Resources
Laptop and Personal Computer Security Requirements
Purpose
Computer viruses, worms, and other attacks are an increasing threat to continuous operation of Department of Computer Science (CS) computers and networks. Several layers of security are currently used to provide protection. At the network perimeter, our firewall blocks many well-known target ports. Services subject to exploits (e.g., web and mail) are restricted to a minimal group of hardened, closely-monitored machines. Desktop machines in computer labs and office areas are protected through strict controls on software installation and regular application of security patches and antivirus updates (as appropriate). Note that antivirus updates are most commonly applied to Windows platforms, but they are relevant to other operating systems in some cases.The biggest threat comes from laptops and personal computers with occasional connections to CS networks. These machines can connect to the inside of our network, so the firewall provides limited protection. Further, these machines cannot easily be subjected to the same control procedures as department desktops. Therefore, registered owners and users of such laptops and other personal computers must take responsibility for their security by keeping security patch levels and antivirus software up-to-date.
Scope
This policy is intended primarily for laptop computers, but applies to any computer connecting to CS networks (wired and wireless).Exception: CS computer lab and other desktop machines maintained solely by Lab Staff, where administrative access is restricted.
CS Networks and DHCP
Laptops and other personal computers generally get IP addresses in Computer Science through Dynamic Host Configuration Protocol (DHCP).The key points of DHCP used in CS are:
- self-registration
-
- faculty and staff can register their own or guest machines [CS Main]
- registrations expire, can be renewed [CS Main]
-
- expire at end of each semester (Fall/Spring/Summer II)
- to renew, must certify that security is up-to-date
CS Main Networks
The CS Main Network is for faculty and staff machines that require connectivity equivalent to a departmental desktop. Machines registered at this level are on the main department network, so it is critical that security patches and anti-virus software are up-to-date. In other words, a machine not fully patched or with virus vulnerabilities that is placed on this network puts the entire department at risk for attack. It is available via wireless and most wired ports in CS.
Your Responsibilities
It is your responsibility to keep patches and antivirus software up-to-date. Failure to do so will result in loss of access privileges.You can do these updates yourself or schedule time with Lab Staff to help you.
If you want to do it yourself, here are some guidelines:
Windows patches
- set Automatic Updates policy so patches are applied automatically
- this may be set already for department-issued machines
- if not, set frequency to daily or weekly
- use Windows Updates
- install Critical Updates and Service Packs
- other updates (Windows and Driver Updates) - install only if correcting a specific problem; applying these inadvertently can have damaging side-effects
You may use any AntiVirus program you wish but in order for it to be effective, the software and/or virus signatures (identifiers) must be updated periodically. This often involves a subscription service with the vendor and configuration of the software to download the updates.
Sophos AntiVirus is provided free to UofA students, faculty, and staff and can be kept current automatically. See Sophos Anti-Virus Software.
Linux patches
see Patch Installation in Linux
Apple/Mac OS patches
These platforms have limited support and maintenance by Lab Staff.
See http://www.apple.com/support
Notes:
1) any time your machine is given to the Lab Staff (e.g., for maintenance), its security will be checked and appropriate action taken;
2) periodic security vulnerability scans may identify problems on your machine; you will be notified accordingly and are responsible for correcting those problems;
3) if vulnerability scans are blocked by your machine (e.g., by firewall software), you will be asked to bring it to the Lab Staff periodically for review.
Related Links
Acceptable Use of Computers and Networks at the University of ArizonaDepartment of Computer Science Appropriate Use Guidelines
Laptop & Wireless Security
Avoiding Viruses Using CS Facilities
DHCP Registration
Last updated May 7, 2010, by Tom Lowry
Send questions about this page to