Every department computer should have an individual assigned as responsible for that computer's security and compliance with policies. Final responsibility for a particular computer lies with the PI or staff member on whose inventory the machine is assigned. Security checklists and methods of accomplishing various tasks are given on the web pages of the CIO and the Department of Crop Sciences tech support group. Any internet connection must be approved by the Manager of System Services.

Password Policies

       Password policies and suggestions can be found at http://www.cites.uiuc.edu/passwords

       Password requirements include an eight character and number minimum which must change to a different password at least once per year. Campus netid passwords will require at least 8 letters and/or numbers, and a capitalization and/or a punctuation character.

        You should enable a screensaver that comes on after 10 or 15 minutes on your computer with a password that prevents others from using your computer should it be left logged on and unused. That way your computer is secured while on when you walk away from it or leave it on overnight.

Policies on Secure Computer Preferences

        File and Print Sharing: It is important to disable file and printer sharing on computers where this function is not needed. By doing so, others are prevented from seeing files they shouldn't on the computer. When sharing is enabled, it is important to specify the person or group that will have access, and the level of access. Open file sharing is prohibited. The use of firewall software is encouraged and can be used in conjunction with file sharing to limit sharing to the Crop Sciences subnet (see for example the exceptions in the Windows XP Firewall settings or those under Mac OS/X).

        Local Security Policies: Users of Windows 2000 or Windows XP need to set Local Security Policies on your computer. Similar functionality is required of other Operating Systems in use. Logon’s should be required on all computers and for Microsoft OS, Unselect "Disable CTRL + ALT + DEL requirement" should be set for logon.

        Eudora security settings: Microsoft Outlook and Qualcomm Eudora default settings are not secure and should be adjusted appropriately. Turn off any automatic opening of enclosures and executable html enclosures.

        Remote desktop sharing and remote access should be disabled.

Safe Computer Use

        Use common sense when it comes to opening e-mail attachments, even from people you know. Know which extensions are really dangerous (such as .exe, .vbs, .com, .bat, .pif, .scr, .hta, .reg). Even .zip files have to be suspect as the compressed files could be infected and many current viruses are being sent this way.

Antivirus Software

For all computers other than non-networked, dedicated, data collection devices, virus detection software is required:

        Use suitable anti-virus software such as McAfee VirusScan,Virex,or Norton AV

        Regularly update your software for antivirus definitions. McAfee and Norton should be set to automatically update your computer. Consider using anti-spyware software such as Ad-Aware Personal and Professional Edition (www.lavasoft.de) and SpyBot Search and Destroy (www.safer-networking.org). Ad-Aware Professional includes Ad-Watch to block spyware and is available for free under a campus site license and can be downloaded from http://webstore.cites.uiuc.edu.

        Computers infected with viruses or otherwise disrupting network services will be disconnected from the Internet.

        There is a charge for virus or spyware/malware removal (eg. Bonzi Buddy, WHAgent, Gator),

Operating System Updates

        Operating systems must be updated for any security patches as they are released.

        Users should enable automatic updating features for Macintosh, Linux/Unix, and Windows Operating systems whenever possible.

Software Updates

        Software must be patched as soon as possible when security holes are discovered in that given software package.

Personally Owned Computers

        Personally owned computers can be given access to the department network given adherence to campus and department policies. There is a $35 charge for initial setup and verification of critical updates and anti-virus software.

Fixed IP Number or DHCP Assignment

    Fixed  IP numbers or DHCP (automatic) reservations are assigned by the Manager of System Services for use by specific computers. All computers must be authorized before they can be connected to the department internet.

Software Licenses

Each user is responsible for appropriate software licenses and their own backups

        see list of common software and sample licensing information: http://www.cropsci.uiuc.edu/csmyth/documents/licensing.html

Server Information

        Servers or computers providing server level functions (such as a personal webserver or ftp server) must be approved by and demonstrated to be secure to the department network administrator. The configuration and services provided must be approved by the administrator and such services can not conflict with existing services provided by department level machines. Further, the department network administrator will have appropriate access to verify compliance. The user is expected to keep informed of relevant security issues.

        There is a charge for server monitoring and maintenance.

Unapproved Software Programs

        The use of software packages (P2P -- Peer to Peer) that upload copyrighted material such as software or music, or share out the use of computer processor cycles that is not part of a verifiable University research project, is prohibited (e.g. Morpheus, Kazaa, Napster, Bittorrent (for copywritten material), BearShare, LimeWire, Shareaza).

Please report any bugs and send all questions/suggestions to the Webmaster