Information Systems Network Security Standards

Compliance with UCSD Minimum Network Security Requirements

Administrative Computing and Telecommunications Policy Committee (ACTPC) Security Subcommittee has developed security standards for any device connected to the UCSD network (including Healthcare). The deadline for meeting these requirements is December 31, 2004. A summary list of the requirements is given below. A more detailed description, as well as instructions and resources to aid in compliance, can be found at http://blink.ucsd.edu/go/networkstandards.

Minimum Required Standards Summarized

1. Software security patches must be applied in a timely fashion.
2. Anti-virus software must be installed, running, and kept up to date.
3. Unnecessary services must be turned off or disabled.
4. Host-based firewall software must be installed and running.
5. Electronic communication services must have a suitable process for restricting access (complex passwords, biometrics, smart cards).
6. Minimize unencrypted authentication.
7. No unauthenticated email relays.
8. No uncontrolled access to proxy services.
9. Devices must be configured to "lock" and require a user to re-authenticate if left unattended for more than 20 minutes.

While not all of the listed requirements will be applicable to every device, items 1-5 and 9 will apply to virtually all user workstations. Tips and recommendations for several of the requirements are provided below.

Security Patches
Windows XP, 2000 and Mac Os X can be configured to obtain operating system patches automatically. If your operating system does not support this feature or is not configured to perform automatic updates, then this operation must be performed manually at regular intervals.

Anti-Virus Software
Sophos anti-virus software can be downloaded free of charge for installation on your office and home workstations. The software is available for a variety of platforms (Windows, Macintosh, Linux, and others). Visit http://software.ucsd.edu/sophos for details.

Firewall Software
Windows XP and Mac Os X both include software firewalls which, when properly configured, can meet this requirement. Other systems will require the installation of a third party software firewall. Visit http://www-ono.ucsd.edu/documentation/firewall/ for more information about firewalls.

Locking
Most systems have screen savers that can be set to lock the workstation with a password after 20 minutes or less. This would effectively meet requirement number 9.

Windows Users
XP is by far the most secure Windows operating system available for (non-server) workstations. An upgrade license for XP currently costs approximately $60 for UCSD users, and the installation can take anywhere from 1 to 4 hours. Upgrading to XP also provides the additional benefit of remote administration which can, in many cases, allow our technicians to diagnose and fix software problems without an on-site visit, thus saving you the expense of a service call.

Note: If your computer is running Windows XP or Windows 2000 and you have a Cancer Center AD (Active Directory) account, compliance with items 1-5, and in some cases item 9, on the list above is automatic.

The Cancer Center Information Systems Group can assist you in bringing devices into compliance with the UCSD network standards. Upon request, one of our technicians will schedule an appointment to examine your device(s), install and configure any necessary software, and assure compliance with the standards. We can also arrange for licensing of any necessary software. In general, this procedure will take 1 to 2 hours of a technician’s time per workstation, and will be recharged at our standard service/repair rate. As always, our telephone help line (858-822-0143) is available free of charge to answer any questions you might have.