Skip to main content

Dual Homed Networks Policy

Version 1.1

Purpose

The purpose of this policy is to minimize potential exposure to the University from unauthorized access to the University’s IT Resources.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

The use of multiple network interfaces into a single computer to facilitate “dual-homed” or “multi-homed” connectivity creates a bypass of network security and is prohibited[1].

 

[1] Policy scenario example: Web-facing applications should not have the Web Service and Database Service residing on the same physical server device. If the public-facing web server is compromised, the database contents will also be compromised. For example, many process control incidents involving the Slammer worm in 2003 were a result of dual-homed architectures. The worm infected the server via one NIC and then immediately started working on the computers located on the second NIC’s network.

 

Definitions

Dual Homing is defined as having concurrent connectivity to more than one network from a computer or network device.

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Implementation Information

Review Frequency: Annual
Responsible Person: Director, IT Risk and Data Integrity
Approved By: CISO
Approval Date: May 16, 2017

Revision History

Version: Date: Description:
1.0 05/16/2017 Initial Policy
1.1 05/23/2018 Updated disclaimer, scope, and definitions

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.