• 
• 
• 
• 

• 
• 
• 
• 
• 
• 
• 
• 

• Resources
• Academic Resources
• Jobs & Announcements
• Policies
• Computing
• Facilities
• On-Line Services
• Help Pages
• Knowledgebase
• Clubs
• ACM Student Chapter
• Women in Computer Science

Resources

Laptop and Personal Computer Security Requirements

Purpose

Computer viruses, worms, and other attacks are an increasing threat to continuous operation of Department of Computer Science (CS) computers and networks. Several layers of security are currently used to provide protection. At the network perimeter, our firewall blocks many well-known target ports. Services subject to exploits (e.g., web and mail) are restricted to a minimal group of hardened, closely-monitored machines. Desktop machines in computer labs and office areas are protected through strict controls on software installation and regular application of security patches and antivirus updates (as appropriate). Note that antivirus updates are most commonly applied to Windows platforms, but they are relevant to other operating systems in some cases.

The biggest threat comes from laptops and personal computers with occasional connections to CS networks. These machines can connect to the inside of our network, so the firewall provides limited protection. Further, these machines cannot easily be subjected to the same control procedures as department desktops. Therefore, registered owners and users of such laptops and other personal computers must take responsibility for their security by keeping security patch levels and antivirus software up-to-date.

Scope

This policy is intended primarily for laptop computers, but applies to any computer connecting to CS networks. These networks include both wired and wireless, although laptops most often use wireless.
Exception: CS computer lab and other desktop machines maintained solely by Lab Staff, where administrative access is restricted.

CS Networks and DHCP

Laptops and other personal computers generally get IP addresses in Computer Science through Dynamic Host Configuration Protocol (DHCP).

The key points of DHCP used in CS are:

• two networks
• • two separate networks available: one for students/faculty/staff; one for faculty/staff only
• self-registration
• • faculty and staff can register their own or guest machines [CS Main, UAWireless ]
  • students can register their own machines [UAWireless]
• registrations expire, can be renewed [CS Main]
• • expire at end of each semester (Fall/Spring/Summer II)
  • to renew, must certify that security is up-to-date

Two Networks

CCIT's UAWireless is recommended for all laptops as it available across a large section of campus and provides full Internet connectivity. IP addresses are provided by CCIT's DHCP server which requires MAC address registration. Students can register MAC addresses via Student Link; faculty and staff via http://dhcp.arizona.edu . This network is separate from the CS network and so provides an extra layer of security to departmental machines. It is available via wireless and wired ports in GS-737 (Commons Room) and GS-805 (Conference Room).

The CS Main Network is for faculty and staff machines that require connectivity equivalent to a departmental desktop. Machines registered at this level are on the main department network, so it is critical that security patches and anti-virus software are up-to-date. In other words, a machine not fully patched or with virus vulnerabilities that is placed on this network puts the entire department at risk for attack. It is available via wireless and most wired ports in CS.

Your Responsibilities

It is your responsibility to keep patches and antivirus software up-to-date. Failure to do so will result in loss of access privileges.

You can do these updates yourself or schedule time with Lab Staff to help you.
If you want to do it yourself, here are some guidelines:

Windows patches

• see Patch Installation in Windows

• set Automatic Updates policy so patches are applied automatically
  • this may be set already for department-issued machines
  • if not, set frequency to daily or weekly

• use Windows Updates
  • install Critical Updates and Service Packs
  • other updates (Windows and Driver Updates) - install only if correcting a specific problem; applying these inadvertently can have damaging side-effects

Windows AntiVirus
You may use any AntiVirus program you wish but in order for it to be effective, the software and/or virus signatures (identifiers) must be updated periodically. This often involves a subscription service with the vendor and configuration of the software to download the updates.

Sophos AntiVirus is provided free to UofA students, faculty, and staff and can be kept current automatically. See Sophos Anti-Virus Software.

Linux patches
see Patch Installation in Linux

Apple/Mac OS patches
These platforms have limited support and maintenance by Lab Staff.
See http://www.apple.com/support

Notes:
1) any time your machine is given to the Lab Staff (e.g., for maintenance), its security will be checked and appropriate action taken;
2) periodic security vulnerability scans may identify problems on your machine; you will be notified accordingly and are responsible for correcting those problems;
3) if vulnerability scans are blocked by your machine (e.g., by firewall software), you will be asked to bring it to the Lab Staff periodically for review.

Related Links

Acceptable Use of Computers and Networks at the University of Arizona
Department of Computer Science Appropriate Use Guidelines
Laptop & Wireless Security
Avoiding Viruses Using CS Facilities
DHCP Registration

Last updated Monday, 07-Jan-2008 09:32:28 MST, by Tom Lowry
Send questions about this page to