You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Self-supporting a Cornell computer means taking on additional tasks and responsibilities.

See also

Quick Cornell links

University IT Policies and IT Security Policies:

IT Security how-to's

Secure My Computers and Mobile Devices

Resources table compiled by Chemistry IT

Task or ResponsibilityTips, courtesy ChemITFYI: How it is done for managed computers.Notes
PurchasingOptional, but encouraged: ChemIT can process the purchase of almost any technology-related item. We are available for consultation as well to facilitate buying the right items.We purchase almost all computers in Chemistry, saving researchers thousands of dollars every year.The fastest, easiest, and cheapest way to buy a computers and related technologies is usually through ChemIT.
Hardware inventoryAll computers and printers must be noted in ChemIT's inventory, usually with assistance of the group's IT Rep. Please your IT Rep. if the computer changes location so they can inform ChemIT- thank you.ChemIT is responsible for inventorying all Cornell computers in Chemistry. 
Creating an Admin account

Creating a strong password is required by Cornell policy. More security tips:

http://www.it.cornell.edu/security/how.cfm?cat=4&tip=144

Group's faculty member and group's IT Rep. is offered this account, using password entered by IT Rep.

Cornell Policy 5.4.1, p9: Protect the resources under your control with the responsible use of secure passwords and by appropriately establishing an administrator password.

http://www.it.cornell.edu/security/how.cfm?cat=4

Creating and primarily using a User (non-Admin) accountThis practice is required by Cornell policyAutomatic, via Cornell's Active Directory

Cornell Policy 5.10, p16: Configure user privileges to be as low as possible while still meeting operational needs. Consistent or regular use of any account with administrative privileges is inappropriate.

Backups and restores.
  • Ensure user keeps critical files on group's file share or other off-device location.
  • User can have group pay for EZ-Backup and ChemIT can assist administratively.

Encourage use of group's file share so no back-ups required to be set up, monitored, and paid for on the computer itself.

Critical systems get set up with EZ-Backup.

Hard drives, even solid state ones, do fail. People make mistakes. Bad luck happens. Plan ahead!

Keeping the operating system (OS) and applications versions current and patched.

Patch within 14 days, as required by Cornell policy.

From IT Security Office: University Policy requires computers connecting to the Cornell network to be updated and patched against viruses and malware. Since no more updates and patches will be available for older unsupported operating systems to meet new threats, these older computers that connects to campus network resources will effectively be non-compliant with University Policy.

We upgrade via active migration to keep on current OS.

Cornell Policy 5.10, p16: Keep all relevant operating system, server, and application software up-to-date (patched). Develop and document a patch management process such that all vendor defined security or critical software updates are installed as soon as possible, but no later than 14 days after their release.

Anti-virus

Windows: Use built-in MS anti-virus and keep it updated.

Mac: Use MS SCEP and keep it updated. Obtain installer from ChemIT.

Windows: Managed anti-virus (MS SCEP)

Mac: Unmanaged anti-virus (MS SCEP)

Cornell Policy 5.10, p17: On all Windows and Macintosh systems, run anti-malware (anti-virus, etc.) software with daily updates and active protection enabled.

Responding to IT Security Office inquiriesIf system compromised, you must work with IT Security for clean-up and for the system be be allowed back on the network.  
Installing local printers

Use group printer's DNS name:

ChemIT installs. 
Installing MS Office

Download from Office 365 account (up to 5 installations)

Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations. 
Adobe applications (Acrobat, Photoshop and other components of the Adobe CS suite)

Obtain ChemIT's services for them to install, with your Admin credentials, required applications using Cornell's site license.

Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations.

CIT's licensing info:

ChemDraw

Download from CambridgeSoft, using Cornell license:

ChemIT installs. 
Encryption: Whole-disk

Implement and escrow keys.

Required by Cornell policy, with a grace period until  January 2017 (as of April 2016).

Planning underway (as of April 2016).

Will use Cornell's key escrow service built into MBAM, for IT Support Providers.

By Jan 2017: Cornell Policy 5.10, p17: All university-owned desktops, laptops, smartphones, tablets, and other portable computing devices must utilize whole-disk-encryption software to protect all local, persistent storage when the system is powered off.
  • No labels