Top Searches:

Panorama Presents Animapalooza Dec 5, 2025

The Nutcracker Dec 5-7, 2025

UNCSA Cantata Singers Holiday Concert Dec 7, 2025

UNCSA Guitar Studios in Recital Dec 7, 2025

Photona Dec 12, 2025

Balourdet Quartet - Learning to Fly Jan 13, 2026

See All Events
 

Network Security Standard

Purpose

This standard outlines the requirements for maintaining a secure network environment at the University of North Carolina School of the Arts (UNCSA). It aims to protect the university’s digital assets, sensitive data, and network infrastructure from unauthorized access, malicious attacks, and data breaches. The primary network security measures covered in this standard are Firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS).

Scope

This standard applies to all network infrastructure components at UNCSA, including wired and wireless networks, devices, systems, servers, and applications that are connected to the university’s network. It governs the use of firewalls, IDS, and IPS for ensuring the security of the university's internal and external network traffic.

Network Security Components

1. Firewalls

Overview: Firewalls are a critical security component used to monitor and control incoming and outgoing network traffic based on predetermined security rules. At UNCSA, firewalls are deployed at strategic points in the network to filter traffic, block unauthorized access, and prevent cyberattacks.

Key Principles:

  • Perimeter Firewalls: Firewalls will be placed at the network perimeter to control traffic between the university's internal network and external networks (e.g., the internet).
  • Internal Firewalls: In addition to perimeter firewalls, internal firewalls will be deployed to create segmentation within the university’s network, especially for sensitive data and high-risk systems (e.g., administrative or financial systems).
  • Access Control Lists (ACLs): Firewalls will utilize ACLs to define which types of traffic (e.g., specific IP addresses, ports, and protocols) are allowed or blocked.
  • Least Privilege Principle: Only necessary traffic will be allowed through the firewall. All other traffic should be blocked by default.
  • Stateful Inspection: Firewalls will use stateful inspection to track the state of active connections and make decisions based on the context of traffic, improving security and performance.
  • Logging and Monitoring: Firewall logs will be reviewed regularly to identify potential security threats or policy violations.

Firewall Configuration Standards:

  • Default-deny rule: Block all incoming traffic unless explicitly allowed.
  • Encryption for traffic where possible (e.g., using TLS for web traffic).
  • Strong security policies for remote access (e.g., VPN, secure protocols like SSH).
  • Regular updates and patches to firewall software and firmware.

2. Intrusion Detection System (IDS)

Overview: An Intrusion Detection System (IDS) monitors network traffic for signs of malicious activity or policy violations. IDS solutions at UNCSA will detect potential security breaches by analyzing network traffic patterns, system logs, and user behaviors.

Key Principles:

  • Real-Time Monitoring: IDS will monitor network traffic and system behavior in real time to detect suspicious activity and potential threats.
  • Signature-Based Detection: IDS will use a database of known attack signatures to detect threats based on patterns that match previously identified attacks.
  • Anomaly-Based Detection: IDS will also use machine learning or heuristic techniques to detect deviations from normal network traffic patterns (anomalies) that could indicate a new or unknown threat.
  • Alerting and Reporting: When an intrusion attempt or suspicious activity is detected, the IDS will trigger alerts to the security team and generate reports for further analysis and investigation.
  • Deployment Locations: IDS will be deployed in critical areas of the network, such as at the perimeter, within the internal network, and on specific high-risk systems.
  • Integration with SIEM: The IDS will be integrated with the Security Information and Event Management (SIEM) system to correlate and analyze events for a more comprehensive security posture.

IDS Configuration Standards:

  • IDS signatures must be regularly updated to include the latest attack vectors.
  • Anomaly detection thresholds must be set based on traffic baselines, which will be recalibrated as needed.
  • Regular review of IDS logs and alerts to ensure that legitimate incidents are promptly addressed.

3. Intrusion Prevention System (IPS)

Overview: An Intrusion Prevention System (IPS) is similar to an IDS but with the additional capability of actively blocking or preventing suspicious activity in real time. The IPS will identify, block, and mitigate malicious traffic and attacks before they can reach critical systems.

Key Principles:

  • Real-Time Prevention: The IPS will block malicious traffic in real-time based on predefined rules and attack signatures, preventing potential intrusions before they can compromise systems or data.
  • Traffic Analysis: The IPS will analyze network traffic to detect various forms of attacks, including denial-of-service (DoS) attacks, buffer overflows, malware infections, and other exploits.
  • Automated Response: The IPS will automatically take action when a threat is detected, such as blocking malicious IP addresses, terminating suspicious connections, or isolating compromised systems.
  • Adaptive Defense: The IPS will use both signature-based and behavior-based detection to identify and block known and unknown threats.
  • Integration with Other Security Tools: The IPS will work in conjunction with other security tools, such as the IDS and SIEM systems, to provide a layered defense strategy.

IPS Configuration Standards:

  • Block or quarantine malicious traffic based on severity levels.
  • Use of real-time packet analysis to detect and prevent threats.
  • Regular updates of threat signatures and behavior-based detection models.
  • Fine-tuning of IPS policies to minimize false positives while maintaining effective threat detection.

Network Security Guidelines

1. Network Segmentation and Isolation

  • The university’s network will be segmented into different security zones based on the sensitivity of the data and the role of the system. For example:
    • Academic Network: Used by students, faculty, and staff for routine academic activities.
    • Administrative Network: Contains sensitive financial, HR, and student information and will have stricter access controls.
    • Guest Network: Isolated from the main network to provide internet access for visitors while limiting access to internal systems.

Each segment will have its own access controls, firewall rules, and monitoring systems in place to mitigate the risk of lateral movement by attackers.

2. Remote Access Security

  • Remote access to the university network will require VPN (Virtual Private Network) connections with strong authentication methods, including Multi-Factor Authentication (MFA).
  • All remote access traffic must pass through firewalls and IPS/IDS systems for inspection and protection.

3. Patch Management

  • Regular updates and patches will be applied to firewalls, IDS, and IPS systems to ensure they are up-to-date and capable of defending against the latest known vulnerabilities.
  • Critical security patches for network security devices will be prioritized and applied promptly.

4. Network Monitoring and Logging

  • Comprehensive logging of network activity will be maintained for all network security devices, including firewalls, IDS, and IPS.
  • Logs will be stored securely and monitored in real time by the IT security team to detect and respond to security incidents.
  • Logs will be retained according to the university's data retention policy and reviewed during security audits and investigations.

5. Incident Response

  • In the event of a network security breach or attack, the university will follow the Incident Response Plan (IRP) to contain, mitigate, and remediate the situation.
  • Security teams will use IDS/IPS data to investigate security incidents, identify attack vectors, and perform forensic analysis to determine the extent of the compromise.

Compliance

All network security systems, including firewalls, IDS, and IPS, must comply with university policies, industry best practices, and relevant regulatory requirements (e.g., FERPA, HIPAA, PCI-DSS). Non-compliance with this standard may result in disciplinary action, including loss of network access, and may also trigger further investigations or legal actions.

Conclusion

Network security is a critical element in safeguarding the University of North Carolina School of the Arts' (UNCSA) digital assets and information systems. By implementing robust firewall protections, real-time intrusion detection, and proactive intrusion prevention, the university will be well-equipped to defend against cyber threats and ensure the security of its network infrastructure. All staff and users must adhere to these standards to maintain a secure IT environment.

June 02, 2025