Network Access Policy
THE ISSUE
The practice of allowing unqualified people to be responsible for installing and patching computer systems is a security vulnerability that repeatedly causes machines in the Engineering College to become infected and creates platforms for hackers to launch attacks. This practice is unacceptable in a networking environment such as ours and exposes the College to unnecessary and unacceptable liability.
Before a computer is attached to the network it must be assigned to a qualified administrator. This administrator will be responsible for that computer’s secure and virus free operation.
A qualified administrator is one who, in the least, accomplishes the following tasks:
- Installs the operating system and its other services without having it susceptible to security compromise, which also includes the time during the install phase.
- Installs and properly configures the anti-virus software, and auto updating/notification software of the operating system and its components.
- After install, uses appropriate tools to verify a secure and fully patched installation.
- Registers himself/herself with the appropriate security notification systems.
- Acts timely and accordingly to security and patch notifications.
A computer determined to be infected or security compromised will have its network access revoked. Depending on the situation, it may require only the network port or the entire switch, or the college’s entire network to be disabled. Such a computer poses a serious risk to the college, the university and the Internet.
Network access will remain revoked until a qualified administrator has verified the threat is removed. Depending on the situation this may require verification of all computers on the switch or port affected.
Infected or compromised computers must be removed from the network and have all disk partitions removed, and reformatted. The software must be installed by a qualified administrator and verified before it can be allowed on the network.
