Skip over navigation

DeSC Security Policy

 Policy Title DeSC Security Policy for Standard Environments
 Responsible Executive Vice President for Information Technology and CIO Jay Dominick
 Responsible Office Office of Information Technology, Support Services
 Endorsed by Desktop Systems Council Committee
 Contact Charlayne Beavers; (609) 258-6034 
 Effective Date July 1, 2005
 Last Update October 27, 2010

   

I.     Policy Statement


The Desktop Systems Council Committee oversees the use and maintenance of computers participating in the managed environments that make up the DeSC Program. The scope of the Council’s activities is to advise the university on standards for the managed computing platforms for institutionally owned computers. The DeSC Council also reviews security policies and practices for DeSC machines.

II.    Policy


Summary
Customer Passwords
Administrator Passwords
Malware Protection
Critical Software Security Patches
Virtual Machines (VM)
TSM Backup


Summary

  1. Customer Passwords - Domain user passwords will be managed by the University's password maintenance application and will meet the University's standard for password strength.

  2. Administrator Passwords - Departmental administrator passwords will be changed quarterly. Passwords changes will be done remotely by central administrators. The new password will be made available to authorized departmental DeSC administrators.

  3. Malware Protection - OIT will confirm the McAfee VirusScan auto-protection is enabled across all DeSC machines on a regular basis. If necessary, the auto-protection will be re-enabled.

  4. Critical Software Security Patches - Security patches and hotfixes for the Microsoft operating systems, applications and Internet Explorer web browser will be tested and distributed to DeSC machines via WindowSoftware Update Services (WSUS) server. The image will be updated with the software after it has been distributed.

  5. Virtual Machines (VM) - DeSC computers are not authorized to run inside a Virtual Machine.

  6. TSM Backup– DeSC computers must be backed up via OIT’s network-based backup service, TSM. 

Customer Passwords

See OIT Knowlegebase article http://helpdesk.princeton.edu/kb/9928 for information about choosing a password that is both safe and easy to remember.  
    

Administrator Passwords

A local administrator passphrase is established for each department. The administrator passphrase is the same for all the DeSC machines in a department. Only authorized departmental DeSC local administrators are expected to access departmental DeSC machines with these “administrator” privileges. The purpose of administrator access is to:

(a)  Install “optional” or departmentally supported software applications.

(b)  Troubleshoot technical problems on the workstation.

  1. The DeSC local administrator account passphrase will be changed on a quarterly basis.

  2. The Desktop Systems Council prohibits disclosing the local administrator password to anyone other than authorized departmental DeSC administrators or granting administrative rights to any other user’s account.

  3. SCAD/DCS members are authorized DeSC administrators for the department by which they are employed. A department which does not employ a SCAD or DCS member or which employs technical staff members working under the direct supervision of a SCAD/DCS member may request authorization from DeSC  (desc@princeton.edu) for the staff member. Such requests will be considered on a case-by-case basis. In general, factors that will be considered by DeSC include relevant system administration experience, technical skills as demonstrated by Microsoft Desktop Support certification.
        

Malware Protection

All DeSC computers are protected by McAfee VirusScan software. This anti-virus software is part of the core software set. The Princeton configuration for current virus definition files has been set to a Princeton centrally-managed server. DeSC machines automatically poll a local server for new “virus protection definitions” every six (6) hours.
    

Critical Software Security Patches

One of the services provided by the central administration of the DeSC computers is the delivery of Microsoft operating system level and Internet Explorer browser security patches. Security patches to fix reported security holes in the Microsoft software are released quite frequently. The software is tested centrally and approved critical patches are deployed to DeSC machines using the Windows Software Update Services (WSUS) server within three business days.
    

Virtual Machines (VM)

The Council does not authorize DeSC machines to run inside a Virtual Machine.  Departments may run VMs on DeSC machines.
    

TSM Backup

All DeSC machines must have a TSM node on the TSM server and during setup the DeSC Setup Script must be run on all DeSC computers.
    

III.   Procedures


There is no content for this section.

  

IV.   Who is Affected by this Policy


All Princeton University faculty and staff are expected to comply with policies governing University owned computers in a managed environment.
    

V.    Definitions


There is no content for this section.

 

VI.   Related Policies


University Information Technology Policy

University Information Security Policy

 

VII.  Update Log


July 1, 2005:  Policy issued.

October 27, 2010:  Policy updated.