Policies

TDS establishes the policies for the School of Medicine data communications network. University IT Networking supports the network implementation and ongoing operations.  In order to properly secure and support the network, the following policies and standards are enforced:

University-Wide Computing Policy

University Policies:

The Stanford University Computer and Network Usage Policy applies to all devices connected to the School of Medicine network. Do NOT share passwords.

Devices on the Network

No Non-TDS network devices:

TDS requires that there be a one-to-one mapping between a port and a single computer or printer.  It is against TDS policy for a user or IT support person to connect a network connectivity device (hub, switch, router or wireless access point) to "share" a single jack among multiple computers*.  The exception to this is when an outside network supporting  a vendor or other third-party is approved.  This may be an installation of DSL by AT&T or Comcast which is supported by the third-party though uses Stanford in-building wiring.  Third-parties are not allowed to configure or alter the Stanford network installed by UIT.

* Note that Cisco IP phones in use at Stanford have a port to support the connection of a computer or printer, which is an acceptable and intended "sharing" of ports.

No local DHCP servers:

By design, Stanford runs Enterprise DHCP servers which hand out IP-based network addresses ONLY to registered devices. To ensure network stability and security, it is prohibited for any user or IT support person to run a local DHCP server (on a computer, printer, etc.) Devices that are (mis)configured to distribute IP address will be blocked from the network.

Disconnection of misbehaving devices:

In the event of a computer or printer behaving poorly on the network (security issue, configuration issue or broken hardware), TDS will attempt to reach the owner or administrator for said device. If we are unable to reach a responsible party, we will remotely disconnect the offending device.

Wireless

No "Rogue" Wireless Access:

By policy of the Dean, only UIT Networking can deploy wireless in School of Medicine space. If you need wireless in a School of Medicine space or have inconsistent or access problems, please submit a HelpSU request. Do not purchase or install your own access. It is also prohibited to use "Internet Connection Sharing" software to make a computer behave like a wireless access point. 

High Risk Data and wireless:

Because wireless networks are inherently less secure than wired, it is important to enable a VPN connection before using wireless connectivity for transmitting any High Risk Data (PHI, financial information, etc.). 

No Wireless Printers:

We recommend connecting printers to a wired network jack with a reserved DHCP address for a variety of reasons: 1) wireless radios on printers should be completely disabled because many of them have the capability to disrupt other wireless services, 2) Due to capacity issues, IP address reservations on wireless are not allowed, 3) Wireless connections are not encrypted when in the air and do not meet Information Security requirements, and 4) Wireless connectivity is inherently less reliable than wired as it is susceptible to interference from outside sources. Please contact ITS to order the appropriate wiring if none is available near the printer.

Physical Security

Closet Security:

TDS restricts access to the network closet cabling, etc. To ensure the integrity of the installation and the security of the network, we do not typically allow users (or departmental IT support staff) to have closet access. In those rare instances where non-TDS staff have been approved for closet access, those individuals must not interfere with the network equipment and cabling: do not touch or reboot equipment, and do not move ports or alter jack activations. 

Closet equipment:

The SoM is required to run a HIPAA-compliant network. This requires limited and controlled and monitored access to networking facilities. Due to this requirement, the only devices allowed in SoM building telecommunication rooms are TDS managed and/or approved networking switches, router, controllers or other networking equipment. Exceptions may be allowed for active devices that support building infrastructure services such as fire alarms, building security, telephones, electrical power and environmental control systems. Departmental equipment or servers may not be installed or stored in the telecommunication closets. 

In-room cabling and walls:

Installing patch cords over a wall to an adjacent room is a violation of fire code. Contact UIT/ITS to order sufficient wiring so that computers/devices are connected to network jacks in the SAME room. Please be sure to include the request to activate the jack after the wire is installed.

Since not all ports are activated or live, if an existing (or new) port has no activity, please submit a HelpSU request so it can be tested/activated.