These policies are in addition to all campus and University level computer use and computer security policies as noted by the Chief Information Officer (http://www.cio.uiuc.edu/policies.html). Campus policy makes computer security the responsibility of each user.

Every department computer should have an individual assigned as responsible for that computer's security and compliance with policies. Final responsibility for a particular computer lies with the faculty or staff member on whose inventory the machine is assigned.

Password Policies

• All computers should require users to authenticate with individual usernames and passwords. If a professor or PI determines that a shared login is needed for a particular computer, that person must be familiar with computer security best practices, and will be considered responsible for any security breaches that occur while the shared login is being used.
• Password policies and suggestions can be found at http://www.cites.uiuc.edu/passwords
• Passwords must consist of at least 8 characters. Passwords must use upper-case letters, lower-case letters, and numbers and/or punctuation characters.
• Users should lock their screens or log off whenever they leave their computers unattended. Users should enable a password-protected screen saver which will turn on after 15 minutes of inactivity in case they unexpectedly leave their computers unattended.
• Users must not leave written copies of their passwords near their computers, and should not write down their account name or other identifying information on the same piece of paper as a password. Password Vault is freely available via site license for Windows and Mac OS X users, and is a more secure method of recording passwords.

Policies on Secure Computer Preferences

File and Print Sharing:

• File and printer sharing should be disabled on computers where this function is not needed.
• When sharing is enabled, it must be limited to specific users or groups of users, with the appropriate level of access for each.

Remote desktop sharing and remote access should be disabled if not used.

Safe Computer Use

• Users should be familiar with basic principles of safe computer use. A good resource for learning more about these principles is CITES' security web page at http://www.cites.uiuc.edu/security/.
• Users should not open e-mail attachments from senders they do not know. Even when the sender is familiar, users should avoid opening attachments with dangerous extensions such as .exe, .vbs, .com, .bat, .pif, .scr, .hta, .reg unless they are absolutely certain that the file is legitimate. Most users will never have occasion to receive a file with any of those extensions in email. Users should also exercise caution when opening .zip files, as the compressed files could be infected and many current viruses are being sent this way. When in doubt, a phone call or email to the sender of the attachment to make sure that they are sending a legitimate file is appropriate.

Antivirus Software

For all computers other than non-networked, dedicated, data collection devices, virus detection software is required. Antivirus software must be configured to automatically update virus definitions. McAfee Virus Scan for Windows and Mac OS X is freely available to UIUC students, faculty, and staff via site license.

Computers infected with viruses or otherwise disrupting network services will be disconnected from the Internet and the faculty/staff member will be charged a fee to correct the problem.

Operating System Updates

Operating systems must be updated for any security patches as they are released.

Users should enable automatic updating features for Macintosh, Linux/Unix, and Windows Operating systems whenever possible.

Software Updates

Software must be patched as soon as possible when security holes are discovered in it. Many common packages such as Microsoft Office, Adobe Acrobat, and Mozilla Firefox have automatic updating features. These should be enabled whenever possible.

University Owned Computers

A fee of $100 will be charged for the connection of a new computer to the department's network. This fee will cover ensuring that the operating system is up to date and that antivirus software is installed and up to date, as well as the assignment of an IP address and the activation of a network jack. New University-owned computers running Windows must be using a version designed for use in a networked environment; Home editions of Windows XP and Vista are not adequate. New Windows computers will be required to be added to Active Directory. New Apple computers may be added to Active Directory at the user's request.

Personally Owned Computers

Personally-owned computers will incur the same charge as University computers to be connected to the department’s network. Personally-owned computers may be running a Home edition of the operating system and will not be required to be on Active Directory, although they may be added at the user's request.

IP or DHCP Assignment

IP numbers or DHCP reservations are assigned by the Instructional Design and Technology Group for use by specific computers. All computers must be authorized before they can be connected to the department internet.

Network Jack Assignment

Network jack will be assigned by the Instructional Design and Technology Group. If a computer needs to be moved, a work request must be submitted prior to the computer being connected to the new jack. Users will not be charged for computer moves.

---

Other Computer Policies

Software Licenses

Each user is responsible for appropriate software licenses and their own backups.

Server Information

Servers or computers providing server functions (such as a personal web server or ftp server) must be approved by, and demonstrated to be secure to, the department network administrator. The configuration and services provided must be approved by the administrator and such services can not conflict with existing services provided by departmental servers.

Unapproved Software Programs

The use of peer-to-peer (P2P) software that uploads copyrighted material such as software or music is prohibited. Distributed computing software that shares out the use of computer processor cycles is prohibited unless it is part of a verifiable University research project.