MINIMUM SECURITY STANDARDS

 

Software Patch Updates

University networked devices must run software that has security patches available. They also must have all currently available security patches installed. Exceptions may be made that compromise the usability of critical applications, such as research equipment. "Request for Exception" may be requested on the Minimum Standards for Networked Device Security Configurations. See University Desktop Compliance Matrix.

 

Anti-Virus Software

Anti-virus software (Free Anti-Virus Software) for any particular type of device currently listed on the University software distribution website must be running and up-to-date on every device connected to the University network. See University Desktop Compliance Matrix.

 

Host-Based Firewall Software

Host-based firewall software for any particular type of device currently listed on the University software distribution website must be running and configured according to the implementing guidelines on every device connected to the University network. While CaTS implements firewalls as part of the security strategy, those firewalls do not obviate the need for host-based firewalls. See University Desktop Compliance Matrix.

 

Spyware

Spyware or malware is any type of technology that collects and transmits information about a person or their browsing. Anti-spyware software for any particular type of device currently listed below on the University Desktop Compliance Matrix must be running and up-to-date on every device connected to the University network.

 

Passwords

University electronic communications systems or services must identify users and authorize access by means of passwords or other secure authentication processes.

All default passwords for access to network-accessible devices must be modified.

Passwords used by system administrators for their personal access to a service or device must not be the same as those used for privileged access to any service or device.

 

No Unencrypted Authentication

Unencrypted device authentication mechanisms are only as secure as the network upon which they are used. Traffic across the campus network may be surreptitiously monitored, rendering these authentication mechanisms vulnerable to compromise. Therefore, all campus devices must use only encrypted authentication mechanisms unless otherwise authorized.

In particular, historically insecure services such as Telnet, FTP, SNMP, POP, and IMAP must be replaced by their encrypted equivalents.

 

Physical Security

Unauthorized physical access to an unattended device can result in harmful or fraudulent modification of data, fraudulent e-mail use, or any number of other potentially dangerous situations. When reasonable and appropriate, devices must be configured to authenticate upon logon. When reasonable and appropriate, devices must be configured to "lock" and require a user to authenticate if left unattended for more than ten minutes. Laptops and PDA devices must be secured from unauthorized access.

 

Unnecessary Services

If a service is not necessary for the intended purpose or operation of the device will not be running.

 

University Desktop Compliance Matrix


Required Software Microsoft OS (Windows) Macintosh OS X UNIX - Solaris, SUSE, Red Hat
OS Updates X X X
Anti-virus X X X
Spyware/Malware X
Personal Firewall X X X
 

 

3640 Colonel Glenn Highway - Dayton, Ohio - 45435