Skip to the content

IT and Multimedia Group
Job Desks

Faculty Policies
For:

Faculty of Medicine, Nursing & Health Sciences

Server Policy

Background

Monash University - Network Access Control Policy

A key principle underpinning a high standard of IT Security is that access to computer network resources should be authorised on a 'need to use' basis. Historically, most computers connected to the University network have had full access to almost every other computer on the University network, and most staff computers have had full access to the Internet. The risk of compromise to Monash University computers can be reduced significantly without affecting normal use if the machines are segregated on the network according to their usage requirements.

The Network Access Control Policy defines the roles of Servers, Internet Servers and Client Computers when connected to the University's network and defines permissible communications flows between them

To view policy refer URL: www.adm.monash.edu.au/unisec/pol/itec20.html

Faculty of Medicine, Nursing & Health Sciences - Server Policy

As computer networks continue to evolve and support the University environment, the focus has increasingly shifted from traditional paper-based local on-campus learning, teaching and research, to an emphasis on distance education, electronic storage of data and global dissemination of information.

As a consequence, the need to protect our electronic infrastructure and resources has become a critical IT issue.

To accommodate the new environment, the University has introduced IT security policy changes which mean that the IP subnets of the University (defined as client subnets), will no longer directly allow incoming internet/intranet traffic unless exemption is granted, in writing, by Manager IT & Multimedia, in consultation with ITS Division.

Under this policy exemptions granted may be removed at any time, and without prior notice, if a server is deemed not to be secure. This decision is the responsibility of the Manager IT & Multimedia.

Aligning the Faculty of Medicine, Nursing & Health Sciences with the University Network Access Control, means that we are implementing a policy which prevents client PC's and unauthorised servers direct access to the internet unless they are approved by the Faculty's Manager, IT and Multimedia. To be approved, servers must be housed in the Faculty's secure environment.

Basic Server Standards

For the purpose of this policy, a Server is defined as "A computer that houses data that is accessed using a network." The Faculty, as part of its compliance with the IT Security Policy, has set the following minimum standards of care for a server you must have in place plans, procedures and documentation for the following server maintenance including, but not limited to:

  • Software Updates.
  • Testing of Fault Tolerance eg. UPS, etc.
  • Backups of Data, including testing of backups.
  • Supply business hour and out of hour contacts.

In addition, where any personal or health records information is stored, you must have in place plans, procedures and documentation for the following:

  • Logging and Monitoring of Server access attempts.
  • Compliance with applicable record retention requirements.

Internet Access

The following objectives must all be met for all servers that are allowed Internet access, in addition to the above objectives for General Servers.

  • Servers must be under the control of IT & Multimedia (ITM).
  • Servers must be housed in an environment deemed to be secure by ITM.

(A secure environment takes both physical and network perspectives into account)

Applications to have servers approved for access to this subnet may be raised through jobdesk, http://jobdesk.med.monash.edu.au/, select the IT Service and Support jobdesk. Conditions of the policy must be met before access will be granted.

Applications may be submitted for by groups who have sites situated off campus where network connectivity is deemed to be sub-standard, or, by research groups who need access to collaborative computing environments. These sites will be closely monitored by ITM and ITS Division Security Group.

There are currently servers in this Faculty that have been granted access to the server subnet. These servers reside off-campus where network connectivity is deemed to be sub-standard, these sites are closely monitored. Access to the server subnet that have been granted may be removed at any time without prior notice if server in question is deemed not to be secure or has been compromised.

Mick Foy,
Manager IT & Multimedia.
Faculty of Medicine Nursing and Health Sciences
1st August 2003