Glossary of Definitions

AD

Active Directory login - Usually the same credentials as the BUnetID login.

ARIN

American Registry of Internet Numbers. The Regional Internet Registry (RIR) for Canada, many Caribbean and North Atlantic islands, and the United States. ARIN manages the distribution of Internet number resource (IP addresses) for the said regions.

Border Router Access Control Lists (ACLs)

Access control lists on the border routers provide another layer of security in addition to the firewall to protect the campus network as a whole, all zones, from unwanted activity from the Internet/outside world.

BUnetID

The ID (a.k.a. user name, login, user-id, and account name) used by Bradley to identify all users of network services.

Computer Peripherals

Peripheral devices such as printers and scanners. Peripheral devices may be attached to a computer directly or via the campus network.

Computer Workstations

General purpose computers which are utilized by individuals and include stationary and portable systems.

Confidential Data

Non-protected data which, if revealed, can result in financial, legal or significant privacy loss to members of the Bradley community.

Contributed Service

To qualify for a 'Contributed Services' category, a person must be actively collaborating with a member of the Bradley community, be providing "valuable services" to the University, and not be an employee or student at Bradley. The University collaborator must sponsor this person and define the "valuable services" provided. This request must be approved by the Dean (or other administrator) and by the Vice President of the sponsor. Access will be granted for up to 1 year with renewal possible based upon need and university approval.

Device Level Protection

Many other devices on the network, most commonly servers, have firewall protection installed locally on them, which is in addition to the network firewall.

Display Visibility

Individuals with access to protected data information shall ensure that any and all computer displays for which they are responsible are not visible to unauthorized viewing by others.

Electronic Identity

This term refers to a method of assuring that the person who authenticated using a particular set of credentials is the person who is identified by these credentials.

FERPA

Family Educational Rights and Privacy Act – 
http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.

Firewall Access Control Lists (ACLs)

Access control lists on the firewall are used to permit certain devices in the lower security zones initiate network communications with the higher security zones, communications that would otherwise not be allowed per the zone’s security level number.

Firewall Security Zones

The firewall is segmented into zones, each with an assigned security level number relative to other zones. Devices are added to a specific zone based on who the user is, the protection needed for the device, and the required access to other network resources. For example, a student computer would be placed in a lower numbered zone than an admin machine, but a higher numbered zone than the Internet. 

Network devices in higher numbered/level security zones can automatically initiate network communication with devices in lower numbered/level security level zones by default. Lower security zones can respond back to already established network communications that were established by devices higher security zones. Devices in lower security level zones can only initiate network communication with devices in higher level zones when explicitly configured by an access control list (ACL) to allow this.

HIPAA

Health Insurance Portability and Accountability Act - http://www.hipaa.org/

IDS

Intrusion Detection System. Software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees.

Mobile Computing Devices

Handheld computing devices including personal digital assistants (PDAs) and cellular phones with data access.

MRTG

Multi Router Traffic Grapher.- Free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form.

Network Device

Anything on the Bradley network, not necessarily a computer. This includes workstations, servers, laptops, desktops, routers, switches, access points, IP video units, IP Phones, building security systems, Laundry Systems, QuickCard systems, hand held devices, gaming systems, etc.

Network Resources

Anything a user on campus accesses over the campus network including shared files, printers, databases, applications, network equipment, internal-only websites, etc. 

Network Security Exception

Configuration in a network device such as a firewall or router that allows networks or systems to initiate traffic through the said network device to get to other networks/systems listening on TCP, UDP, or other IP ports that the network device would otherwise block.

One-time use secret PIN

One time password to be used for this procedure.

PCI

Payment Card Industry - https://www.pcisecuritystandards.org/.

Proprietary Data

All data held by the University for operational, educational, and/or other purposes not appropriate or available for general public use.

Protected Data

Data required to be protected by FERPA, HIPAA, PCI, or other regulations.

Public

Information available to the public.

Secure Protocol Examples

128-bit or longer keys of AES, IPSEC, SSH, SSL, or TLS

Server

a computer device containing proprietary or protected data that is shared by a number of Bradley University computer users.

Server Custodian

see policy 3.01 Server Physical Access Policy.

Server Location

the physical site containing server.

System Registration

Care should be taken when registering computers on the network not to place them in a higher security zone than is needed, particularly in the case of computers that will be publicly accessible and/or used by students other than student employees authorized to access protected data.

VPN

(Virtual Private Network) - A method establishing secure network communication through an unsecure network, such as the Internet.

WHOIS

(pronounced who is) is a query/response protocol which is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name or an IP address.

Zone

A segment of the network that, in order to have network communication with other segments of the network, must communicate through the firewall to get there.

Zone

A logical area of the network whose ingress and egress traffic is sent through a firewall.