DeSC Security Policy
|Policy Title||DeSC Security Policy for Standard Environments|
|Responsible Executive||Vice President for Information Technology and CIO Jay Dominick|
|Responsible Office||Office of Information Technology, Support Services|
|Endorsed by||Desktop Systems Council Committee|
|Contact||Charlayne Beavers; (609) 258-6034|
|Effective Date||July 1, 2005|
|Last Update||October 27, 2010|
I. Policy Statement
The Desktop Systems Council Committee oversees the use and maintenance of computers participating in the managed environments that make up the DeSC Program. The scope of the Council’s activities is to advise the university on standards for the managed computing platforms for institutionally owned computers. The DeSC Council also reviews security policies and practices for DeSC machines.
Customer Passwords - Domain user passwords will be managed by the University's password maintenance application and will meet the University's standard for password strength.
Administrator Passwords - Departmental administrator passwords will be changed quarterly. Passwords changes will be done remotely by central administrators. The new password will be made available to authorized departmental DeSC administrators.
Malware Protection - OIT will confirm the McAfee VirusScan auto-protection is enabled across all DeSC machines on a regular basis. If necessary, the auto-protection will be re-enabled.
Critical Software Security Patches - Security patches and hotfixes for the Microsoft operating systems, applications and Internet Explorer web browser will be tested and distributed to DeSC machines via WindowSoftware Update Services (WSUS) server. The image will be updated with the software after it has been distributed.
Virtual Machines (VM) - DeSC computers are not authorized to run inside a Virtual Machine.
TSM Backup– DeSC computers must be backed up via OIT’s network-based backup service, TSM.
See OIT Knowlegebase article http://helpdesk.princeton.edu/kb/9928 for information about choosing a password that is both safe and easy to remember.
A local administrator passphrase is established for each department. The administrator passphrase is the same for all the DeSC machines in a department. Only authorized departmental DeSC local administrators are expected to access departmental DeSC machines with these “administrator” privileges. The purpose of administrator access is to:
(a) Install “optional” or departmentally supported software applications.
(b) Troubleshoot technical problems on the workstation.
The DeSC local administrator account passphrase will be changed on a quarterly basis.
The Desktop Systems Council prohibits disclosing the local administrator password to anyone other than authorized departmental DeSC administrators or granting administrative rights to any other user’s account.
SCAD/DCS members are authorized DeSC administrators for the department by which they are employed. A department which does not employ a SCAD or DCS member or which employs technical staff members working under the direct supervision of a SCAD/DCS member may request authorization from DeSC (firstname.lastname@example.org) for the staff member. Such requests will be considered on a case-by-case basis. In general, factors that will be considered by DeSC include relevant system administration experience, technical skills as demonstrated by Microsoft Desktop Support certification.
All DeSC computers are protected by McAfee VirusScan software. This anti-virus software is part of the core software set. The Princeton configuration for current virus definition files has been set to a Princeton centrally-managed server. DeSC machines automatically poll a local server for new “virus protection definitions” every six (6) hours.
One of the services provided by the central administration of the DeSC computers is the delivery of Microsoft operating system level and Internet Explorer browser security patches. Security patches to fix reported security holes in the Microsoft software are released quite frequently. The software is tested centrally and approved critical patches are deployed to DeSC machines using the Windows Software Update Services (WSUS) server within three business days.
The Council does not authorize DeSC machines to run inside a Virtual Machine. Departments may run VMs on DeSC machines.
All DeSC machines must have a TSM node on the TSM server and during setup the DeSC Setup Script must be run on all DeSC computers.
There is no content for this section.
IV. Who is Affected by this Policy
All Princeton University faculty and staff are expected to comply with policies governing University owned computers in a managed environment.
There is no content for this section.