home  |   search  |   help  
  
Campus IT Policies

Latest Phishing Scam

 
Security Information

Systems infected with virus' or worms pose a threat to other systems on the internet and jeopardize both data and the ability of people to work or conduct business within and beyond UCLA. Failure to take decisive steps to limit a systems ability to infect other systems exposes the School and the University to criticism, network isolation from key networks and possible legal action.

When you are requesting your machine be connected to the network it is your responsibility to make sure that your machine is as secure as possible. As the machine administrator, you must comply with UCLA Policy 401. See Policy 401, Attachment A in particular.

If a compromised system holds personal data (e.g. Social Security number, credit card number, medical and/or health information) you must follow the procedure in UCLA Policy 420 to avoid violating California State Law.

SEASnet has provided the following guidelines for securing your machine. If you are unsure of any of these steps please contact the SEASnet Help Desk.


Recommended Computer Security

The following are recommendations to keep your computer, accounts, and data more secure. The steps involving setup, installation, or configuration require administrative/root privileges.

Note: Staff machines under SEASnet support have many of these configured already. Please check with the Help Desk before making changes.

  • Lock down and physically secure all equipment; especially laptops and machines in open areas. You can submit an MSR to do so.
  • If you need to step away from the computer for more than a minute lock your session - instructions for locking down a Windows machine can be found here
  • Setup a screen saver with password protection on resume.
  • Log off the machine when you leave for the day
  • Install all current updates/patches - click here for windows instructions
  • Do not use a root/administrator priviledge account as your primary account. Create a regular user account for normal use and only use the administrator account for installing software.
  • Both windows and linux supported machines can be configured to automatically download and install updates and patches - instructions to configure your windows machine can be found here
  • Install anti-malware software (especially anti-virus software); and make sure to update and scan frequently
  • Setup a firewall - see these instructions for configuring Windows XP firewall
  • Create strong passwords for all computer accounts and change them every 6 months
  • Do not save passwords in web browsers
  • Do not keep any sensitive data on your computer unless absolutely necessary - if you must keep sensitive data on your computer it should be secured - compromised computers containing sensitive data will be subject to UCLA Policy 420
  • If you have passwords or other sensitive data in hard copy (on paper), keep it secure. In a locked cabinet for example
  • Beware of Social Engineering attacks
  • SecureID cards (if one is assigned to you) should be considered like a master key:
    Keep it's location secure, do not let anyone borrow/use it, do not write your username and/or password on the device, nor place any identifiable marks, stickers, or notes of any kind on the device

Windows specific:

Protection of personally identifiable information as outlined in UCLA Policy 420.

  • Don't transfer protected information to a device such as a USB drive or CD that can easily be lost and accessed by someone else.
  • Don't send email that includes protected data if at all possible. If you absolutely must send email with protected data carefully evaluate where the email will be sent. If you forward on email that has protected data and the recipient does not need the protected data, remove that information from the message prior to sending it. With the addition of health and medical information, an email from an employee to their supervisor explaining a medical condition becomes protected data.
  • Supervisors should ensure that their employees are not forwarding email to a non-HSSEAS account. Email accounts not handled through SEASnet may or may not meet campus security requirements.
  • Be cautious when using your computer to casually browse internet. If you're not sure if a site is trustworthy, then don't visit it from a work machine.
  • Never assume that you are not responsible for keeping data secure. If you have access to the data, you are responsible.

Computer security requirements change as new vulnerabilities and methods of compromising your systems are discovered. Please check back her often to ensure your system is as secure as possible.



SEASnet Help Desk, 2684 Boelter Hall (310)206-6864