Rules For Placing Computer Systems on the More Secure Network

Required Before Moving To The More Secure Network

  1. Understand what devices are allowed to be connected to More Secure Network ports. Departments may attach only one computing device to each network port on the More Secure network. The network service where departments can pay an additional monthly charge (the uplink fee) to connect departmentally purchased hubs and switches to the network is not available on the More Secure network. Computing devices connected to the More Secure network can be a user workstation, a server, a printer, or some other specialized computing resource. Specifically prohibited is the use of any type of network sharing device. Departments may not connect routers, switches, hubs, wireless access points or computers configured with network sharing enabled to More Secure network ports.
  2. Full antivirus scan. (Free antivirus software for the Windows and MAC platforms is available for download at ITC's Software Central. Users
    not wishing to take advantage of this free software may purchase a product of their own choosing for their platforms.)
  3. User notification by LSP of More Secure Network Responsibilities both at work and home.
  4. Real time virus scanning enabled (Windows, Mac OS 8.1-9x, Mac OS X)
  5. Installation of all critical Windows updates (Microsoft)
  6. University-owned machines used by student employees secured like any staff or faculty machine on the More Secure Network.

Required After Moving To The More Secure Network

  1. Full weekly scan using antivirus software(Free antivirus software for the Windows and MAC platforms is available for download at ITC's Software Central. Users not wishing to take advantage of this free software may purchase a product of their own choosing for their platforms.)
  2. Daily check for automatic antivirus signature updates (This requirement may be met by using the free, properly configured antivirus software)
  3. Periodically check your More Secure network ports to ensure that your users have not connected hubs, switches, routers, or other network sharing devices to ports on the More Secure network.

Not Allowed

  1. Departmental Public Lab machines(Researchers are encouraged to move the machines in their labs to the more secure network.)
  2. Open network plug-in jacks (All jacks must be in non-publicly accessible locations.)
  3. Undergraduate or Graduate student-owned machines.
  4. Computer systems which interface with both the More Secure and the standard University network.
  5. Machines that are accessible when the owner is absent. (Machines on the more secure network must be in physically protected space.)

Recommendations - Departmental Decisions

  1. What antivirus software to use(Free antivirus software for the Windows and MAC platforms is available for download at ITC's Software Central.)
  2. Parameters for real time virus scanning
  3. Which non-critical Windows updates to install
  4. Utilization of ISS scans
  5. Putting a department's university-owned machine used by graduate students on the More Secure Network. Any such machines need to be centrally managed, using login authentication, etc.
  6. Allowing a student to VPN into the More Secure Network (If yes, then requires a Faculty Sponsor and the paperwork (to be provided - web form or paper) acknowledged by both student and their sponsor.)

While Not Formally Required, the Following Are Good Practices

  1. Full daily scans using antivirus software.
  2. Push management for antivirus signature updates.
  3. Assigning of computer names that help identify location/owner of machine.
  4. Keeping security patches current (Windows/Apple/Unix/Other.)
  5. Having System Administrators configure systems according to the standard best practices. (make this a link to a page of links)

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.