UVa Security Policy Implementation

University of Virginia policy requires that individuals responsible for devices connected to the University network ensure key security vulnerabilities are eliminated from those devices. Information is provided here on the most critical vulnerabilities that must be addressed. Those responsible for network-connected devices are admonished, in addition, to follow the additional best practices and suggestions provided. The information posted at this site will change over time as new threats and risks surface. Device owners/overseers are responsible for staying apprised of changes to this list and acting promptly to address any new security gaps defined.

How to Secure Your System

Community Security Baseline
SANS Institute List of most critical security vulnerabilities
Guide to security policy for network-connected devices
Frequently asked questions document about the policy
Information on hardware and software firewalls

ITC Security Services

ITC has licensed several security applications for use by the University community, including Norton AntiVirus, SecureCRT, SecureFX, and Secure Shell (SSH) version 2. Information is available about PGP freeware for encryption.
UVa Security Scanning
ITC Windows and Unix server administration contracts
Virus alerts and hot topics
Departmental Computing Support (DCS) services (technology planning, LSP and LSA programs, Desktop Computing Initiative)

Enforcement and Compliance

In cases where University network resources and privileges are threatened by improperly maintained computing devices, ITC and HSCS may act on behalf of the University to eliminate the threat by working with the relevant device owner or overseer to quickly close security holes. In circumstances where these collaborative efforts fail, or there is an urgent situation requiring immediate action and leaving no time for collaboration, the device may be disconnected from the network. Reference the procedure for revoking network access of connected equipment for more specific information.
Department compliance with the UVa Security Policy will be verified by the UVa Audit Department as part of routine department audits. The Audit Department will not verify compliance of student computers

Help

Help Desk (434-924-3731)
Help Request Form

About

ITC Services Directory • Contact Info • Feedback Form • Site Info
Page Updated: 2008-05-20 • © 2008 by the Rector and Visitors of the University of Virginia

Standards & Policy

Disclaimer
P3P Privacy Policy
Accessibility: WAI • 508
Web Standards: XHTML • CSS

University of Virginia

Information Technology and Communication

108 Cresap Road

P.O. Box 400217

Charlottesville, Virginia, 22904-4217 USA

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.