Definitions
COE: College of Education
Workstation: A type of computer used for productivity software,desktop publishing, software development, and other types ofapplications that require a moderate amount of computing power andrelatively high quality graphics capabilities.
Server: A computer or device on a network that manages networkresources. For example, a file server is a computer and storage devicededicated to storing files. Any user on the network can store files onthe server. A print server is a computer that manages one or moreprinters, and a network server is a computer that manages networktraffic. A database server is a computer system that processes databasequeries.
User: An individual who uses a computer. This includes expertprogrammers as well as novices. An end user is any individual who runs an application program.
Network: Referred to as a LAN (local area network) that spans arelatively small area. Most LANs are confined to a single building orgroup of buildings. However, one LAN can be connected to other LANsover any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN).
Physical Security
Workstation
- Current virus scanning software must run on all servers and workstations. Automatic updates and scanning options must be enabled at all times.
- All software installed on any COE workstation must be approved by the network managers.
- If an end-user is granted local administrator privileges, then system-level functionality for their computer will become the responsibility of that end-user. If the system fails, IT technical support service will be limited to the recovery of the system by the re-installation of the baseline software (O/S and standard applications) that was installed on the computer when it was originally placed into service.
- Excessive staff and labor will not be used to recover software on a computer belonging to an end-user with local administration privileges. Applications installed by an end-user having local administrator privileges will not be recovered.
Servers
- Any host identified as a Server must be physically located in the server closet.
- COE servers must be located in a room locked by a key. Only the COE network managers and Deans are authorized to have access to the serverroom.
- Network equipment must be locatedin a room locked by a key. Only Network Services and the COE networkmanagers are authorized to have key access to the network closet.
- Keys to rooms housing COE IT Resources are managed by “THE PERSON IN CHARGE OF KEYS” (392-5555).
- Authentication, Authorization, and Audit Ability
Workstations
- All logins to workstations must be authenticated by a Global Catalog (GC) Server.
- Local logins are not authorized.
- Only authorized employees will be permitted access to email, file, and print services within the COE domain.
- The COE network managers are authorized to have privileged access to all COE workstations.
- Login records for all workstations must be maintained for at least 6 months.
Laptops
- Local logins will be permitted with prior approval.
- Unless approved, all logins to laptops must be authenticated by a Global Catalog Server.
- Login records for all workstations and servers must be maintained for at least 6 months.
- The COE network managers are authorized to have privileged access to all COE laptops.
Servers
- The COE network managers are authorized to have privileged access to all COE Servers.
- Login records for all workstations and servers must be maintained for at least 6 months.
- Access to the Exchange messaging server is restricted to IMAP (Macintosh) and MAPI (PC).
- The only supported clients will be Entourage (Macintosh), Outlook (PC),Outlook Web Access (web), and Outlook Mobile Access (PDA Devices).
- Host and Network Security
Workstations
- Current virus scanning software must run on all servers and workstations. Automatic updates and scanningoptions must be enabled at all times.
- All software installed on any COE workstation must be approved by the network managers.
Servers
- All test servers must be built in the COE private address space.
- Current virus scanning software must run on all servers andworkstations. Automatic updates and scanning options must be enabled.
- All software installed on any COE computer must be approved by the network managers.
- Only established connections from COE hosts are allowed to external networks. Access is allowed only to specified services, currently mail and web, on the server.COE/EDUCATION.ufl.edu and www.COE/EDUCATION.ufl.edu. Remote access to these servers is allowed only from the UF VPN.
User Training
- All users must read the UF Acceptable Use Policy before they are given access to any COE computer.
- All users must be instructed on password security before they are given access to any COE computer.
- All users must be warned about social engineering before they are given access to any COE computer.
- All COE user training should be repeated at least annually.