CoS Network Usage Policy
The CoS computer technicians, whether they be departmental techs or members of Network and Computing Services (NCS), work hard to keep the College’s network free from the all too prevalent viruses, worms and malicious traffic traveling across the Internet these days. To aid in this endeavor, the College has its own network firewall to both protect it from dangerous traffic on the University network and to protect the campus should one of our machines become infected. The College and University also provide computer applications such as anti-virus software to help minimize the vulnerability of College machines.
Another step that’s been taken by the College techs is development of a baseline computer configuration which incorporates these software packages with other computer optimization and security settings.In order to protect all computers on the network, this image is now installed on most new machines coming into the College. Using this baseline as a foundation for users to build upon ensures that all College computers have an essential level of protection installed on them and that they will work efficiently on our network. None of the applications installed in this configuration limit the user’s freedom to configure their machines as they wish. In fact, in most cases it will result in a faster running machine since the network settings are optimized for the College’s network.
Unfortunately, there are a number of machines on the College network which, for one reason or another, were not installed by a College technician and therefore, did not get this standard configuration applied. This poses a security risk not only to those specific machines, but also to the rest of the College. Machines that fall into this category include those individual's laptops or machines purchased with grant money or other non-GF sources and have been installed and configured by someone other than a College tech.
Virus infections and other computer exploits are becoming increasingly widespread across the Internet. Symptoms of an infection may range from the annoying, such as pop-ups on the screen or a changed home page to the computer being rendered unusable. Many times the computer is used as part of a larger network of compromised machines used to send SPAM or to infect other machines. With these less malicious types of exploits, there is usually a good chance that the exploit can be removed from the machine without impacting the user’s files. However, in some instances the machine could be infected to such a degree that it cannot be “disinfected” and instead needs to be completely reformatted, erasing all the user’s data in the process.
There are also exploits which try to infect as many computers as they can as quickly as possible, usually producing a massive increase in the amount of traffic on the network. The end result is extremely slow network or no network connectivity for everyone until the problem machine(s) are discovered and disconnected.
For these reasons, all machines that connect to the College network should be configured and installed by the appropriate College technician who will configure the network parameters and install software applications that will ensure the machine gets updated when new patches or antivirus definitions come out. Having our entire network comply with these changes will not only minimize the College’s exposure to malicious attacks, but will also allow easier management of the network, minimize the need for individuals to keep up with the latest security updates and result in faster resolution times when a problem does occur.
In a further effort to protect the integrity of the College network and to mitigate the risks and losses associated with security threats College Security Guidelines have been developed.
- All machines or devices accessing the CoS network must be registered with NCS or the department’s computer technician. This includes any device added to the network, whether temporarily or permanently.
- Laptops or other network devices previously connected to a non-SJSU network and need access to our network should be checked out in advance by a College technician. The technician should have ample notice and access to the machine to allow them to perform a virus scan, confirm that antivirus software and system patches are up to date and do a cursory security check before the machine connects to the College’s network. The technician will also be able to make sure the machine’s configuration will work at the specific location where the machine will be used.
- All machines connected to our network will be subjected to periodic security scanning and may be disconnected if they are found to be infected, vulnerable to exploits or improperly maintained.
- For security reasons, only Microsoft XP or higher should be installed as the Microsoft OS on PCs. Macintoshes should be running OS 10.4 or higher. Machines running Linux, UNIX or other OSs should maintain currency with patches and updates.
- All user machines should be configured to have file sharing turned off, unless there is a specific need for this service. If that is the case, care should be taken to only enable sharing of those files/services specifically needed.
- All College owned computers should have anti-virus (AV) client software installed and configured so it is managed by one of the campus’s AV servers. Currently the University provides Sophos for Windows, Mac and Linux machines.
- Network access and file transfer applications should be replaced by more secure applications such as SSH, SFTP, SCOPY. This is especially critical for networked servers.
- For security both to the College and the University, the CoS has a firewall between its network and the rest of the University. Any requests for specific restrictions or allowances should be addressed to NCS.
- These guidelines are specific to the College of Science, but all network users are also responsible for adhering to the Campus and CSU Use Policies:
(Last updated October 2010)