College of Education Network Security Policy FAQ
Policy Link
The College of Education Network Security Policy is viewable online at the following URL: https://utexas.atlassian.net/wiki/x/AgiLB
What is the difference between the "public access network" and the "computer data network reserved for faculty, staff, and computer labs" mentioned in the policy?
- The UT public access network is a collection of Ethernet ports in public areas across campus and all wireless access points connected to UTnet, the campus network. The Public Network allows members of the University community and sponsored guests to access University computing resources and the Internet from many buildings and common areas using network-capable laptops and portable devices. With the UT public access network, you have to log into the system with a valid EID account before you will be allowed to use the network. The UT public access network is maintained by ITS and problems with the public access network should be directed to them.
- The "computer data network reserved for faculty, staff and computer labs" is maintained by the Information Technology Office and ITS holds The Information Technology Office responsible for all devices that connect to this network. The College of Education Network Security Policy as well as UT Austin information security policies applies to this network. If your computer is plugged into a computer data port in an office, then it probably is not a public access port but rather a port that connects to the Information Technology Office maintained network.
Why do we have/need this policy?
- So that The Information Technology Office can ensure that University owned computer which connect to the University's computer data network adhere to ITS policies regarding IT resources used within the University.
- Users of the College of Education's computer data network need a network security policy that is clearly defined so that they know what their responsibilities are in regards to computer data network use.
- Some of the policy requirements will allow for the Information Technology Office to better and more efficiently maintain computers in the various College of Education offices around campus. For example, the policy granting The Information Technology Office administrative level access to University owned computers will allow technical support staff to remotely repair computers upon request or quickly send critical security related updates to your computer to ensure it is protected against viruses and other threats.
- Computers which adhere to the network security policy will be more secure and less likely to be vulnerable to computer related threats such as viruses, worms, or hacking. The reduced amount of computers vulnerable to attacks will result in technical support staff being able to direct limited resources to other services. In the past year, the College of Education network had 243 computer security related incidents.
- To ensure the College of Education is in compliance with Texas Administrative Code Title 1- Part 10 - Chapter 22 - Section 202.2.
I have questions about this policy, who do I contact?
- For questions regarding the network security policy please contact the Information Technology Office.
Who does this policy apply to?
- Any person or computer that utilizes the College of Education's computer data network.
I use my own laptop/computer - does this policy apply to me?
- Owners of computers not bought with University funds need to adhere to the last policy regarding privately owned computers. The Information Technology Office is not authorized to provide support for non-University owned computers. Privately owned computers need to be registered with the Information Technology Office if they will be plugged into the College of Education's computer data network reserved for faculty, staff and computer labs. As stated in the policy, a running virus scanner with the latest virus definitions will need to be running when plugged into the College of Education's computer data network reserved for faculty, staff and computer labs. Privately owned computers make up a significant portion of the number of computer security incidents in the College.
What happens if I don't follow the policy?
- It depends on the nature of the policy violation. For small infractions with University owned computers you will be notified of the violation and given the chance to bring your computer into compliance with the policy. For larger or repeat infractions, your supervisor and possibly your departmental head will be notified of the violation. The Information Technology Office recognizes the fact that the network security policy might pose problems with special configurations of computers required for research activities. The Network Security Policy has a large portion dedicated to exemption procedures which were developed to account for this situation. The Information Technology Office will work with you to ensure your computer is in compliance as much as possible with the Network Security Policy while not impacting your research.
- For privately-owned computers, repeat violations of the network security policy will result in your computer not being allowed to use the College of Education's computer data network reserved for faculty, staff and computer labs.
What is a "network service"?
- A program running on a computer that provides access and services to other computers on the network (i.e. web server, file server, etc.)
How do I register my computer?
- University owned computers used by Faculty and staff which are directly supported by the Information Technology Office will be registered by the Information Technology Office support staff.
- Faculty and staff computers which are not directly supported by the Information Technology Office staff will either be registered by the departmental IT support personnel for the computer or The Information Technology Office staff at the request of the departmental IT support personnel.
- Privately owned computers will need to be registered with the Information Technology Office by the owner. The Information Technology Office will verify that the computer meets the minimum standards for privately owned computers as specified in the College of Education Network Security Policy. Once registered with the Information Technology Office, the computer may be used on the College of Education's computer data network reserved for faculty, staff and computer labs.
What is the "centralized authentication system" mentioned in the policy and how will it affect me?
- The system allows your computer authentication information to be stored in a centrally located server as opposed to individually on each computer that you log into. This will allow you to have a single account across all computers you need access to so that you can quickly and easily change your password if needed. In addition, you will be able to quickly disable your account in the event your account is compromised thus ensuring your data is secured. The system will also ensure your password meets the minimum complexity requirements to ensure your data is safe.
I use a laptop, does my laptop have to be configured to use the "centralized authentication system"? If so, will I be able to log into my computer when I unplug it from the college network?
- Yes
Why does The Information Technology Office have to have an administrative account on my computer?
- An administrative level account is needed to perform security related updates to University owned computers.
- It will allow support personal to repair your computer when you are not in the office or otherwise available to log support staff into your computer.
- Support staff will be able to repair computers faster by remotely connecting to a computer at the user's request.
I want to know when the Information Technology Office administrative account is used on my computer; how do I determine when it was used and for what reason?
