IIT: Security

Definitions

COE: College of Education

Workstation: A type of computer used for productivity software,desktop publishing, software development, and other types ofapplications that require a moderate amount of computing power andrelatively high quality graphics capabilities.

Server: A computer or device on a network that manages networkresources. For example, a file server is a computer and storage devicededicated to storing files. Any user on the network can store files onthe server. A print server is a computer that manages one or moreprinters, and a network server is a computer that manages networktraffic. A database server is a computer system that processes databasequeries.

User: An individual who uses a computer. This includes expertprogrammers as well as novices. An end user is any individual who runs an application program.

Network: Referred to as a LAN (local area network) that spans arelatively small area. Most LANs are confined to a single building orgroup of buildings. However, one LAN can be connected to other LANsover any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN).

Physical Security

Workstation

• Current virus scanning software must run on all servers and workstations. Automatic updates and scanning options must be enabled at all times.
• All software installed on any COE workstation must be approved by the network managers.
• If an end-user is granted local administrator privileges, then system-level functionality for their computer will become the responsibility of that end-user. If the system fails, IT technical support service will be limited to the recovery of the system by the re-installation of the baseline software (O/S and standard applications) that was installed on the computer when it was originally placed into service.
• Excessive staff and labor will not be used to recover software on a computer belonging to an end-user with local administration privileges. Applications installed by an end-user having local administrator privileges will not be recovered.

Servers

• Any host identified as a Server must be physically located in the server closet.
• COE servers must be located in a room locked by a key. Only the COE network managers and Deans are authorized to have access to the serverroom.
• Network equipment must be locatedin a room locked by a key. Only Network Services and the COE networkmanagers are authorized to have key access to the network closet.
• Keys to rooms housing COE IT Resources are managed by “THE PERSON IN CHARGE OF KEYS” (392-5555).
• Authentication, Authorization, and Audit Ability

Workstations

• All logins to workstations must be authenticated by a Global Catalog (GC) Server.
• Local logins are not authorized.
• Only authorized employees will be permitted access to email, file, and print services within the COE domain.
• The COE network managers are authorized to have privileged access to all COE workstations.
• Login records for all workstations must be maintained for at least 6 months.

Laptops

• Local logins will be permitted with prior approval.
• Unless approved, all logins to laptops must be authenticated by a Global Catalog Server.
• Login records for all workstations and servers must be maintained for at least 6 months.
• The COE network managers are authorized to have privileged access to all COE laptops.

Servers

• The COE network managers are authorized to have privileged access to all COE Servers.
• Login records for all workstations and servers must be maintained for at least 6 months.
• Access to the Exchange messaging server is restricted to IMAP (Macintosh) and MAPI (PC).
• The only supported clients will be Entourage (Macintosh), Outlook (PC),Outlook Web Access (web), and Outlook Mobile Access (PDA Devices).
• Host and Network Security

Workstations

• Current virus scanning software must run on all servers and workstations. Automatic updates and scanningoptions must be enabled at all times.
• All software installed on any COE workstation must be approved by the network managers.

Servers

• All test servers must be built in the COE private address space.
• Current virus scanning software must run on all servers andworkstations. Automatic updates and scanning options must be enabled.
• All software installed on any COE computer must be approved by the network managers.
• Only established connections from COE hosts are allowed to external networks. Access is allowed only to specified services, currently mail and web, on the server.COE/EDUCATION.ufl.edu and www.COE/EDUCATION.ufl.edu. Remote access to these servers is allowed only from the UF VPN.

User Training

• All users must read the UF Acceptable Use Policy before they are given access to any COE computer.
• All users must be instructed on password security before they are given access to any COE computer.
• All users must be warned about social engineering before they are given access to any COE computer.
• All COE user training should be repeated at least annually.