This network access Procedure facilitates protection of sensitive and private information including but not limited to computer account numbers, passwords, student, faculty and staff identification information, credit card information, federal and state protected information, etc.
This Procedure covers all data communication devices (e.g., hosts, personal computers, PDAs, etc.) connected to any of Appalachian State University's internal networks.
Note: At this time Instant Messaging (IM) is not covered by this poicy.
This Procedure prohibits Untrusted Network access to Appalachian State University Trusted Networks via unsecured Clear Text Access mechanisms such as Telnet, FTP and regular HTTP web logins. To comply with this Procedure, access to Appalachian State University's Trusted Networks must maintain secure encrypted client connectivity.
- Secure access methods such as SSH, SCP and HTTPS should be used when sensitive data is transferred between network devices.
- VPNs must be used when accessing Trusted Devices from Untrusted Networks (See VPN Procedure).
- Telnet access initiated from the Internet will not be allowed.
- FTP access will be limited to anonymous or will be severly scrutinized.
Anyone found to have violated this Procedure may have their network access privileges temporarily or permanently revoked.
Clear Text Access
Any computer access method that transmits non-encrypted (clear text) data.
A secure application that performs the same basic function as FTP.
A secure application that performs the same basic function as Telnet.
A device connected to the on campus network that has been registered for Network use by or for a staff or faculty member using their University Computer User Account. Or devices located in special ITS managed subnets.
Appalachian State University Staff, Faculty, or Third party contractors who have executed a Third Party Connection Agreement.
All devices registered as default faculty and staff administered and other devices registered in special Trusted VLANs such as Special Purpose and University Administrative subnets.
All devices that do not fit the Trusted Network definition, including but not limited to Internet devices.
Virtual Private Network, a way to extend the corporate/production (trusted) network using authentication and encryption.