ºÃÉ«tv

OIT Minimum Security Standard for Desktop Systems

Table of Contents

• Introduction
• Scope
• Minimum Standard for Desktops

Introduction

The purpose of this document is to outline a set of minimum security standards and best practices regarding desktop and end-user computer ºÃÉ«tvs. The following standards are recognized throughout the IT industry to be "security best practices" and when adhered to are designed to enhance the overall integrity and availability of UA information resources, networks, and computer ºÃÉ«tvs. 

Scope

This document and the standards contained herein apply to all users, desktop computer ºÃÉ«tvs, workstations, laptops and other end-user devices that are attached to ºÃÉ«tv networks or are interacting with UA information resources managed by the Statewide (SW) and UAF Major Administrative Units (MAU).

Minimum Standard for Desktops

• Software Updates
  Regularly check for and ensure that software updates/patches are installed. This includes, but is not limited to, operating ºÃÉ«tv updates, application patches and firmware updates.

• Anti-Virus Software
  Install and maintain current anti-virus software. Check for and install any updates to both the software and virus definitions on a regular basis.

• Implement Physical Security Measures
  Workstations must be configured to require a password to access the ºÃÉ«tv. Enable screen locking features to prevent unauthorized access to one's machine while not in use. Any exceptions such as public terminals, kiosks, or lab computers should be documented.

• Disable Unnecessary Services
  Many operating ºÃÉ«tvs may be configured (by default) to permit access to ones ºÃÉ«tv from other computers on a network. An assessment should be performed to identify all services enabled on a ºÃÉ«tv. Any unnecessary services should be disabled and any exceptions (services left enabled due to business or operational requirements) documented.

• Limit Use of Privileged Accounts
  Under certain circumstances normal users may be issued ºÃÉ«tv accounts that have administrative or privileged access to a ºÃÉ«tv. Users should limit the use of these accounts (to the specific tasks requiring them) and not use them for general work purposes.

• Host-based Firewall Software
  Host-based firewalls help protect individual ºÃÉ«tvs from malicious attacks initiated by other ºÃÉ«tvs on a computer network. Workstations are required to have locally installed firewall software and have it configured in a secure manner approved by the UA Chief Security Officer.

v2008/11/18