Terms & Conditions for Use of UCOP Data Network Services

Updated August 15, 2007

Issued August 4, 2005

Table of Contents

• Responsibility for Network Administration

• Network Security and Blocking Policy

• Policies for Network Connection Services

• Network Monitoring Policy

Responsibility for Network Administration
Information Technology Services (ITS) is the sole administrator and maintainer of the UCOP data network. The UCOP data network includes the cabling infrastructure and all interconnecting network devices that provide inter-network connectivity between users and internal resources within UCOP and its Data Center. The UCOP data network also provides basic Internet connectivity for all users.

All uses of the UCOP data network are subject to the UCOP Policy on Acceptable Use of Electronic Information Resources.

Network Security and Blocking Policy
Departments are responsible for ensuring that the devices they attach to the UCOP network conform to the UCOP Electronic Information Security Policy.

ITS is responsible for protecting UCOP's networked resources from security threats. IR&C reserves the right to take immediate action to mitigate any threats that may pose a serious risk to UCOP information resources attached to the UCOP network or to the Internet:

• If a threat is deemed serious, any device(s) posing the threat will be blocked or otherwise disconnected from network access.

• If a serious threat is immediate, the offending device(s) will be blocked immediately; the department will be notified so it may take remedial action.
• If a serious threat is not immediate, the department will be notified and Communication Services staff will work with the department to rectify the situation.

• No unauthorized network communication devices are allowed on the UCOP data network; when discovered, the devices will be disconnected.

• Access from the UCOP network to Web sites known to install spyware and/or viruses on computers may be blocked. When possible, advance notification will be provided UCOP network customers; in some cases, because of the severity of risk to the network and sensitive data, access will be blocked immediately and notification provided afterwards.

• Unauthorized inbound network communications protocols are blocked.

Policies for Network Connection Services

Wired Connections

Wired connections to UCOP's network are provided within UCOP buildings for electronic devices used to conduct UCOP business. In general, the wired network connections are subject to firewall protections and may be subject to additional restrictions based on the potential risk of the connected device(s) to or from other devices within UCOP's network.

• Devices connected to the network must be configured to comply with UCOP's Security Requirements for All UCOP Networked Devices.
• Devices that do not meet these requirements will be disconnected from the network.

Wireless Connections
Wireless connections to the public Internet are provided in many UCOP conference rooms. UCOP's Security Requirements for All UCOP Networked Devices do not apply to wireless connections.

VPN Connections
A Virtual Private Network (VPN) service is available to UCOP users provided the following conditions are met:

• Approval by the user's manager is required to obtain VPN service.
• The user's department must be included in ITS's Active Directory
• Users are required to authenticate themselves when using the VPN service.
• VPN software must be installed on the user's device.
• The user's device must be configured to comply with UCOP's Security Requirements for All UCOP Networked Devices. Devices that do not meet these requirements will be disconnected from the network.
• VPN service is only offered for UCOP managed computers, not employees' personal equipment.

Network Monitoring Policy
IR&C regularly monitors network traffic to identify anomalous patterns or malicious traffic that may pose a threat to UCOP's electronic information resources, such as excessive login attempts to a UCOP account or excessive e-mail distribution leaving any IP address. In conformance with the UC Electronic Communications Policy (ECP), section IV C.2.b. System Monitoring, personnel who administer the data network might observe the contents of electronic communications during the performance of their duties. Except as provided elsewhere in the ECP or by law, they are not permitted to seek out the contents or transactional information for purposes not germane to network monitoring or to disclose or otherwise use what they have observed. Such unavoidable inspection of electronic communications (including transactional information) is limited to the least invasive degree of inspection required to perform such duties.