|
Keywords: authentication, password, directory
Audience: technical staff
Weight: required
POLICY
SU networked computing resources must be configured in a manner that requires users to authenticate their identity
against a centralized ITS-approved directory in order to gain access.
DEFINITION
| Authenticate |
The act of verifying the identity of an individual, generally through a combination of methods
like a user id/password login, token verification, and/or biometrics. |
| SU Networked Computing Resource |
Private, networked SU computing resources (i.e., PCs, network printers, file storage) |
| ITS-Approved Directory |
Directory of authentication information that is either centrally managed or approved by ITS.
Such as the Enterprise Directory, the SUNIX directory, the FAST/SSO directory, the NDS .syr.edu tree. |
BACKGROUND ISSUES
- Resources (e.g. a Cyber cafe PC) can be setup on campus that allow unauthenticated access to Syracuse
University's computer network and the Internet. Unauthenticated access to the University network gives the
user an inroad to hacking and the potential to cause damage to the network with no way to identify the user.
Unauthenticated access to the Internet gives the user the ability to send e-mails and viruses from a Syracuse
University IP address. The University could be held accountable for any associated damage, again, with out
any way to identify the user responsible.
- Requiring users to authenticate prior to obtaining access to a computing resource also provides the audit
trail necessary should the need to trace suspicious activity arise.
EXCEPTION(S)
- If a system or application cannot be configured in such a manner then some type of compensating control must be instituted. The control needs to be approved by Syracuse University's security officer.
- Web users, users accessing general SU web pages, are not held by this policy. General SU web pages (e.g. www.syr.edu) are not considered to be an SU networked computing resource for the sake of this policy.
- Exceptions may be considered if policy conflicts with Federal, State or Local law or jeopardizes national University accreditation standards. Library connections are an example.
RELATED POLICIES
REVIEW/CHANGE HISTORY
| Date |
Name |
Description |
| 10/12/03 |
Rebecca Myer |
Final copy to CIO |
| 3/4/02 - 9/5/02 |
Editorial Group:
Security Policy Team
Jenny Gluck, CMS Director |
First Drafts |
Alleged violations of this policy or violation of other University policies in the course of using the Computer System may result in an immediate loss of computing privileges and may also result in the referral of the matter to the University Judicial System or other appropriate authority.
|
