IT Infrastructure Committee: Mission and Scope
The purpose of MUSC's IT infrastructure is to support the convenient and secure transport of information, both within and beyond the MUSC enterprise. The mission of the IT Infrastructure Committee is to provide guidance and conflict resolution with respect to this infrastructure.
To that end, the committee seeks to define the components of the infrastructure and the boundaries between the infrastructure and its users, and to develop policies that guide which value-added resources may cross the boundary between the "end user" and the infrastructure. The goal of these policies is to protect the integrity of the infrastructure, and the security of the information it carries, while permitting end users as much freedom as possible, and while containing the damage and ripple effect of failures or mistakes within the end-user environment.
MUSC's IT infrastructure consists of those shared (community) resouces which are required to support enterprise-wide IT applications. Its purpose is to promote convenient and secure transport of information. Security must address not only secure transmission of data, but also user identity management, authentication and access control.
The set of resources which fall into the category of infrastructure evolves continuously, driven both by the rapid evolution of networking technology, and by changes in the set of campus-wide network applications which the infrastructure must support.
Currently, MUSC's network infrastructure is defined to encompass at least the following resources:
- Physical cable plant (conduits, wiring, wiring closets)
- Routers, switches and hubs
- Internet connections
- Dial-in access servers
- Wireless access servers
- Network firewalls
- Authentication and authorization servers
- DNS servers
- DHCP servers
- Email servers
- Directory servers
- Shared file servers
The infrastructure is analagous to a public utility operated by MUSC for the benefit of its students, faculty, and other constituents. It supports a dynamic set of applications and other "value-added" components within which users can add local value to the set of resources which the infrastructure makes accessible to the user community.
Examples of Infrastructure Policies
Purchasing of infrastructure will move toward a central mechanism and away from individual departments being required to purchases their own infrastructure components, e.g. switches. To accommodate this, a surcharge is being considered for each telephone connection which will be used to meet the infrastructure needs of voice, data and video.
Communication within the network will be limited to those protocols supported by open standards. We can reduce the complexity of our network, and improve its reliability and manageability, by limiting traffic to the Internet Protocol (IP) suite.
Registration of application-layer protocols
Registration of application protocols (http, ftp, etc.) will be used to maintain a list of approved application protocols. Protocols not on the approved list (e.g., IP telephony) may be restricted from use on the campus network.
Registration of end-nodes
Registration of workstations and other end-nodes on the campus network will be required, so that we know whether devices connected to our network are trustworthy. This will be important to supporting mobile users, e.g. in a wireless environment.
Registration of content
Registration of mission-critical information resources, e.g. the content of certain web sites, will be required, so that we can test and maintain the integrity of content which involves institutional resources.
Mechanisms will be developed for migrating a resource (e.g. web page) that is developed by an individual but becomes useful to a large segment of the community into an "institutional resource" so that it becomes available 24 hours/day, is backed up to off-site media for disaster recovery purposes, etc.
Authentication and access control
We will add language to all future RFPs for information systems, requiring application software vendors to interface their proposed systems to MUSC's authentication and access control infrastructure. Similar requirements will apply to all new applications, including systems developed in-house.
We will develop a firewall policy that clearly indicates conditions where one can acquire penetration through network firewall(s).
Intrusion/abuse detection and response
We will implement monitoring, auditing, and incident response policies and mechanisms that enable detection of, and response to, incidents of network intrusion and abuse.
$Id: mission-scope.html,v 1.1 2003/04/07 13:13:16 gadsden Exp $