CoS Network Usage Policies
The CoS computer technicians, whether they be departmental techs or members of Network and Computing Services (NCS), work hard to keep the College's network free from the all too prevalent viruses, worms and malicious traffic traveling across the Internet these days.To aid in this endeavor, the College has its own network firewall to both protect it from dangerous traffic o?n the University network and to protect the campus should o?ne of our machines become infected.The College and University also provide computer applications such as anti-virus software to help minimize the vulnerability of College machines.
Another step that's been taken by the College techs is development of a baseline computer configuration which incorporates these software packages with other computer optimization and security settings.In order to protect all computers o?n the network, this image is now installed o?n most new machines coming into the College.Using this baseline as a foundation for users to build upon ensures that all College computers have an essential level of protection installed o?n them and that they will work efficiently o?n our network. None of the applications installed in this configuration limit the user's freedom to configure their machines as they wish.In fact, in most cases it will result in a faster running machine since the network settings are optimized for the College's network.
Unfortunately, there are a number of machines o?n the College network which, for o?ne reason or another, were not installed by a College technician and therefore, did not get this standard configuration applied.This poses a security risk not o?nly to those specific machines, but also to the rest of the College.Machines that fall into this category include those purchased with grant money or other non-GF sources and have been installed and configured by the faculty member responsible for them.
Virus infections and other computer exploits are becoming increasingly widespread across the Internet. Symptoms of an infection may range from the annoying, such as pop-ups o?n the screen or a changed home page to the computer being rendered unusable. Many times the computer is used as part of a larger network of compromised machines used to send SPAM or to infect other machines. With these less malicious types of exploits, there is usually a good chance that the exploit can be removed from the machine without impacting the user's files.However, in some instances the machine could be exploited to such a degree that it cannot be “disinfected” and instead needs to be completely reformatted, erasing all the user's data in the process.
There are also exploits which try to infect as many computers as they can as quickly as possible, usually producing a massive increase in the amount of traffic o?n the network.The end result is extremely slow network or no network connectivity for everyone until the problem machine(s) are discovered and disconnected.
For these reasons, all machines that connect to the College network should be configured and installed by the appropriate College technician.They will configure the network parameters and install software applications that will ensure the machine gets updated when new patches or antivirus definitions come out. Having our entire network comply with these changes will not o?nly minimize the College's exposure to malicious attacks, but will also allow easier management of the network, minimize the need for individuals to keep up with the latest security updates and result in faster resolution times when a problem does occur.
In a further effort to protect the integrity of the College network and to mitigate the risks and losses associated with security threats College Security Guidelines have been developed.
- All machines accessing the CoS network must be registered with NCS or the department's computer technician.This includes any device added to the network, whether temporarily or permanently.
- Laptops or other network devices previously connected to a non-SJSU network needing access to our network should be checked out in advance by a College technician.The technician should have ample notice and access to the machine to allow them to perform a virus scan, confirm that antivirus software and system patches are up to date and do a cursory security check before the machine connects to the College's network.The technician will also be able to make sure the machine's configuration will work at the specific location where the machine will be used.
- All machines connected to our network will be subjected to periodic security scanning and may be disconnected if they are found to be infected, vulnerable to exploits or improperly maintained.
- For security reasons, o?nly Microsoft NT or higher should be installed as the Microsoft OS on PCs. Macintoshes should be running OS 9.0 or higher.Machines running Linux, UNIX or other OSs should maintain currency with patches and updates (see Minimum System Requirements).
- All user machines should be configured to have file sharing turned off, unless there is a specific need for them.If that is the case, care should be taken to only enable sharing of those files/services specifically needed.
- All College owned computers should have anti-virus (AV) client software installed and configured so it is managed by o?ne of the College's AV servers.Currently the College provides Symantec's SAV and the University provides eTrust for Windows machines.Although there is currently no AV application provided by either the College or the University for other desktop OSs, users of these computers should run an appropriate application.
- All NCS managed machines should have Big Fix installed on them so new and applicable system updates can be automatically pushed out.
- If a machine is to be used as a mail server, open relaying functions must be turned off and the machine must be registered with NCS.
- Network access and file transfer applications should be replaced by more secure applications such as SSH, SFTP, SCOPY.This is especially critical for networked servers.
- For security both to the College and the University, the CoS has a firewall between its network and the rest of the University. Any requests for specific restrictions or allowances should be addressed to NCS.
- These guidelines are specific to the College of Science, but all network users are also responsible for adhering to the Campus and CSU Use Policies: