You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Self-supporting a Cornell computer means taking on additional tasks and responsibilities.

Quick links

IT Security how-to's

Secure My Computers and Mobile Devices

Resources table

Task or ResponsibilityTips, courtesy ChemITFYI: How it is done for managed computers.Notes
PurchasingThe fastest, easiest, and cheapest way to buy a computer is usually through ChemIT. We invite you to tell us of your needs so we can assist in your computing purchasing decisions.We purchase almost all computers in Chemistry, saving thousands of dollars every year. 
Hardware inventoryItem must be inventoried by ChemIT. Please inform ChemIT if the computer changes location- thank you.ChemIT is responsible for inventorying all Cornell computers in Chemistry. 
Creating an Admin account

Creating a strong password is required by Cornell policy. More security tips:

http://www.it.cornell.edu/security/how.cfm?cat=4&tip=144

Group's faculty member and IT Rep. is offered this account, using password entered by IT Rep.

Cornell Policy 5.4.1, p9: Protect the resources under your control with the responsible use of secure passwords and by appropriately establishing an administrator password.

http://www.it.cornell.edu/security/how.cfm?cat=4

Creating and primarily using a User (non-Admin) accountThis practice is required by Cornell policyAutomatic, via Cornell's Active Directory

Cornell Policy 5.10, p16: Configure user privileges to be as low as possible while still meeting operational needs. Consistent or regular use of any account with administrative privileges is inappropriate.

Keeping the operating system (OS) and applications versions current and patched.

Patch within 14 days, as required by Cornell policy.

From IT Security Office: University Policy requires computers connecting to the Cornell network to be updated and patched against viruses and malware. Since no more updates and patches will be available for older unsupported operating systems to meet new threats, these older computers that connects to campus network resources will effectively be non-compliant with University Policy.

We upgrade via active migration to keep on current OS.

Cornell Policy 5.10, p16: Keep all relevant operating system, server, and application software up-to-date (patched). Develop and document a patch management process such that all vendor defined security or critical software updates are installed as soon as possible, but no later than 14 days after their release.

Anti-virus

Windows: Use built-in MS anti-virus and keep it updated.

Mac: Use MS SCEP and keep it updated. Obtain installer from ChemIT.

Windows: Managed anti-virus (MS SCEP)

Mac: Unmanaged anti-virus (MS SCEP)

Cornell Policy 5.10, p17: On all Windows and Macintosh systems, run anti-malware (anti-virus, etc.) software with daily updates and active protection enabled.

Responding to IT Security Office inquiriesIf system compromised, you must work with IT Security for clean-up and for the system be be allowed back on the network.  
Installing local printers

Use group printer's DNS name:

ChemIT installs. 
Installing MS Office

Download from Office 365 account (up to 5 installations)

Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations. 
Adobe applications (Acrobat, Photoshop and other components of the Adobe CS suite)

Obtain ChemIT's services for them to install, with your Admin credentials, required applications using Cornell's site license.

Use Cornell's central licensing infrastructure and processes for IT support providers for unlimited installations.

CIT's licensing info:

ChemDraw

Download from CambridgeSoft, using Cornell license:

ChemIT installs. 
Encryption: Whole-disk

Implement and escrow keys.

Required by Cornell policy, with a grace period until  January 2017 (as of April 2016).

Planning underway (as of April 2016).

Will use Cornell's key escrow service built into MBAM, for IT Support Providers.

By Jan 2017: Cornell Policy 5.10, p17: All university-owned desktops, laptops, smartphones, tablets, and other portable computing devices must utilize whole-disk-encryption software to protect all local, persistent storage when the system is powered off.
  • No labels