__________________________________________________________________________________________________________________ Campus Administrative Policy Statement Title: Computer Security and Windows Updates Source: Information Technology Policy Committee Prepared by: Assistant Vice Chancellor for Computing, Information, & Network Services Approved by: Mark A. Heckler Vice Chancellor for Academic and Student Affairs Effective Date: November 12, 2004 Replaces: October 22, 2003 ______________________________________________________________________ A. Introduction Major attacks from computer viruses, computer worms, and hackers are becoming more commonplace and the time between the announcement of vulnerability and the execution of an exploit is decreasing rapidly. These attacks cause the expenditure of an enormous amount of time, labor, and other campus resources to repair infected computers and to reestablish network connections. This policy is intended to help preserve campus network operation and security by mitigating the harmful effects of cyber attacks on the campus community and network. This policy will allow Computing, Information and Network Services (CINS) to implement specific preventative measures for personal computers in order to accomplish this goal. B. Policy Statement 1. All users of computers connected to the campus network are responsible for establishing and maintaining the security of their computers. This requires that all computer users ensure that appropriate and current Microsoft software service packs and critical software updates are installed on their computers. 2. Any computer that adversely affects or threatens campus network security will be denied network access until such time as the computer is no longer a threat to the network. Computers that do not contain properly installed and current security patches and updates will be quarantined from the network, and computers that are infected with a virus or worm will be disconnected from the network. C. Definitions 1 Quarantining a computer denies the computer access to the Internet, but the user still can perform internal network functions including email (via a CUDENVER domain email service), internal telnet and ftp, network printing, and campus server access. All local applications are still available to the user, e.g. word processing, spreadsheet, local printing, etc. 2 Disconnecting a computer removes the computer from the campus network at the port level. The user cannot perform any task that requires the internal or external network, including Internet access, internal or external telnet and ftp, email, campus server access network printing, etc. All local applications are still available to the user, e.g. word processing, spreadsheet, local printing, etc. D. Procedures 1. All University departments, units, or individuals are required to select from the following two options to ensure that their computers are maintained in a secure state. a. Option 1: Join the CUDENVER or STUDENTS domains to ensure timely update of Microsoft service packs and operating system patches automatically from Computing, Information, & Network Services (CINS). b. Option 2: Join the CUDENVER or STUDENTS domains and designate a certified Department Network Assistant (DNA) to manually apply all Microsoft service packs and operating system patches. CINS provides a network connection and assistance/training for the DNA. 2. All centralized operating system updates will be performed within the CUDENVER domain by CINS.