CoS Network Usage Policies
The CoS computer technicians work hard to keep the College's network free from the all too prevalent viruses, worms and malicious traffic traveling across the Internet these days.To aid in this endeavor, the College has its own network firewall to both protect it from dangerous traffic on the University network and to protect the campus should one of our machines become infected.The College and University also provide computer applications such as anti-virus software to help minimize the vulnerability of College machines.
NCS also is responsible for making sure all the College servers have the latest patches installed on them. Many times, this requires us to reboot these systems, so in order to minimize disruption, we reserve the hours between 0500 and 0700 on Friday mornings as our maintenance window. We will try to alert users in advance to this work whenever possible.
Another step that's been taken by the College techs is development of a baseline computer configuration which incorporates these software packages with other computer optimization and security settings.In order to protect all computers on the network, this image is now installed on most new machines coming into the College.Using this baseline as a foundation for users to build upon ensures that all College computers have an essential level of protection installed on them and that they will work efficiently on our network. None of the applications installed in this configuration limit the user's freedom to configure their machines as they wish.In fact, in most cases it will result in a faster running machine since the network settings are optimized for the College's network.
Unfortunately, there are a number of machines on the College network which, for one reason or another, were not installed by a College technician and therefore, did not get this standard configuration applied.This poses a security risk not only to those specific machines, but also to the rest of the College.Machines that fall into this category include those purchased with grant money or other non-GF sources and have been installed and configured by the faculty member responsible for them.
Virus infections and other computer exploits are becoming increasingly widespread across the Internet. Symptoms of an infection may range from the annoying, such as pop-ups on the screen or a changed home page to the computer being rendered unusable. Many times the computer is used as part of a larger network of compromised machines used to send SPAM or malware to infect other machines. With these less malicious types of exploits, there is usually a good chance that the exploit can be removed from the machine without impacting the user's files.However, in some instances the machine could be exploited to such a degree that it cannot be “disinfected” and instead needs to be completely reformatted, erasing all the user's data in the process.
There are also exploits which try to infect as many computers as they can as quickly as possible, usually producing a massive increase in the amount of traffic on the network.The end result is extremely slow network or no network connectivity for everyone until the problem machine(s) are discovered and disconnected.
For these reasons, all machines that connect to the College network should be configured and installed by the appropriate College technician.They will configure the network parameters and install software applications that will ensure the machine gets updated when new patches or antivirus definitions come out. Having our entire network comply with these changes will not only minimize the College's exposure to malicious attacks, but will also allow easier management of the network, minimize the need for individuals to keep up with the latest security updates and result in faster resolution times when a problem does occur.
In a further effort to protect the integrity of the College network and to mitigate the risks and losses associated with security threats College Security Guidelines have been developed.
- All machines accessing the CoS network must be registered with NCS.This includes any device added to the network, whether temporarily or permanently.
- Laptops or other network devices previously connected to a non-SJSU network needing access to our network should be checked out in advance by a College technician.The technician should have ample notice and access to the machine to allow them to perform a virus scan, confirm that antivirus software and system patches are up to date and do a cursory security check before the machine connects to the College's network.The technician will also be able to make sure the machine's configuration will work at the specific location where the machine will be used.
- All machines connected to our network will be subjected to periodic security scanning and may be disconnected if they are found to be infected, vulnerable to exploits or improperly maintained.
- For security reasons, only Microsoft 7 or higher should be installed as the Microsoft OS on PCs. Macintoshes should be running OS 10.10 or higher. Machines running Linux, UNIX or other OSs should maintain currency with patches and updates.
- All user machines should be configured to have file sharing turned off, unless there is a specific need for them. If that is the case, care should be taken to only enable sharing of those files/services specifically needed.
- All College owned computers should have Sophos anti virus (AV) client software installed. Currently the University provides Sophos AV for all machines.
- All NCS managed machines should have IBM End Point Manager installed on them so new and applicable system updates can be automatically pushed out.
- Network access and file transfer applications should be replaced by more secure applications such as SSH, SFTP, SCOPY.This is especially critical for networked servers.
- For security both to the College and the University, the CoS has a firewall between its network and the rest of the University. Any requests for specific restrictions or allowances should be addressed to NCS.
- These guidelines are specific to the College of Science, but all network users are also responsible for adhering to the Campus and CSU Use Policies.