Wow,

I'm not sure I agree with that policy much. It seems to be based on one false assumption:
port scanning is bad,

which of course, it isn't.

The fact that it came from a university is even more surprising. My knowledge of networks and ports and tcp/ip communication has been greatly, GREATLY enhanced by port scanning. Programs like the Angry IP Scanner and NMAP have proven to be great learning tools.

"Network port scanning is an information gathering process..." is the one statement in the policy that I absolutely, 100% agree with. Does this mean that this University doesn't want its staff or students to engage in information gathering processes??

"...when performed by unknown individuals it is considered a prelude to attack." Possibly, or it could be the prelude to a patch of some vulnerability or other.

Additionally, I wonder if this policy was drawn up by a network administrator, or a faculty member who doesn't fully understand what port scanning is really all about?