- When your computer is set up to use the centralized authentication system, log file entries which log use of the Information Technology Office administrative account are sent to a secure event logging server. You may view the log entries pertaining to your computer. Log files which track all logins to your computer are also stored locally on your computer's hard drive.
- Administrative level access to computers is only used by the Information Technology Office on the user's request or request of the user's departmental head. Users will be notified if critical security updates were applied to their computer by the Information Technology Office.
Some updates are known to break computers. I don't want The Information Technology Office installing the updates and breaking my computer. Can I do the updates myself?
- The Information Technology Office will only update computers with updates which are deemed "critical" and pose an immediate security threat to your computer and the College of Education's or University's computer data network.
- You will retain the ability to apply updates to your computer.
Why is Apple Remote Desktop running on my computer and why does it need to remain enabled?
- Apple Remote Desktop allows The Information Technology Office to quickly update computers remotely.
- It allows The Information Technology Office support staff to connect remotely to computers for repairs at the computer user's request.
What is the binocular symbol in the menu bar at the top of my screen?
- This icon gives the status of the Apple Remote Desktop (ARD) connection.
- A grey binocular icon means ARD has been installed on your computer but is not running.
- A black binocular icon means ARD is running on your computer but the remote connection is not being used.
- A square monitor icon with binoculars inside the box means an administrator is actively observing or controlling your computer.
What is a "complex password" and why do I need to have one?
- A complex password is a password which is not easily guessed or deduced. A complex password helps to ensure your computer and data are kept safe. Computers participating in the "centralized authentication system" utilize user accounts which must adhere to the following rules:
- Passwords must be at least eight (8) characters long.
- Passwords must contain characters from at least three (3) of the following four (4) classes:
- English Upper Case Letters A, B, C, ... Z
- English Lower Case Letters a, b, c, ... z
- Westernized Arabic Numerals 0, 1, 2, ... 9
- Non-alphanumeric ("Special characters") E.g., punctuation symbols.
- Passwords may not contain your user name or any part of your full name.
- Your password must be different from the last 10 passwords you used.
Why can't I have my computer auto-login with my account when I boot up the computer? I have had it configured this way for years.
- Information Security not only deals with computer network security but also physical security of the information contained within your computer. You can have the best password in the world but if your computer auto-logs in with your account, a person does not need to know your password to gain access to the data on your computer. UTPD reports many instances of people walking into offices with the intent of stealing items. There have been documented instances of item theft from offices in the Sanchez building.
- Password protected screen savers alone are not sufficient enough when the computer can be rebooted and the computer auto logs in with your account.
I use a Mac and there are not any viruses or security problems like Windows. Why do I have to do all this inconvenient security stuff when it doesn't seem necessary?
- OS X is now based on UNIX which has many vulnerabilities. UNIX is inherently more secure than Windows but UNIX is not perfect. All it takes is one instance of a computer being compromised and all email, data, etc on the computer is exposed. Apple users can no longer rely on the obscurity of the MacOS to protect them. It only takes one incident such as social security numbers being exposed to make newspaper headlines across the world.
What is packet sniffing?
- Computer data is transferred between computers in a stream of packets. Packet sniffing is when the packets are "listened" to by a third party. Think of a phone conversation going through a phone line and someone hooking up a phone to the telephone line and listening to your conversation. If you speak in plain English what you say is heard and recorded by the third party listener. If you speak in a language only you and the person you are talking to understand, the third party can hear what you are saying but won't be able to understand it. Speaking in a language only you and the person you are talking to understand is like "encrypting" your conversation.
- The UT public wireless network is unencrypted so unencrypted programs such as standard FTP can be listened to by anyone in range of your computer's wireless signal. Passwords and other confidential information can be easily harvested and used. When sending sensitive data over a wireless network, ensure the data is encrypted. When in doubt, physically plug your computer into the network with a network cable.
I have guests who are not part of the University attending a conference I am hosting. How does this policy affect them and what needs to be done to set them up to be in compliance with the policy?
- Notify The Information Technology Office as soon as possible if you are coordinating an event which will require network access to individuals who are not a faculty, staff, or students of the University. Individuals who do not have an EID account will need to have guest EID's created so that they can to log into the UT public computer data network. When in doubt, contact The Information Technology Office as soon as possible before the event in order to ensure there are no complications with computer network access for your event attendees.
If my computer is plugged into the building network it should be safe. I don't think anybody in this building will try to get into my computer so why do I need do to all this security stuff?
- Plugging your computer into the University network is basically plugging it directly into the Internet with no wall or barrier protecting you. In a traditional corporate computer network, a device called a firewall is placed between the corporate network which contains the company computers and the rest of the Internet. In this configuration, the corporate computers are free to communicate with each other while staying protected behind the wall between the Internet and them. Since the University has such a large number of computers and a tremendously large number of varying requirements due to research, an effective firewall cannot be placed between the University network and the Internet.
- Plugging your computer into the University network is like jumping into an ocean. If your computer is not secured, then it's like jumping into an ocean of sharks with a bleeding cut on your arm. Anyone in the world can connect to your computer. The only thing stopping them from actually accessing the data on your computer is your password and how well the programs and operating system running on your computer are configured and patched for security related vulnerabilities. The College of Education network and the computers connected to it are constantly probed for weaknesses by computers from all over the world. Instances of computer vulnerability scans from places as far away as Brazil and eastern Europe are common on the College of Education network.
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.