Securing Your Workstation

To help keep information that Weber State University collects and uses safe, users are responsible for making sure that their workstations are protected according to Policy.  This page gives information on how to keep your workstation secure using Industry Standards and the requirements set out in the Information Security Policy (PPM 10-1), the Acceptable Use Policy (PPM 10-2), the Network Security/Firewall Policy (PPM 10-3), and the USHE Board of Regents Information Technology Resource Security Policy (R345).  If these requirements cannot be met, an exception may be requested as directed on the Information Security Office site for Policy Exception Requests.

Supported Operating System Requirements

All University owned workstations must have a vendor supported version of the operating system (OS) installed with the option enabled to automatically download and install software updates or must utilize administrator managed patch management software.  

Supported Operating Systems

Earlier version of these operating systems will have support ending shortly or have ended.

  • Microsoft    Windows Vista and later (Windows 8.0 is not supported, you must be on 8.1)
  • Mac (Apple)    Mac OS X v10.7 “Lion” and later

To check the OS version that is installed on your system:

Windows:

  • Windows Vista and 7:
    • Click the Start button (Start button), enter Computer in the search box, right-click Computer, and then click Properties.
    • Look under Windows edition for the version and edition of Windows that your PC is running.
  • Windows 8.1:
    • Swipe in from the right edge of the screen, tap Settings, and then tap Change PC settings.
    • (If you're using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, click Settings, and then click Change PC settings.)
    • Tap or click PC and devices, and then tap or click PC info.
    • Look under Windows for the version and edition of Windows that your PC is running.

Mac:

  • From the Apple () menu, choose About This Mac.
  • Click the Version number underneath where the window says "OS X". The About This Mac window then displays your OS X version number in place of the version number.

To verify Automatic Updates are turned on:

Windows:

  • Windows Vista and 7:
    • Click the Start button (Start button), select Control Panel.
    • Choose System and Security.
    • Choose "Turn automatic updating on or off" under Windows Update.
  • Windows 8:
    • On the Start screen, type Control Panel, select the Control Panel app.
    • Look under Windows edition for the version and edition of Windows that your PC is running.

Mac:

  • OS X Lion and earlier versions:
    • From the Apple () menu, choose System Preferences, then Software Update.
  • OS X Mountain Lion and later:
    • From the Apple () menu, choose System Preferences, then App Store.

Install Antivirus and Anti-spyware Software

All computing systems must install the University approved management policy framework to manage antivirus and anti-spyware software. All desktop systems and servers that connect to the network must be protected with a University approved licensed anti-virus software product that is kept updated with the latest DAT files and anti-spyware software according to the vendor’s recommendations.

Corporate or Enterprise security software helps to secure the university network by providing several products and layers of defense. This is not the same type of product used for home use. It is important not to install any antivirus software other than the University’s approved product.

Current approved vendors

  • Microsoft System Center Endpoint Protection
  • McAfee Total Protection Suite (Support ends June 30, 2014)

Security software:

  • Management Policy Framework :  SCEP client / McAfee ePO (PC & Mac) v4.8
  • Virus Scan Enterprise: SCEP configured for WSU / McAfee, Virus Scan Enterprise 8.8, and Anti-Malware 9.2.0

Use the operating systems Firewall

All university owned workstations must have the host operating system firewall enabled.
Firewalls block unwanted network traffic that you don’t need and that could pose a threat.

To verify that they host-based firewall is turned on:

Windows:

  • Windows Vista and 7:
    • Click the Start button (Start button), select Control Panel.
    • Choose System and Security.
    • Choose "Check firewall status" under Windows Firewall.
  • Windows 8:
    • On the Start screen, type Control Panel, select the Control Panel app.
    • Choose System and Security.
    • Choose "Check firewall status" under Windows Firewall.

Mac:

  • From the Apple () menu, choose System Preferences, then Security & Privacy.
  • Click the Firewall tab.
  • Click the lock icon and authenticate with your administrator username and password.

Automatic Logins

Automatic logins must be disabled on workstations.

