Policy change will enhance IT security for private network needs


The Senate’s Computing and Information Technology Committee approved a tweak to the University Network policy it passed previously that requires Pitt Information Technology to consult with faculty and departments regarding their special network configuration needs.

At its March 28 meeting, the committee discussed, then unanimously approved the change to the Network policy it had first OK’d on Jan. 26, which Faculty Assembly approved but later requested some language changes.

“Instead of the limitation of Pitt IT’s approval of private networks to those connected to PittNet, this revision … requires Pitt IT to consult with faculty and departments regarding special network configuration needs,” an statement on the change said. “The inherent problem of the limitation approved by the Faculty Assembly in January is that no matter how small or large a network constructed separately from PittNet may be, it has the potential to negatively impact users of PittNet or pose a significant information security risk.”

The policy change, under the heading of “Infrastructure Devices and Network Cabling,” says “Pitt IT will consider, in consultation with departments and users, special network configurations to support research or unique needs including networks not connected to PittNet or the Internet provided that they do not pose information security risks to the University or negatively impact other PittNet users.”

Concern was expressed in the committee’s February meeting based on a lack of policy language around Pitt IT’s involvement with those using special network configurations.

Brian Hart, senior project manager for Pitt IT and policy committee chair, said the change addresses a loophole that allowed creating a “private network configuration or something unusual” as long as it wasn’t connected to PittNet.

“The issue (is) that if somebody creates a network off PittNet and it’s got wireless equipment or it’s got some other devices in it, that could pose a security risk,” he said. “Then the policy would allow that, even though it’s a bad practice and it has the potential of harming the network for all the rest of (Pitt) users. That’s why we could not agree to the change.”

Hart emphasized that, while special configurations can be considered, “the proviso still has to be there, that they don’t pose security risks for the University or negatively impact other PittNet users,” he says.

“We do this already. And there are research networks that exist within the University, in the (School of Computing and Information) for example, that are firewalled off in such a way that they cannot pose a risk to PittNet yet enable the faculty in this school to conduct network research without restrictions or limitations,” he said. “And similarly, what’s been added is just under the responsibilities again, a responsibility for Pitt IT to be consulted.”

PittNet encompasses the system of physical cabling, network switches, connections to other networks (e.g., Internet, Internet2, and various regional networks), supporting equipment, leased network circuits and bandwidth, cloud-based services other resources that provide network access to University computing resources through wired ports and Wi-Fi connections.

PittNet also includes network segments managed by third-party providers on behalf of the University, such as residence hall networking on the Pittsburgh campus.

Ilia Murtazashvili, the computing committee chair and associate professor in the Graduate School of Public and International Affairs, said he thought the clarifying language enhances the policy and PittNet security.

"I was pleased that the Network Policy Committee included additional language to clarify that Pitt IT is ready and able to help all University network users, including those who, by virtue of their needs, have private networks on campus,” he said.

Shannon O. Wells is a writer for the University Times. Reach him at shannonw@pitt.edu.


Have a story idea or news to share? Share it with the University Times.

Follow the University Times on Twitter and Facebook.