Policies

IRT owns, controls and fully-supports the School of Medicine data communications network. In order to properly secure and support the network, the following policies and standards are enforced:

University-Wide Computing Policy

University Policies:

The Stanford University Computer and Network Usage Policy applies to all devices connected to the School of Medicine network. Do NOT share passwords.

Devices on the Network

No Non-IRT network devices:

IRT activates all data jacks, and requires that there be a one-to-one mapping between a port and a single computer or printer. It is against IRT policy for a user or IT support person to connect a network connectivity device (hub, switch, router or wireless access point) to "share" a single jack among multiple computers. 

No local DHCP servers:

By design, Stanford runs Enterprise DHCP servers which hand out IP-based network addresses ONLY to registered devices. To ensure network stability and security, it is prohibited for any user or IT support person to run a local DHCP server (on a computer, printer, etc.) 

Disconnection of misbehaving devices:

In the event of a computer or printer behaving poorly on the network (security issue, configuration issue or broken hardware), IRT will attempt to reach the owner or administrator for said device. If we are unable to reach a responsible party, we will remotely disconnect the offending device.

Wireless

No "Rogue" Wireless Access:

By policy of the Dean, only IRT can deploy wireless connectivity in School of Medicine space. If you need wireless in a space where we have not yet provided coverage, please submit a HelpSU request. Do not purchase or install your own access. It is also prohibited to use "Internet Connection Sharing" software to make a computer behave like a wireless access point. 

Restricted data and wireless:

Because wireless networks are inherently less secure than wired, it is important to enable a VPN connection before using wireless connectivity for transmitting any restricted data (PHI, financial information, etc.). 

No Wireless Printers:

We recommend connecting printers to a wired network jack with a reserved DHCP address for a variety of reasons: 1) wireless radios on printers should be completely disabled because many of them have the capability to disrupt other wireless services, 2) Due to capacity issues, IP address reservations on wireless are not allowed, 3) Wireless connections are not encrypted when in the air and do not meet Information Security requirements, and 4) Wireless connectivity is inherently less reliable than wired as it is susceptible to interference from outside sources. Please contact ITS to order the appropriate wiring if none is available near the printer.

Physical Security

Closet Security:

IRT carefully documents all network closet cabling, etc. To ensure the integrity of this documentation, and the security of the network, we do not typically allow users (or departmental IT support staff) to have closet access. In those rare instances where non-IRT staff have been approved for closet access, those individuals must not interfere with the network equipment and cabling: do not touch or reboot equipment, and do not move ports or jack activations. 

Closet equipment:

The SoM is required to run a HIPAA-compliant network. This requires limited and controlled and monitored access to networking facilities. Due to this requirement, the only devices allowed in SoM building telecommunication rooms are IRT managed and/or approved networking switches, router, controllers or other networking equipment. Exceptions may be allowed for active devices that support building infrastructure services such as fire alarms, building security, telephones, electrical power and environmental control systems. Departmental equipment or servers may not be installed or stored in the telecommunication closets. 

In-room cabling and walls:

Installing patch cords over a wall to an adjacent room is a violation of fire code. Contact ITS to order sufficient wiring so that computers/devices are connected to network jacks in the SAME room. Please contact IRT once the wire is installed so we can ensure the network activations to our equipment are complete.