Part 4: Data Backup and Network Access Control
3.5.11 Inactive Data Deletion and Archiving
Data that has not been accessed for over 5 years must be removed from the database and backed up onto external hard drives or designated backup media. These backups must be stored securely in locations that minimize the risk of data leakage. Any deletion or destruction of electronic data must be approved by an authorized officer before removal from the system.
3.6 Protection Against Malicious Software
3.6.1 Users must install and regularly update antivirus and anti-malware software.
3.6.2 Operating systems, web browsers, and all applications must be regularly updated to address security vulnerabilities.
3.6.3 Before transmitting data over networks or using any storage media, users must scan for malware.
3.6.4 Users must scan executable files (e.g., .exe, .bat, .vbs, .doc.exe) before opening them.
4. Network Access Control
4.1 Accessing the University Network
4.1.1 Network access must be authenticated using University-issued accounts.
4.1.2 Users may only access services permitted by their account privileges.
4.1.3 External access to the University network must be strictly necessary and secured with enhanced measures.
4.1.4 Servers exposed to the internet must be registered with the Computer and Information Center.
4.1.5 Access to shared networks and device ports must be strictly controlled.
4.1.6 Network inspection tools may be used only with administrator approval.
4.1.7 Temporary accounts must be issued for users without a University account, with identity verification enforced.
4.2 Wireless LAN Access Control
4.2.1 Users must register for wireless LAN access and be approved by the Computer Center or network owner.
4.2.2 Wireless LAN administrators must:
(1) Assign access rights based on users’ job roles and review them periodically.
(2) Register all access points with administrator approval.
(3) Limit wireless signal coverage to avoid signal leakage and external access.
(4) Change the SSID from the default value.
(5) Change default admin usernames/passwords on access points to strong credentials.
(6) Encrypt connections using protocols like WPA2 or better.
(7) Use firewalls between wireless and internal networks.
(8) Regularly monitor the wireless network with software/hardware tools and report suspicious activity immediately.
4.3 Device Identification
4.3.1 Devices connecting to the network must receive assigned IP addresses.
4.3.2 MAC address logs must be maintained via DHCP servers or Layer 3 switch ARP tables.
4.4 Securing Network Management Ports
4.4.1 Limit access to network configuration ports/IP addresses.
4.4.2 Set strong passwords for direct device access.
4.4.3 External connections to these ports must be through secure channels like VPN.
4.4.4 Critical network equipment must be stored in secured rooms.
4.4.5 Disable unused ports or services on network devices.
4.4.6 Perform regular weekly inspections to close unnecessary ports.
4.5 Network Segregation
4.5.1 Network diagrams must be created clearly outlining boundaries and areas of access.
