Network Services

The following statements express many of the fundamental principles governing the day-to-day operation and configuration of the TAMU-CC NETWORK as managed by Information Technology Services-Network Services.

These principles are followed so as to maintain the smooth and reliable operation of the TAMU-CC NETWORK through careful adherence to widely recognized industry-standard approaches and as required by Texas and Federal law, Texas Administrative Code Chapter 201(TAC201), other portions of TAC, Texas A&M System policies, and Texas A&M-Corpus Christi rules. Network configuration and management at the school or departmental level must be performed in conformance with these principles.

This document is an articulation of general operational principles. It is not intended to be a checklist for operations. It is intended to provide broad-based guidance for all that manage network-attached devices. For those who support a departmental system, if a topic of interest is not mentioned explicitly below, the Network Services Department should be consulted.

In keeping with the hierarchy of network administration and connectivity established by the Texas A&M System and administered by the Texas A&M System Wide Area Network management team, the Texas A&M University-Corpus Christi (TAMU-CC) network (LAN) is administered as a top down system. That is, just as TAMU-CC NETWORK is responsible for connecting to the TAMUS WAN and correcting connectivity issues, TAMU-CC departmental systems are responsible for connecting to the TAMU-CC NETWORK and correcting connectivity issues associated with that connectivity. Though the responsibility for network connectivity always lies with the subordinate network starting with the commercial Internet, connectivity ought to be approached as a team effort. TAMU-CC NETWORK should strive to coordinate changes in such a manner as to minimize effects on attached networks.

Such devices can be used to manipulate the network, impact connectivity at large and damage individual machines. Any such activity detected on the TAMU-CC NETWORK will be considered a security breach warranting investigation and possible revocation of network privileges during the investigation.

The TAMU-CC NETWORK is a hybrid optical fiber star wired network building to center and most risers. Daisy chaining is avoided so as to provide maximum operational flexibility and to minimize VLAN failure and security breech impact on the total network.

The TAMU-CC NETWORK, being a multiprotocol routed network, supports the TCP/IP protocol suite; however, non-routable protocols such as NetBEUI (used by Windows NT/95/98 for Microsoft Networking) pose significant scalability problems by not properly functioning on a routed network. Hence they are not supported for communications across the TAMU-CC NETWORK.

The TAMU-CC NETWORK supports the IETF/Internet host-naming scheme called the Domain Name Service (DNS). Due to significant incompatibilities with this standard, the Microsoft naming scheme, WINS, is not supported.

The Network Services runs redundant BOOTP, DHCP and DNS servers on behalf of the TAMU-CC NETWORK. These servers ensure the uninterrupted and reliable assignment and registration of IP addresses for all hosts on the TAMU-CC NETWORK. Individual departments may not run such servers of their own. The Network Services sets the standards for all network services in DNS services and servers.

FTP or web servers for the intention of distributing copyrighted or pirated software on the TAMU-CC NETWORK or the Internet are illegal and not permitted on the TAMU-CC NETWORK. Any group wishing to establish an FTP or web server for distribution of large amounts of data should contact Network Services for guidance. Such activity impacts traffic flows on the network and has a direct impact on performance of the TAMU-CC NETWORK at large.

High-bandwidth projects or activities, including streaming video and videoconferencing should also be conducted in coordination with the Network Services.

General purpose application software that could be supported as University standards such as file sharing and e-mail systems (Novell, NT, Lotus Notes, Groupwise, Outlook, etc) are always open to review by appropriate University Councils as to which ones might be recommended as the supported software system. As required, network standards, protocols, and other operational requirements will conform to the requirements of the standard software. Sub-systems and departmental nets will need to configure their systems to accommodate as required.

All TAMU-CC NETWORK expansion including, but is not limited to, addition of active data net-attached lines, hubs, switches, wireless access devices, or extenders, must be approved by the Assistant Vice President for Technology. Such installations e. This is especially pertinent when a scan may cause some irregularity in system or network performance. In reality, however, most scans are performed non-intrusively, so that while they may cause events to be logged on systems that support event logging, they are not destructive or harmful. Scans of this nature may or may not be announced in advance, depending on circumstances. Additionally, scans are routinely run to conduct an inventory of devices that are attached to the TAMU-CC NETWORK, and to make note of services offered by systems on the network. This allows Network Services to efficiently detect when machines are running outdated or vulnerable versions of software (such as sendmail) that might represent security risks. It also allows Network Services to identify systems that are running inappropriate services (such as desktop computers offering Domain Name Service), or that are not properly registered with Network Services. In the course of a scan, conditions can arise with systems and configurations, which can result in momentary disruptions of service. These may result in distress or panic in system operators, administrators and users who are unaware of these scans. As a matter of policy, it is important that potentially affected parties be aware of the nature and purpose of the security scans.

Both the Texas A&M WAN and the TAMU-CC network are protected by hardware and software based firewalls. The TAMU-CC network (LAN) is divided into three parts: firewalled, DMZ, and no firewall. Departmental servers may be placed in any of the areas. Servers placed on the DMZ or outside the firewall must meet all State of Texas, Texas A&M System, and TAMU-CC security requirements and it is the responsibility of the department manager to assure compliance. The State, TAMUS, and TAMU-CC will conduct unannounced scans to assure compliance.

Wiring infrastructure is provided to allow machine and server placement either in or out of the firewall system. Conduits into the firewall area of the TAMU-CC network will only be allowed after exhaustive testing to assure compliance with all security requirements and with senior management approval.

E-mail relaying, which is the transmission of mail transparently between networked systems that run mail daemons, is a necessity in the cooperative world of the Internet. Such cooperation and interoperation are what allow mail of various origins to be delivered to arbitrary hosts that often consist of unknown hardware and software, and allow arbitrary mail readers to open and process the mail. One flaw in mail relaying is that it can be misused for malicious, unsavory, unethical, or illegal purposes. Delivery of unsolicited commercial e-mail (UCE), or SPAM is prohibited.

TAMU-CC provides Web and FTP servers for use by students, staff and faculty as well as central web site. Consequently, many opportunities exist for individuals or departments to "publish" information for global conse, and is a violation of federal law governing copyright. If you are serving any data, in any medium, that is not your own intellectual property, and is protected by copyright, you must either obtain the permission of the owner of the material, or you must remove the copyrighted material from distribution immediately.

In order to ensure the TAMU-CC NETWORK availability is sufficient for TAMU-CC work, the University has been forced to take steps to restrict traffic related to certain recreational uses such as gaming and to an outside service that enables distribution of music files, streaming video, or audio over the Internet. This is in violation of the policy prohibiting the installation of servers on the TAMU-CC NETWORK. Any file sharing and file scanning software (eg. P-2-P software) creates significant risks of compromise to your computer and your privacy, as well as to other computers on the TAMU-CC NETWORK. There is no way to tell what malicious functions may be performed by the software you automatically download or what modifications may have been made to the files themselves

It is the responsibility of all network and applications managers to comply with appropriate State of Texas laws, rules, and procedures. This applies to, but is not limited to, purchasing and operation of IT, Department of Information Resources rules, and Texas Administrative Code (e.g. TAC 202).