• Services
• Get Help
• Accounts
• Computer Labs
• Software
• Training
• Network
• Hardware Purchases & Repair
• Information Systems Applications
• Information
• Alerts & News
• Security
• Policies & Standards
• Forms
• About Information Technology
• IT Planning
• Staff
• Organizational Chart

Information SecuritY

• Introduction
• Definitions
• General Requirements for all Network Connected Devices
• Procedures for Off-Campus Network Access and Provisioning
• Procedures for Desktop Remote Control Software
• Procedures for Wireless Access Paths
• Notes

General Requirements for All Network Connected Devices

These apply to all clients, servers, access methods, and access paths.

Single-user Computers

• Each single-user computer will have a designated operator responsible for the operation of the computer. That operator will be responsible for the following:
  • Registering the computer and ensuring the registration data is kept up to date.
  • Ensuring University provided anti-virus protection software is installed and operating.
  • Following university procedures concerning computer updates at least once a month.
  • Investigating and correcting vulnerabilities reported to them by JMU IT in a timely manner.
  • Abiding by the university's policy regarding Appropriate Use of Information Technology Resources (AUP; JMU Policy 1207).
  • Selecting strong passwords, as defined by the campus RUNSAFE guidelines, for all server accounts accessed from the computer.
  • Selecting and using client software that provides encrypted communications whenever it is an available and practical choice.
  • Using care in choosing software to run on their computer paying particular attention to email attachments, software from unofficial vendor distribution sites, and software whose author is unknown or untrusted.
  • Computers offering shell accounts giving interactive, programmable control of the computer through programs like telnet, ssh, X-Windows, and PC-Anywhere shall provide an individual account for each remote user.
  • Any server (including personal web servers, Microsoft file shares, and Appleshares) that provide access to confidential, sensitive, or critical data must protect such data with strong passwords as defined in the campus RUNSAFE guidelines. People providing such services are cautioned that incorrectly implementing the service could quickly lead to total compromise of the machine and related data. Best practices should always be followed when installing, configuring, and operating such servers.
  • Reporting computer abuse to abuse@jmu.edu and cooperating with the JMU Computer Incident Response Team in the investigation of such incidents.

Shared Computers and Servers

• Shared computers and computers whose primary function is to act as a server will have an individual designated as responsible for the administration of the computer. The administrator will be responsible for the following:
  • Registering the computer and ensuring the registration data is kept up to date.
  • Ensuring University provided anti-virus protection software is installed and operating.
  • Following university procedures concerning computer updates at least once a month.
  • Investigating and correcting vulnerabilities reported to them by JMU IT in a timely manner.
  • For non-public, university-owned servers, implement any user level authentication and authorization mechanism provided by the server. In other words, at a minimum require userIDs and passwords to access non-public files, information, or services.
  • Abiding by the university's policy regarding Appropriate Use of Information Technology Resources (AUP; JMU Policy 1207).
  • Abiding by the AUP and to ensure that any persons having shell accounts on the server, whether university-owned or not, abide by the AUP
  • Selecting and using client software that provides encrypted communications whenever it is an available and practical choice.
  • Using care in choosing software to run on their computer paying particular attention to email attachments, software from unofficial vendor distribution sites, and software whose author is unknown or untrusted.
  • Reporting computer abuse to abuse@jmu.edu and cooperate with the JMU Computer Incident Response Team in the investigation of such incidents.
  • Computers offering shell accounts giving interactive, programmable control of the computer through programs like telnet, ssh, X-Windows, and PC-Anywhere shall provide an individual account for each remote user.
  • Servers offering the ability for anonymous persons to upload data must be configured so the uploaded data is not available to other clients until it can be verified that:
    • Other clients are not exposed to hostile software such as viruses
    • The data does not consist of illegal materials such as child pornography or unauthorized copyrighted material.

This is to protect the operator of the server, other clients, and the university (if it is a university owned system) from being exposed to hostile software and the liability associated with harboring illegal materials.

In addition, if anonymous persons can overwrite or modify existing files, users of the service must be warned that the integrity of any files they store on the service and any files they download from the service cannot be guaranteed.