|
Audience: everyone, technical staff
Weight: required
Keywords: Physical security, network devices
POLICY
All reasonable steps must be taken to harden and maintain an appropriate level of security of any
device connecting directly to the University's networks.
DEFINITION
| Hardened Device |
A device whose configuration is being properly maintained as to be resistant to infection.
- Operating systems are hardened through the assertion of standards: configuration
settings, disabled ports, disabled services, disabled default administrator
access and up-to-date patches.
- Applications are hardened by accessing and maintaining correct configurations
and keeping patches up-to-date.
- Systems need to be physically secured.
- Operating systems (processor and storage) are hardened by protecting them
from vulnerabilities introduced by destructiv, intrusive and parasitic code.
|
| Devices |
Included but not limited to the following: desktops, servers, notebooks, PDAs, printers,
routers and switches. |
| Direct Connection |
Devices that attach directly to the University's network(s), not through an Internet
Service Provider (ISP). |
BACKGROUND
Once confined to servers, today all network-connected devices are targets for those wanting to
steal, damage or control computing resources. There continues to be an escalation of these
disruption activities (e.g. viruses, denial-of-service, data theft) across the computing environment.
Desktops, notebooks, PDAs, printer and switches are all susceptible to attack. However, a device
whose configuration is being properly maintained is resistant to infection and is referred to as
hardened or secure.
REVIEW/CHANGE HISTORY
| Date |
Name |
Description |
| 5/12/03 |
CSOC Policy Team |
First draft |
| 5/22/03 |
CSOC |
Reviewed and made minor modifications |
| 6/13/03 |
Rebecca Myer |
Sent to CIO for adoption |
Alleged violations of this policy or violation of other University policies in the course of
using the Computer System may result in an immediate loss of computing privileges and may also
result in the referral of the matter to the University Judicial System or other appropriate authority.
|
