| Medicine home | About | Future students | Current students | Research | Alumni | Contact us |
| Staff (Intranet) | Staff directory | A-Z index | Site map |
| Medicine home | About | Future students | Current students | Research | Alumni | Contact us |
| Staff (Intranet) | Staff directory | A-Z index | Site map |
|
|
IT and Multimedia GroupFaculty of Medicine, Nursing & Health SciencesServer PolicyBackgroundMonash University - Network Access Control PolicyA key principle underpinning a high standard of IT Security is that access to computer network resources should be authorised on a 'need to use' basis. Historically, most computers connected to the University network have had full access to almost every other computer on the University network, and most staff computers have had full access to the Internet. The risk of compromise to Monash University computers can be reduced significantly without affecting normal use if the machines are segregated on the network according to their usage requirements. The Network Access Control Policy defines the roles of Servers, Internet Servers and Client Computers when connected to the University's network and defines permissible communications flows between them To view policy refer URL: www.adm.monash.edu.au/unisec/pol/itec20.html Faculty of Medicine, Nursing & Health Sciences - Server PolicyAs computer networks continue to evolve and support the University environment, the focus has increasingly shifted from traditional paper-based local on-campus learning, teaching and research, to an emphasis on distance education, electronic storage of data and global dissemination of information. As a consequence, the need to protect our electronic infrastructure and resources has become a critical IT issue. To accommodate the new environment, the University has introduced IT security policy changes which mean that the IP subnets of the University (defined as client subnets), will no longer directly allow incoming internet/intranet traffic unless exemption is granted, in writing, by Manager IT & Multimedia, in consultation with ITS Division. Under this policy exemptions granted may be removed at any time, and without prior notice, if a server is deemed not to be secure. This decision is the responsibility of the Manager IT & Multimedia. Aligning the Faculty of Medicine, Nursing & Health Sciences with the University Network Access Control, means that we are implementing a policy which prevents client PC's and unauthorised servers direct access to the internet unless they are approved by the Faculty's Manager, IT and Multimedia. To be approved, servers must be housed in the Faculty's secure environment. Basic Server StandardsFor the purpose of this policy, a Server is defined as "A computer that houses data that is accessed using a network." The Faculty, as part of its compliance with the IT Security Policy, has set the following minimum standards of care for a server you must have in place plans, procedures and documentation for the following server maintenance including, but not limited to:
In addition, where any personal or health records information is stored, you must have in place plans, procedures and documentation for the following:
Internet AccessThe following objectives must all be met for all servers that are allowed Internet access, in addition to the above objectives for General Servers.
(A secure environment takes both physical and network perspectives into account) Applications to have servers approved for access to this subnet may be raised through jobdesk, http://jobdesk.med.monash.edu.au/, select the IT Service and Support jobdesk. Conditions of the policy must be met before access will be granted. Applications may be submitted for by groups who have sites situated off campus where network connectivity is deemed to be sub-standard, or, by research groups who need access to collaborative computing environments. These sites will be closely monitored by ITM and ITS Division Security Group. There are currently servers in this Faculty that have been granted access to the server subnet. These servers reside off-campus where network connectivity is deemed to be sub-standard, these sites are closely monitored. Access to the server subnet that have been granted may be removed at any time without prior notice if server in question is deemed not to be secure or has been compromised. Mick Foy, |