CENTRE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICES

Draft Network Connection Policy

Most core activities at The Malawi Polytechnic rely heavily upon its IT network, including: teaching, research, administration, HR and Finance functions, access control and CCTV. It is, as a consequence, essential that the stability, integrity and security of the network are safeguarded for use by all members of the institution community.

Purpose

This policy will assist in ensuring the availability of an effective, highly available network. It provides formal responsibilities for taking measures against devices that threaten the stability, integrity and security of LSE's network. It will facilitate the rapid tracking down and resolution of problems related to the Malawi Polytechnic network connected devices by ICT Directorate..

Scope

All devices connected to The Malawi Polytechnic IT network

Responsibilities

ICT Directorate is responsible for:

  • Authorising the investigation or disconnection of any system or device threatening the stability, integrity or security of the network.
  • Requesting the investigation or disconnection of any system or device threatening the stability, integrity or security of the network.
  • Organising penetration tests and vulnerability scanning. 
  • Disabling and re-enabling devices or equipment network access as appropriate.
  • Blocking and unblocking inbound and outbound network traffic as appropriate.
  • Throttling available network bandwidth to systems, services, applications, devices and network segments.
  • Investigating as required any system or device as governed by any applicable procedures or other policies.
  • Explicit approving of distribution layer connections performed by other individuals, teams or organisations.
  • Investigating as required any system or device as governed by any applicable procedures or other policies.

System and device owners are responsible for:


Maintaining system integrity, updating Operating Systems and applications with security and other critical patches, ensuring appropriate access to systems using 'least privilege' and 'need to know' principles, reporting any issues to IMT.

 The Policy

Network addresses

All network addresses, including IP addresses and DNS Names, will be allocated and administered by The ICT Directorate. This means only the directorate is responsible for removing any allocated IP addresses and DNS Names

 Physical connections to The Malawi Polytechnic network

Physical connections to the institution network edge switches or backbone may be made only by the ICT Directorate or otherwise with the explicit permission of the Directorate Network team. No extensions or modifications to the physical infrastructure of the institution network, including wireless, may otherwise be made. This includes the addition of:

         network switches

         hubs

         wireless access points

         router devices

         cabling other than connecting a patch cable to a provided network wall socket.

 Control of LSE network infrastructure and bandwidth

  • All network infrastructure equipment or network wiring at The Malawi Polytechnic will be managed and controlled by the ICT Directorate.
  • The ICT Directorate may, on behalf of the School, restrict excessive use of network bandwidth by any system or service.

Third Party Equipment

Third parties may be permitted to connect devices to the Network to provide services to The Malawi Polytechnic and its users following due consultation with the ICT Directorate in order to assess the consequences for the School’s Network and its security.

Systems threatening the stability, integrity and security of the network

In the event where The Malawi Polytechnic ICT Directorate has discovered or otherwise been informed that a system on the network is threatening the stability, integrity or security of the network, or has otherwise been compromised, hacked, is sending out malicious traffic or is the source of SPAM or other issues that affect the stability, integrity or security of the institution network, the ICT Directorate has the right to:

  • gain access to and inspect the configuration of devices or equipment
  • take remedial actions as necessary
  • remove from the network any devices or equipment that it believes could be the source of the problem, or otherwise block inbound and outbound traffic, as appropriate.
  • disable as necessary any part of the network in order to remove the source of the problem

Whilst every effort will be made to contact the system owner, Head of Department and/or other appropriate persons, this may not always be possible. All services will be reconnected at the first opportunity after the problem has been remediated.

 Penetration tests

To proactively protect the security and operation of the network and the systems thereon, IMT may carry out both manual and automated systematic vulnerability scans and penetration tests on computer systems connected to the School network. Best efforts will be undertaken to minimize any disruption, and any unavoidable or unrecoverable damage will be investigated.