Security

This area deals with security considerations for the campus network. A template for a security policy is proposed based on core principles as defined in ISO/IEC 27002. An ICT security architecture for higher education is recommended. Traffic filtering technologies are discussed and general applications are recommended. Adoption of digital certificates in a public key infrastructure (PKI) is covered.

	Information Security Policy Information management is an essential part of good IT governance, which, in turn, is a cornerstone in corporate governance. An integral part of the IT governance is information security, in particular, security pertaining to personal information. However, many organisations do not have a clear policy for information security management.
	Recommended ICT Security Architecture in the HE Sector The goal of this document is to serve as a guide for the implementation of ICT security architecture in the Norwegian HE sector. The recommendations are based on best practice, risk assessments, regulatory and commercial requirements, and directives issued by the Norwegian Data Inspectorate, with a major emphasis on existing practices.
	Traffic Filtering - An Overview of the Technologies and their Application in AMRES The aim of this document is to present an overview of the available traffic-filtering technologies and their general application, as well as an indication of the procedures and planned applications in the hierarchical structure of the Academic Network of Serbia (AMRES).
	Securing Service Access with Digital Certificates Securing services such as HTTP, email, RADIUS and LDAP is very important, and this document is provides step-by-step procedures for certificate deployment on different server platforms for different services. The document promotes the adoption of digital certificates in the member institutions of the Academic Network of Serbia (AMRES) as a means of establishing secure communication channels.
	The Implementation of the AMRES VPN Service This document describes the deployment of the AMRES VPN service. This solution involves the implementation of the Secure Sockets Layer / Transport Layer Security (SSL/TLS) protocol using OpenVPN technology. The main advantages of an OpenVPN solution are the implementation of advanced data encryption algorithms, the simplicity of installation and maintenance, and the fact that it is supported by almost all of the client and server platforms that are popular today. For user authentication, the AMRES VPN service relies on the RADIUS infrastructure, which was developed for AMRES’ eduroam® service. The document also provides a detailed configuration of the relevant RADIUS servers on the FreeRADIUS platform.
	Centralised Web Traffic Filtering System This document describes an IronPort firewall technical solution for web traffic filtering suitable for a campus environment. General ideas and techniques can be applied to equipment from other vendors. Design, configuration and positioning of the centralised firewall system are discussed. Important recommendations regarding mechanisms ensuring redirection and distribution of web traffic towards the firewall devices are dealt with. The advantages and shortcomings of a centralised system are discussed. Collection and analysis of traffic passing through the firewall are covered.
	Implementation of 802.1X in the Wired Network Ensuring the security of wired networks where physical access to outlets is unrestricted is resource-demanding. IEEE 802.1X is considered the most elegant solution. IEEE 802.1X is a Layer 2 protocol that enforces user or machine authentication. Typically, most types of traffic are blocked until the connected user or machine has been authenticated. The switch will forward Extensible Authentication Protocol over LAN (EAPoL) traffic between the supplicant (machine) and the RADIUS server, similar to a wireless deployment. The recommendations are generic, but include instructions for vendor-specific configuration of some switches. Client configurations for Windows, Apple and Linux are included.
	Guidelines for Information Classification This document specifies the recommended guidelines for information classification in the higher education institutions in Norway. Means of identifying and in turn classifying the institution’s information objects are given. Classification is done based on sensitivity and criticality. Adequate retention periods and disposal regulations are suggested. Careful measures should be taken before approving storage of information objects on mobile devices and cloud-based services. The guidelines will serve as an important tool set for information owners to secure mission-critical content.

CBP Documents
Campus Best Practice documents available to download

	Physical infrastructure
	Campus networking
	Wireless
	Network monitoring
	Real-time communications
	Security

European Commission Communications Networks, Content and Technology