Computer and Information Security at SPU
Protecting the network and its users from viruses and
malicious activity is an on-going process on the part
of both CIS and each user of the network. In today's highly
connected academic and business environments, security
affects us all. Regardless of whether you have vitally
important information on your computer or simply use the
network for recreation, there are resources and identities
that, if compromised, could pose harm to ourselves and
the university.
Effective security involves both sound technology and
human attention. Below are summary points for three major
areas of information security: core resources, personal
computers, and individual responsibility. More in depth
security resources are provided in the Security Education
section, tabbed above.
How To
Core Network Services and Servers
SPU has taken a number of specific measures to minimize
security risks to date, including keeping core servers
up-to-date with the latest security software, maintaining
firewalls at key locations within the network, and actively
monitoring systems and usage for abuse and/or malicious
behavior.
Desktop and Laptop Computers
Beyond the core hardware components of the university
network system, we require that all computers connecting
to the network be:
patched with current operating system updates;
running an active anti virus program; and
periodically scanning for and removing spyware.
For administrative and academic offices, these mandates
are enforced through Active Directory group policy;
for the residential (ResNet) and wireless networks, security requirements
are enforced by Cisco
Clean Access.
Individual Responsibilities and Good Habits
The following practices are essential to protect network
and computer resources:
Maintain Strong Password Controls - Many
of SPU's on-line network resources hold important,
sometimes confidential university or personal information.
It is imperative that these resources be accessed
in a way that carefully maintains information security.
University faculty, staff and students are encouraged
to become familiar with and to utilize appropriate
password controls, as discussed in our Security
Education section.
Avoid Shortcutting the Password Process - Microsoft
products "conveniently" ask if you want the computer
to remember your password. This information is then
encoded on the local computer and becomes vulnerable
to theft. Please avoid these shortcuts - keep your password
in only one location - your head!
No Third-Party Password Services - SPU expressly
prohibits the use of third-party username/password services.
There are a number of Web sites available that provide
username/password resolution. Their pitch goes something
like:"Too many passwords to remember? Tell us all of
them and we'll give you just one; then we'll do all
of your access for you." Such services represent a severe
compromise to network and information security. Under
no circumstances should you ever give anyone permission
to use or manage your SPU accounts and passwords.
Keep Your Passwords
Confidential - Under no circumstances should you
ever share your account passwords with anyone. If
you have resources that others need to access, CIS
can offer a variety of technical solutions that will
afford such access without compromising your account.
Similarly, CIS will never need to know the specifics
of your passwords. Do not offer such information under
any circumstances.
It is incumbent upon each SPU faculty, staff member,
and student to be mindful of potential security risks
and take appropriate steps to protect university resources
entrusted to them via electronic means.
Compromises in informational security (both validated
and suspected) should be immediately reported to the CIS HelpDesk.
Please note: Under no circumstances will
CIS staff ever ask for your password. Never give this
information out over the phone or in person. In the event
that CIS needs to access protected information, there
are ways we can do so that allow you to maintain password
confidentiality. You should never share your network password
with anyone, including CIS technical support staff.
