Expectations and Responsibilities of Departments
MSD IT Services will be responsible for overall security of the data networks. This will include constant look-out for possible threats to Divisional systems.
This will take a 3 level approach:
- Network security: will be provided by management of switches, allocation of IP addresses to individual MAC addresses, and taking action when requested by central IT Services to prevent illicit use of the network and Virus/worm propagation. In addition networks are increasingly guarded by bridging firewalls.
- Server security: administrator passwords will be strong and secure. Servers will be patched to the latest security levels. All user accounts will be registered and password protected. Unnecessary processes whether or not thought to present a risk will be switched off. Ports that could provide a rout for malicious activity will be closed or in other ways defended.
- Desktop security: all personal computers attaching to the network have to be registered with MSD IT before it can obtain an IP address. All desktop machines will run up-to-date virus checking software. Laptops provide an easy route to introduce viruses/worms into the network it is vital that they are registered, kept up-to-date with patching and have a virus checker. If a laptop is used on another network such as a home internet connection file sharing, web serving software and the like must be switched off before connecting to the university network.
Departmental and individual Responsibility
Permitting MSD IT to maintain security: For the benefit of the whole university community it is vital that Departments and Units do nothing to prevent the MSD IT pursuing its security policies.
IP address sharing: IP addresses must not be “borrowed” from one machine and used on another. This makes it difficult to track down compromised computers. If two machines use the same IP address one will not work. “Hard wiring” IP addresses will cause the machine to fail if alterations are made to the network.
Privacy: must be respected for all users of the systems. Email accounts, whether provided by the university or not, are private to the user and shall not be viewed without express permission of the user. If it becomes necessary to view email (e.g. criminal investigations) MSD IT or central IT Services must be contacted first.
Network extensions: Only MSD IT is permitted to alter Divisional networks. Users should not set up routers, hubs, switches, or wireless networks without permission from MSD IT Services (normally MSD IT will do this for the requestor, if felt a reasonable use of the Division's resources). Wireless networks provide a particular security risk (for what can be a poor connection reliability)
Not installing servers without permission from MSD IT Services: For the majority of users a full server provision is provided by MSD IT or central IT Services. There is not normally a need to set up other servers (specialist research requirements excepted). Any server setup by a department must be declared secure by MSD IT. If compromised, the server will be cut off from the network by the MSD IT.
Not to setup personal computers as servers (providing services): By setting up software that provides services to others, even if the computer is used as a desktop, it is classed as a server and as such, will come under the full scrutiny of MSD IT. Normally, MSD IT will not allow such a machine to remain connected to the network.
Not permitting illegal use of systems: It is the duty of all to report (to MSD IT) any suspicious use of the university network. Every one should be vigilant for criminal use, pornographic or other unacceptable content being viewed or propagated, business use (such as trading) other than casual purchasing/selling (e.g. ox.for-sale), or using KaZaA type file sharing programs (this is also considered setting up a server). Not placing patient identifiable clinical information on MSD IT servers without seeking prior advice from MSD IT so we can ensure you are complying with Data Protection legislation.
MSD IT Services will attempt to set all desktop computers to perform automatic updates and receive other settings from MSD IT servers. No attempt should be made remove these facilities. If for some operational reason individual machines need to be setup differently, a case should be made to MSD IT.