The University of Vermont has come to rely upon networks for our core mission. UVM students, faculty and staff have come to rely upon the campus network for electronic mail, access to information and to conduct routine business transactions. Our network is heavily used for teaching, learning, research, publishing, routine communications and business transactions. Keeping our network and the hosts on it secure is essential to UVM's mission.
As is the Internet in general, UVM is experiencing an increase in security threats to our network and computer systems. While several measures have been in place to help protect our computers systems, and while institutional business systems have not been compromised, a number of departmental systems and desktop computers have been successfully "hacked". The rising sophistication and volume of attacks require more stringent protection and greater vigilance on everyone's part. Securing the campus network and the information resources connected to it is the joint responsibility of Network Services, computer systems administrators, and every user of the campus network.
Network Services provides a hardware and software firewall that shields our computers from the many security attacks. Network Services seeks to provide this protection with the minimum amount of inconvenience and overhead. Note that they clearly cannot stop all break-in attempts.
Systems Administrators are responsible for ensuring that hosts and servers are as well secured as possible. All known security holes should be patched as soon as fixes become available. Systems should be configured to limit exploitation by hackers. Systems should be routinely monitored to ensure that they have not been compromised. A compromised system is a danger not only to the owner and account holders, but to every system on campus. Prompt detection and reporting of intrusion is essential.
General users must be alert to security risks as well. Select a good password and do not share it. If you suspect someone else knows your password, change it immediately. Avoid opening email attachments, especially those with executable extensions such as .exe and .vbs which are most likely viruses. Note that Word (.doc) and Excel (.xls) can also be virus vectors. Since these viruses have a way of spreading from friend to friend (via address books), one should be very careful opening attachments from acquaintances especially if you were not expecting the file. For this reason, attachments are not the best way to transmit information. The use of a personal Web site is better in many ways. While Web sites and news groups can also be used to distribute viruses, it is more difficult for a third party to put a virus on your personal Web site for purposes of distribution.
Please report security intrusions, attacks, etc. to:
Send questions and comments to: Security@llist.uvm.edu
Direct "sensitive" questions to: Security Team.
If you would like to join the UVM security discussion list, email a subscribe command to listserv@list.uvm.edu, for example:
[substituting your own name, of course]
Last modified August 06 2002 05:28 PM
