|
ODNR employees shall not use departmental computer hardware in a manner that does not protect the integrity of the local area and wider area networks from unauthorized use or access. Employees using the department’s computer network will be held accountable for any misuse of the network or hardware.
Owner responsibility
- All persons working on the DNR network shall have a client account and password that is not shared or posted in any manner. An e-mail account shall be owned by an individual; no sharing of e-mail accounts is permitted. All client accounts on the network are individually owned and accessed to ensure security and accountability. Shared accounts create situations where passwords become common knowledge thereby increasing the risk of unauthorized access to systems and data.
- Every network user is responsible for ensuring their networked computer is secured from unauthorized access when they leave their workstation. When users leave their workstations unattended password protected screensavers (or other locking programs) shall be used to prevent unauthorized access. Alternatively, users may log off the network or physically secure the PC (e.g., lock their office door).
- Modems in computers connected to the network shall have the answer mode disabled. This requirement applies to all computers whether in the Central Office, at remote sites using dedicated circuits, or dialup using RAS or an ISP. Users may use internal FAX modems to send and received documents providing incoming data connections are disabled.
- Users are prohibited from allowing Remote Desktop connections to their PC. Exceptions to this rule are for OIT troubleshooting and with written approval from OIT.
- Users are prohibited from disabling anti-virus software, are required to check all files downloaded from the Internet for malicious code (e.g., a virus), and shall report any incidents to the Office of Information Technology. Users are required to utilize anti-virus software to check all files for code that could harm department equipment or systems by downloading them to disk. Users must report any malicious code detected to the OIT Support Desk (265-7082).
- Users are prohibited from disabling firewall software or modifying firewall rules to disable firewall functionality. Users may, using automated (popup) or manual means, modify firewall rules to allow authorized software to function properly.
- Users are prohibited from creating local user accounts on their PC. Local user accounts when required will be created and maintained by OIT.
- Users are prohibited from bridging connections and Internet connection sharing. Either of these may cause networking problems or allow unauthorized network traffic to enter the DNR network.
- Access to the DNR network using an employee owned PC is prohibited. Users can connect to their e-mail through “Outlook Web Access” from their personal PC and not be in violation of this policy.
Penalties
Employees that violate this policy are subject to discipline. Anyone who becomes aware of a violation of these Codes shall report it to his/her supervisor or the violator’s supervisor immediately. The supervisor is responsible for notifying the Office of Information Technology chief or assistant chief.
Glossary
- Client Account: An account issued by the Office of Information Technology with a user name and password to access (or authenticate) to the ODNR network.
- Dedicated Circuit: A high-speed digital connection that includes T-1 and 56K lines and services such as “Road Runner”.
- E-mail Account: An account issued by the Office of Information Technology with a user name and password to access an Exchange mailbox. Only one person can own a mailbox, however, an owner can grant permission to another e-mail account to access their mail.
- Local User Account: An account that exists on a single PC rather than on the domain (network wide).
- Shared Account: An unacceptable practice that allows more than one user to access the network using the same user name and password.
- Unauthorized Access: a person using another’s network account for any purpose. This does not include Office of Information Technology technicians performing maintenance on a user’s PC or network account.
|