropriate to the network access available to users
of those systems. Data that is considered Confidential or Strictly Confidential, as defined by the
Data Classification Policy, must not be publicly accessible. Administrators of these systems are
responsible to reasonably secure these systems so as to reduce the threat to the University as a
whole.
The owner of a private system (e.g. a desktop system in a faculty member's office) that is
connected to the University network is responsible for ensuring that unauthorized individuals do
not use the system.
Network data transmissions are not secure. Sensitive data should either be encrypted separately
before transmission or a secure network transmission protocol, which provides encryption
automatically, should be used.

User Responsibilities
Each University department that makes use of IT computing equipment connected to the
University network is individually responsible for keeping its workstations secure. At a
minimum, proper security measures include having a current version of anti-virus software
installed and running an operating system that has been recently updated and patched. Some
brand of personal firewall is also recommended. Departments with users of the University’s
Virtual Private Network (VPN) or Wireless Network must implement all three of these security
measures (updated versions of anti-virus, operating system, and a personal firewall).
Departments may elect to require individual users to be responsible for their own machines or to
hire a Local Support Partner (LSP) or other technical support person to assist in fulfilling these
requirements.

4
Network Security Violations
This section details some of the various actions that are a violation of this Network Usage Policy.
However, this is by no means an exhaustive list of those actions to which ISS would respond.

Routing Between Networks

Information Systems and Services is responsible for the University network infrastructure. Thus
only ISS may configure systems to route network traffic between the University and a non-
University network. When there is benefit to the University and when other conditions are met,
units can arrange for Information Systems and Services to provide such services.

Quality of Service Degradation

ISS prohibits any use of the University network that degrades service by consuming resources,
such that the academic mission of the University is impeded. Exceptional measures such as
suspension of accounts or lowering the service priority of the offending application may be taken
if needed to protect the quality of service to others.

Theft of IP Addresses
Use of a static IP address not authorized by the DHCP unit or an authorized service provider unit
on campus shall be considered theft of said IP address and may result in disconnection and/or
restriction of network access.
The use of intermittent static IP addresses for the purpose of deception is considered a severe
infraction of this policy. Cases involving spoofing will result in a computer security incident case
being filed and escalated for possible disciplinary action, up to and including dismissal.

Illegal use of Network Resources

In situations where there is reasonable evidence that University resources are being used illegally
or contrary to University policy, Information Systems and Services may limit or revoke access to
the campus network, network services or campus computers. For example, systems that allow
unauthorized use of copyrighted materials or licensed software will be disconnected from the
network.
The University network is subject to monitoring by those with delegated authority within ISS.
ISS will pursue any illegal activities that may be discovered with the appropriate disciplinary or
legal authorities and cooperate with law enforcement agencies.

Management of Security Violations

Any security violation that represents a significant misuse of University resources will be brought
to the attention of the appropriate authorities.
In the event that Information Systems and Services judges that a LAN, a network device or an
individual user presents an immediate security risk to the University network equipment,
software, or data, ISS may terminate or restrict network connection without notice.
Attacks on the University network or systems are detected by University network and system
administrators. Severe or ongoing attacks (such as an onslaught of unsolicited mail) may require
that the source of the attack be blocked from the University network. ISS may block a specific
network address, port or application in order to protect the University against attack, or as it
otherwise deems necessary.

5
Funding Model
Campus buildings that are served by the campus fiber distribution system will be connected to the
campus backbone via fiber optic cable. When a building is not served by the campus fiber
distribution system and where it would be cost-prohibitive to install, Information Systems and
Services will use the most cost effective medium available to provide connectivity commensurate
with the volume of network traffic expected.
Some campus units are housed in facilities not reached by the campus telecommunications wiring
plant. Information Systems and Services will work with those units to design network
connections to the University network. In such cases, the unit may be charged with costs in
excess of those required of on-campus units. Due to the high cost of running fiber off campus,
most off-campus connections will be provided over telecommunications circuits, possibly at
much slower speeds than Ethernet.

Procedures

Issue Refer to
DHCP Requests http://dhcp.gwu.edu
DNS Requests http://dns.gwu.edu
Data jack installs / Network access E-mail issorder@gwu.edu
Report a Security Violation E-mail abuse@gwu.edu
General networking problem ISS Help Desk (202) 994-5530, opt 2
Securing your workstation Site in development
Download Anti-Virus Software http://helpdesk.gwu.edu/helpdesk/software

Website Address for This Policy

GW University Policies

Contacts/Responsibilities

Subject Contact Telephone Email Address

Network problems ISS Help Desk (202) 994-5530, opt 2 ithelp@gwu.edu
Data jack installations ISS Order issorder@gwu.edu
DHCP requests DHCP Administrator dhcp@gwu.edu
DNS requests DNS Administrator dns@gwu.edu
General inquiries Director of IT Services (202) 994-0102

Definitions
(All definitions were taken in whole or in part from http://www.whatis.com.)

DHCP Dynamic Host Configuration Protocol (DHCP) is a

communications protocol that lets network administrators
manage centrally and automate the assignment of Internet
Protocol (IP) addresses in an organization's network.

6
DNS The Domain Name System (DNS) translates internet domain
names (www.gwu.edu, e.g.) into the corresponding IP addresses
(128.164.127.251, e.g.) for that site.

Domain A group of network addresses identified by a name.

Firewall A firewall is a set of related programs that protects the resources

of a private network from users from other networks.

IP Address An internet protocol address is a number that uniquely identifies

each sender or receiver of information that is sent across the
Internet.

LAN A local area network (LAN) is a group of computers that share a

common communications line or wireless link and typically
share the resources of a single processor or server within a small
geographic area.

Network A series of devices interconnected by communication paths.

Networks can interconnect with other networks and contain sub-
networks.

Operating System An operating system (OS) is a program that serves as an interface

between a system user and computer hardware that manages all the other
programs in a computer (Windows ME or Mac OS X, e.g.)

Patch A patch is a quick-repair job for a program. Even after a

software product has been formally released, problems (called
bugs) will almost invariably be found. A patch is the immediate
solution that is provided to users; it can often be downloaded
from the software maker's Web site.

Protocol A set of rules used when exchanging information between points

on a network or over the Internet

Scanning An automated process used to determine a system’s weaknesses,

as well as the methods in which and likelihood that these
weaknesses may be exploited

Server A computer program or system that provides services to other

computer programs or systems

Session A series of interactions between two communication end points that

occur during the span of a single connection. The session begins when
the connection is established at both ends and terminates when the
connection is ended.

Spoofing The forging of information used to identify a communication

transmission (an e-mail header, e.g.) so that the message appears to have
originated from someone or somewhere other than the actual source

7
System Computer hardware components that work together and software
components or programs that run in the computer

VPN A virtual private network (VPN) is the use of telecommunication

infrastructure to provide remote offices or individual users with
secure access to their organization's network.

Wireless Wireless is a term used to describe telecommunications in which

electromagnetic waves (rather than some form of wire) carry the
signal over part or all of the communication path.

Wireless Session See session.

Related Information

Code of Conduct for Users of Computing Systems and Services

Security Policy
Data Classification Security Policy

Who Approved This Policy

Louis H. Katz, Executive Vice President and Treasurer

History/Revision Dates

Origination Date: June 4, 2003

Last Amended Date: October 1, 2005

Next Review Date: October 1, 2007