Middlebury

Network Policies

Residential Network

Students may connect one or more computers to the campus wired network from their residence hall room directly to provided network jacks. However, network fan-out devices, such as "hubs," or “switches” to allow students to connect more than one computer/device to a single network jack, are prohibited without permission from ITS. They can cause serious malfunction of the local network in certain residence halls. Discovery of an unauthorized network hub may result in the disconnection of the student's network jack. Where possible, ITS will activate a second network jack to accommodate students who have more than one computer.

Students may also connect computers, tablets, smart phones and other mobile computing devices to the College wireless network.

No student computer may be configured as a router. Students wishing to configure their machines as servers, have fixed IP addresses, or run other operating system software than the conventional Microsoft Windows or Macintosh network client systems must first consult with ITS staff. Incorrectly configured machines can cause serious disruptions of the campus network.

Home networking devices, such as DSL or cable-modem devices, home routers, wireless routers and wireless access points, etc., can cause serious disruption of campus network services. The default, "out of the box" configurations of many of these are such that, if connected directly into the campus network, they can disable network access for an entire subnet. No such device may be connected to the campus network without prior consultation and approval of ITS network management staff. Discovery of unauthorized devices may result in immediate disconnection of network service. If a device is found to be disrupting network services, it will immediately be disconnected from the network while ITS staff members attempt to contact the owner.

Students may NOT register their own domain names with commercial Internet domain registration service providers pointing to computers on the College network. Network services to a student room will be terminated if such activity is discovered.

Communications Infrastructure Maintenance

Improperly configured or malfunctioning computer or communication equipment can seriously degrade the operation of the College's communication networks. It may be necessary for ITS personnel to enter a student room to confirm the location of such a device, and, if necessary, disconnect it from the network until the situation can be resolved. ITS will attempt to contact the student before entering the room, but time-critical situations, where significant network services are impacted, may require entry without prior approval. Students' computers will not be touched without their prior consent; room entry will be only for the purpose of confirming that the misbehaving computer has been properly identified. For the protection of the student, the Department of Public Safety and/or the Commons office will be notified if entry is made without prior approval. Any temporary disconnection will be made in the network equipment closet, without directly handling students' property.

If students request assistance from ITS to repair a problem with their network connection, they may give ITS permission to enter the room and disconnect equipment for testing and troubleshooting in their absence.

Similarly, telephone services personnel may enter student rooms in the residents' absence to effect repairs to voice telephone equipment or infrastructure.

Network Security Policy

In order to maintain the best possible computing environment for students and faculty, as well as to maintain the stability of the Middlebury College computer network, Information Technology Services (ITS) expects members of the College community to abide by policies and procedures regarding the use of computing resources on campus and the interaction between on-campus resources and the outside world. Although the Internet is a useful tool, malicious users and software programs from outside the College's computer network may negatively affect the experience of network users if not actively dissuaded.

Peer-to-Peer (P2P) traffic is one medium to exchange information over the network. Priority is given to academic and administrative non-P2P traffic both leaving and entering the college's network. Otherwise, P2P traffic would easily consume the college's Internet bandwidth.

Viruses and worms, if allowed on the network, can cause considerable computer system damage and downtime. Attachments of all electronic mail sent through the Middlebury network are scanned automatically by anti-virus programs for malicious content and blocked when found to be infected. To protect the network from the automatic proliferation of worms, all student, faculty, and staff computers must be correctly patched and protected from common threats, as described in the Responsible Use of Computing and Network Service and Facilities section of the College Handbook.

ITS reserves the right to block all traffic and services deemed malicious, through the use of firewall rule sets or intrusion prevention systems that protect Middlebury's computing resources from the Internet. Firewall policies will not affect or impair the use of the College network, Internet, or off-campus resources by most users. Students, faculty, and staff with systems that require Internet access beyond that granted by our standard rules must submit those systems to a full security review by appropriate ITS personnel. Such systems and any unfiltered systems will also be subject to additional reviews required by ITS. Privileges will be removed from any systems unable to pass a review. Such systems may, by decision of ITS, be restricted from internal network services or protection for the duration of their outside exposure.

With new attacks and vulnerabilities commonly discovered in a wide range of systems, ITS cannot predict what malicious network use may surface. To defend our community against new or emerging network security threats, ITS reserves the right to respond immediately by imposing network restrictions upon any computer system at the College without prior notice.

Standards for Remote Access

Before accessing Middlebury College's network remotely,  using a Virtual Private Network (VPN) connection, users must ensure that the computer they are using to connect to the Middlebury network is clean of all spyware, malware and viruses, whose existence can be the most direct way of compromising network security and passwords. If spyware, malware or viruses are seen emanating from a computer that is remotely connected, the user's account will be locked until the password is changed and the user's remote access permissions will be revoked until their computer is serviced.

Automated network management and remediation

The campus network employs an automated network management system that forces all unregistered network devices (computers, game consoles – anything that plugs into the network) into a private portion of the campus network. In order to gain access to the College's servers and the Internet, all users must first register their computers (or network aware devices). Part of the registration process involves automatically scanning the user's computer for potential virus risks that could threaten the campus network and other computers on the network; while this scan is passive (and requires no user interaction), if a vulnerability is found, the computer will be automatically placed in a quarantined portion of the network until remediation of the vulnerability occurs. Registered computers are automatically scanned periodically for new vulnerabilities as they are released and, as such, users' computers may be placed in quarantine until appropriate patches are applied.

If a computer is found exhibiting viral or malicious activity it will be placed in an area of the network where it poses no threat to other computers on the network. While ITS network management staff does not inspect data directly, we do employ automated measures to look for signatures of malicious activity that might pose a threat to the campus network and others.

Telephone Services

Telephone Services provides all voice services to the College. Faculty and staff are offered local and long distance service and voice mail boxes. Students residing on campus are offered telephone service and voice mail upon request.

Please consult the Telephone Services webpages for service descriptions, how-to guides for the telephone and voice mail systems, prepaid long-distance services for students, and sources for additional information.