Residential Network

Students may connect one or more computers to the campus wired network from their residence hall room directly to provided network jacks. However, network fan-out devices, such as “hubs,” or “switches” to allow students to connect more than one computer/device to a single network jack, are prohibited without permission from ITS. They can cause serious malfunction of the local network in certain residence halls. Discovery of an unauthorized network hub may result in the disconnection of the student’s network jack. Where possible, ITS will activate a second network jack to accommodate students who have more than one computer.

Students may also connect computers, tablets, smart phones and other mobile computing devices to the College wireless network.

No student computer may be configured as a router. Students wishing to configure their machines as servers, have fixed IP addresses, or run other operating system software than the conventional Microsoft Windows or Macintosh network client systems must first consult with ITS staff. Incorrectly configured machines can cause serious disruptions of the campus network.

Home networking devices, such as DSL or cable-modem devices, home routers, wireless routers and wireless access points, etc., can cause serious disruption of campus network services. The default, “out of the box” configurations of many of these are such that, if connected directly into the campus network, they can disable network access for an entire subnet. No such device may be connected to the campus network without prior consultation and approval of ITS network management staff. Discovery of unauthorized devices may result in immediate disconnection of network service. If a device is found to be disrupting network services, it will immediately be disconnected from the network while ITS staff members attempt to contact the owner.

Students may NOT register their own domain names with commercial Internet domain registration service providers pointing to computers on the College network. Network services to a student room will be terminated if such activity is discovered.

Communications Infrastructure Maintenance

Improperly configured or malfunctioning computer or communication equipment can seriously degrade the operation of the College’s communication networks. It may be necessary for ITS personnel to enter a student room to confirm the location of such a device, and, if necessary, disconnect it from the network until the situation can be resolved. ITS will attempt to contact the student before entering the room, but time-critical situations, where significant network services are impacted, may require entry without prior approval. Students’ computers will not be touched without their prior consent; room entry will be only for the purpose of confirming that the misbehaving computer has been properly identified. For the protection of the student, the Department of Public Safety and/or the Commons office will be notified if entry is made without prior approval. Any temporary disconnection will be made in the network equipment closet, without directly handling students’ property.

If students request assistance from ITS to repair a problem with their network connection, they may give ITS permission to enter the room and disconnect equipment for testing and troubleshooting in their absence.

Similarly, telephone services personnel may enter student rooms in the residents’ absence to effect repairs to voice telephone equipment or infrastructure.

Network Security

In order to maintain the best possible computing environment for students and faculty, as well as to maintain the stability of the Middlebury College computer network, Information Technology Services (ITS) expects members of the College community to abide by policies and procedures regarding the use of computing resources on campus and the interaction between on-campus resources and the outside world. Although the Internet is a useful tool, malicious users and software programs from outside the College’s computer network may negatively affect the experience of network users if not actively dissuaded.

Peer-to-Peer (P2P) traffic is one medium to exchange information over the network. Priority is given to academic and administrative non-P2P traffic both leaving and entering the college’s network. Otherwise, P2P traffic would easily consume the college’s Internet bandwidth.

Viruses and worms, if allowed on the network, can cause considerable computer system damage and downtime. Attachments of all electronic mail sent through the Middlebury network are scanned automatically by anti-virus programs for malicious content and blocked when found to be infected. To protect the network from the automatic proliferation of worms, all student, faculty, and staff computers must be correctly patched and protected from common threats, as described in the Responsible Use of Computing and Network Services and Facilities section of the College Handbook.

ITS reserves the right to block all traffic and services deemed malicious, through the use of firewall rule sets or intrusion prevention systems that protect Middlebury’s computing resources from the Internet. Firewall policies will not affect or impair the use of the College network, Internet, or off-campus resources by most users. Students, faculty, and staff with systems that require Internet access beyond that granted by our standard rules must submit those systems to a full security review by appropriate ITS personnel. Such systems and any unfiltered systems will also be subject to additional reviews required by ITS. Privileges will be removed from any systems unable to pass a review. Such systems may, by decision of ITS, be restricted from internal network services or protection for the duration of their outside exposure.

With new attacks and vulnerabilities commonly discovered in a wide range of systems, ITS cannot predict what malicious network use may surface. To defend our community against new or emerging network security threats, ITS reserves the right to respond immediately by imposing network restrictions upon any computer system at the College without prior notice.

Standards for Remote Access

Before accessing Middlebury College’s network remotely,  using a Virtual Private Network (VPN) connection, users must ensure that the computer they are using to connect to the Middlebury network is clean of all spyware, malware and viruses, whose existence can be the most direct way of compromising network security and passwords. If spyware, malware or viruses are seen emanating from a computer that is remotely connected, the user’s account will be locked until the password is changed and the user’s remote access permissions will be revoked until their computer is serviced.

Telephone Services

Telephone Services provides all voice services to the College. Faculty and staff are offered local and long distance service and voice mail boxes. Students residing on campus are offered telephone service and voice mail upon request.

Please consult the Telephone Services webpages for service descriptions, how-to guides for the telephone and voice mail systems, prepaid long-distance services for students, and sources for additional information.

Network Monitoring

The primary purpose of network monitoring is to ensure the availability, performance and security of Middlebury’s network services. This includes identifying and blocking malicious activity in order to protect the College’s data, systems, and reputation.

Scope

The scope includes all computing systems and network infrastructure owned or managed by Middlebury.

Policy

In order to protect data, designated ITS staff may use network monitoring technologies to log network activity and to scan data moving across the network. These technologies may include anti-virus software, firewalls, intrusion protection and intrusion detection systems, vulnerability management systems, and database and application monitoring systems. This information may be centrally correlated for analysis.

Server logs may be monitored for malicious activity on a routine schedule. Other network traffic may be logged as necessary for troubleshooting and resolution of network issues. Automated scans for unencrypted sensitive data are conducted with findings logged for appropriate management or removal. 

During emergencies (brief and/or prolonged) Middlebury’s network monitoring capabilities may be leveraged to determine the location of connected devices, in accordance with (and subject to) Middlebury handbook standards for privacy. These measures will not ordinarily be utilized to monitor an individual’s location or movements in real-time.

Confidentiality of all information gathered as a result of network monitoring will be maintained at all times.  Access to information obtained through network monitoring will be limited to designated staff and in the event of an investigation, College officials, legal counsel, or law enforcement. This information will be kept in a protected storage area. Events and incidents identified through network security monitoring will be managed in the spirit of the Technology Incident Response Policy.

Any substantive changes to the network monitoring methodology or scope must be approved by the College’s senior management.

Non-Compliance

Any employee who is found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Violation of this policy may also be a violation of the Federal Computer Fraud and Abuse Act.

Information Technology Services
Davis Family Library 202
Middlebury, VT 05753