University of Oregon Computing Center
Security Recommendations : All Banner Users
Operating System
Windows Systems
· Run Windows XP
· Follow the basic and additional security recommendations outlined at:
egon.edu/pc/basic.html
egon.edu/pc/additional.html
Macintosh Systems
· Run Macintosh OS 10.3
· Keep up-to-date with the latest patches
· Install Norton Antivirus; verify that Automatic Live Update and Auto-protect are enabled.
General recommendations
1. If running Windows, keep it up-to-date via the Windows Automatic Update
2. Keep your antivirus protection current
3. Run a software firewall (such as the commercial Zonelabs ZoneAlarm)
4. Run anti-spyware software (e.g., free Spybot Search and Destroy or the commercial Adaware
5. Do NOT use peer to peer applications, instant messaging, or other non-essential applications (such as online games)
6. Only use applications that encrypt your password when it is being transmitted, such as ssh or scp; do NOT use ftp -- it transfers your password in the clear.
7. Passwords:
o Pick a strong password (with a combination of upper and lower case letters, numbers, and special symbols), and change it often.
o Do not use the same password on multiple hosts.
o Never share your password with anyone.
8. Be sure your system is backed up, and treat your backups with the same care as the system itself.
9. Physically secure your system against theft. If a private office, keep your office door locked when you're not present.
Note: These recommendations should not be viewed as covering every possible scenario; they are general guidelines designed to improve your overall security, but your particular circumstances may require additional steps.
Remote Banner users
Hardware
· Should be a departmentally owned computer that is checked out to the user on loan. The department is responsible for tracking security patches and updates, and ensuring that they are applied to the computer in a timely manner. A laptop is recommended, if possible, for portability --- the user is more likely to bring it back to the department to have security patches and updates applied.
Use the Cisco VPN client to encrypt connections to and from campus.
· For INB, use the bannervpn connection entry.
· For other campus services, use the Darkwing connection entry to access the campus VPN.
Home Connectivity
· Connections should be via DSL/Cable Broadband Connection only (NOT modem or wireless).
Note: modem access is not recommended due to the critical time-to-download update considerations which make it virtually impossible to keep hosts current, and due to UO modem connections having a two-hour connection limit.
Co mmon s ense p ractices and p rocedures for remote Banner users
The computer should be a single user computer and it should not be used by other individuals at a residence --- not even on a casual basis. Note: This includes spouse or significant other, children, friends, and visiting relatives.
The computer should be for work-related use ONLY, and it should be password protected. There should be no personal/recreational use. Note: This includes p eer to peer /distributed file sharing , n o games , n o personal/recreational web surfing , n o personal/recreational messaging
And, finally …
Once a computer has been reclaimed by the department for reuse, the hard disk should be reformatted and the operating system/applications reinstalled from the original media or from a clean ghost image. The computer should be updated and secured prior to issuing it to another user.