Information Systems Management

Computer Security for Student Affairs Data Coordinators

The following information is provided to help the Data Coordinators understand the computer security requirements of San Diego State University and the Division of Student Affairs.  Use this information to review your department's computer security and implement any needed changes

Each department is responsible for implementing procedures to protect their electronic data and computer hardware from theft, loss, or corruption.

Security Topics:

Software Patches
Anti-Virus Information
Notification
Vulnerability Assessment
System Compromises
Other Security Issues
Security Links
Campus Computing Policies

Software Patches

Microsoft frequently releases patches vulnerabilities that are discovered in their software.  Some of the most critical vulnerabilities can enable an unauthorized user to take control of the system.  It is critical that every PC in Student Affairs has all current patches installed!

• Microsoft Windows Update Site
• Microsoft Office Update Site

Anti-Virus Information

• The latest version of anti-virus software can be downloaded from Rohan.
  
• Virus protection (DAT) files should be updated daily.
• Avoid opening files attached to email unless you know their source or requested the file.
• Don't run files directly from the Internet (it's safer to save them to disk first and then run them).
• You can check the validity of a virus at the McAfee site.

Notification

To keep current on the latest security issues subscribe to the lists below:

• Microsoft Security Bulletins: For the latest information from Microsoft.
• NTBugtraq:  This is a mailing list for the discussion of security exploits and security bugs in Windows 2000, and Windows XP plus related applications.
• SANS@RISK:  This site summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them.

Vulnerability Assessment

The Baseline Security Advisor can perform local or remote scans of Windows systems. It runs on Windows 2000, Windows XP, and Windows Server 2003 systems. It will scan for common system misconfigurations and weaknesses.

Download Microsoft Baseline Security Advisor

System Compromises

Server log files should be reviewed daily in order to discover suspicious activities and other system problems as soon as they occur. 

Consult the Intruder Detection Checklist to determine whether an intruder has compromised your system.

If you believe that a system has been compromised, you should:

1. Immediately unplug the network cable in order to remove the system from the network.
2. Notify the department director immediately.
3. Does the system contain sensitive information?
   YES - Contact ISM immediately and don't proceed to step 4.
   NO - Proceed to step 4.
4. Follow the CERT's steps for recovering a system.

Other Security Issues

• Make sure that every user account has a strong password.
• Warn your users about how to avoid Social Engineering.

Security Links

• Microsoft Security Tool Kit
• Internet Information Services Lockdown Wizard
• Make Your Windows Desktop Secure
• Make Your Windows Servers Secure
• Windows 2000 Server Hardening Guide
• Microsoft Security Checklists

Campus Computing Policies

• SDSU Computing Security Policy
• SDSU Computing Acceptable Use Policy
• SDSU Acceptable Use Policy -- Operational Guidelines