Communication Technologies (ComTech), working with Security and Compliance (S&C), has developed a plan that allows campus local IT support staff to easily and quickly move traditional building networks to a protected network infrastructure — NCSU-PN. For further details, please read the Protected Network FAQ.

• Adopting this policy and supporting the move to protected networks would be a large step toward mitigating attacks on campus.
• It also aligns with a larger university goal to secure the wired and wireless networks.
• This architecture allows us to enforce a simple yet effective security policy on customers’ devices, helping to protect them from off-campus threats without restricting access to needed resources. 
• It has been designed to protect as many devices as possible with a general security policy.  
• Because of the comprehensive nature of this network, no specialized security exceptions will be added to this instance.
• This one-time change can be accomplished with little overhead to the campus IT support staff.
• Each department’s traffic will be reviewed to ensure that any specific security and access needs are understood.
• If a system is moved to NCSU-PN and any required access is restricted, we will work with the customer to move that affected equipment to a network that will allow the needed connectivity.

 

Benefits of NCSU-PN

• Devices moved to NCSU-PN are no longer subject to attacks or scans from malicious entities on the internet.
• Departmental systems can be secured with a simple network modification that requires little work by local IT staff and no action by the customer.

As we apply a more consistent security model for our campus networks, departmental devices should be secured from the internet. These could include:

• Laptops
• Desktop PCs
• Laboratory equipment
• Other devices with a wired connection to the network.

 

Devices That Cannot be Moved to NCSU-PN

• Devices needing to be accessed by an external vendor or other outside entity that lacks NC State VPN access.
• Departmental servers accessed from the internet, e.g., web servers.
• Polycom devices
• Specialized devices that already have their own secured networks, e.g., PCI, SCADA, COPY/PRINT.

 

Off-Campus Access to NCSU-PN

• Currently, certain types of remote access to equipment from off-campus require using the Virtual Private Network (VPN) client provided by ComTech.
• All remote access will require the VPN client once the network has been transitioned to NCSU-PN.
• If non-NCSU affiliated individuals require access to a device, it must be moved to an unprotected network.

 

Steps in Transitioning a VLAN to the NCSU-PN

1. A customer fills out the Protected Network Request form.
2. If necessary, a ComTech customer liaison can request Security and Compliance to complete a network scan of the customer’s VLAN.
3. Within five business days, the customer liaison meets with the customer to review eligibility.
4. If the customer is eligible, the customer liaison works with the Network Operations Center (NOC) manager to assign a network analyst to manage the transition and schedule the move.
   Note: During the scheduled maintenance window for this move, all network services will be interrupted for approximately 10 minutes. Once the network is moved to the new environment, ComTech works with local IT support to ensure all needed access is available.
5. Five business days after the transition, the customer, customer liaison, and NOC manager or NOC analyst meet for an after-action review.

 

Reporting a Problem

• If there is an issue with system connectivity, first contact local IT support.
• If access has been removed from a particular system, ComTech will work quickly with the local IT support to resolve the issue.

• Note:

• Most traffic originates from a client PC and goes to an external host.
• Traffic originating from off-campus to a client PC is not typical.
• ComTech will work with local IT support to determine the departmental applications used, but some applications or devices may not work with the local IT support to resolve the issue.