A system which does not require a login is less secure than one which does. Without a login anyone may plant key loggers or other malware without fear of being identified via login records.
In addition, inactive or stale user accounts no longer required should be promptly deleted.

Verification:

The system requires a username and password when turned on.

Lock Your Computer

All workstations must have the auto-lock feature enabled. The recommended amount of idle time for the auto-lock feature is 10 minutes and must not exceed 20 minutes.  In areas where the workstation is visible or accessible in a public or shared workspace, users must manually lock the workstation if left unattended.

If you leave your computer, lock it and your office door.  This prevents unauthorized access to your data and accounts. Locking also discourages prying eyes, hackers and thieves.  Users are responsible for any activity originating from their accounts which they can reasonably be expected to control. 

To verify that system has auto-lock feature enabled:

Windows:

  • Windows Vista and 7:
    • Click the Start button (Start button), select Control Panel.
    • In the search box, type "screen saver" and then click "Set screen saver password."
    • Select the "On resume, display logon screen" check box and set a time for the screen saver to start, then click Ok.
  • Windows 8:
    • On the Start screen, type Control Panel, select the Control Panel app.
    • In the search box, type "screen saver" and then click "Set screen saver password."
    • Select the "On resume, display logon screen" check box and set a time for the screen saver to start, then click Ok.

Mac:

  • Screen saver
    • From the Apple () menu, choose System Preferences, then Desktop & Screen Saver.
    • Click the Screen Saver tab and select one of the Screen Savers.
    • Choose the idle time from the "Start after:" menu at the bottom of the window.
  • Auto-Lock
    • From the Apple () menu, choose System Preferences, then Security & Privacy.
    • Click the General tab and make sure the checkbox next to "Require password after sleep or screen saver begins" is clicked.
  • Manually Lock your system (the steps under Auto-lock need to have been done for these to work)
    • Using Keystrokes (for Macs with Eject key or external keyboards)
      • Control+Shift+Eject
    • Using Keystrokes (for Macs without the Eject key)
      • Control+Shift+Power
    • Using Hot Corners
      • From the Apple () menu, choose System Preferences, then Desktop & Screen Saver.
      • Click the Screen Saver tab and select one of the Screen Savers.
      • Click the Hot Corners button in the lower corner.
      • Choose the hot corner you want to lock the screen with and choose "Put display to sleep" or "Start Screen Saver".

Disable Inappropriate Windows Components

Internet Information Services (IIS)

The University does not allow locally hosted web sites or web pages.

Windows:

  • Click the Start button (Start button), select Control Panel.

  • Click “System and Maintenance” (Vista) or “System and Security” (Windows 7 and 8)

  • Click “Administrative Tools” and select “Internet Information Service (IIS) Manager”.

  • In the “Actions” pane, click “Stop”.

Peer-to-Peer (P2P) Network Services

P2P technology is most often misused to copy commercial music and video files, without the copyright holder's permission. This type of activity is illegal and violates the Copyright Law.

Use of peer-to-peer networking or other file-sharing technology is prohibited.

Illegal use of file sharing may subject the user to civil or criminal penalties beyond penalties for violation of University policy.

File & Printer Sharing

Users must disable the “File and Printer Sharing” firewall exception.

It is NOT recommend that you share files using the "File Sharing" options of the Macintosh or Windows operating systems.
The "File Sharing" option in your computer's firewall or preferences on a Mac should be disabled; this will not prevent you from moving or transferring files.

Software

Downloading or disseminating copyrighted materials outside the provisions of “fair use” or without the permission of the copyright holder is prohibited. (Acceptable Use Policy PPM 10-2)

Use of open source or freeware must be in conjunction with an understanding of the license agreement.

Departments and colleges should maintain records of all software purchases.It is necessary to comply with or verify compliance with federal or state law, including but not limited to software licensing agreements.  Users must retain proof of ownership for purchased departmental software, for audit purposes.

Inventory Control

Workstations are to be inventoried, tagged and named as directed in the Computing Documentation Standard.  

Workstations should have a WSU Inventory Tag.  Items over $1500 should have a white tag issued from Property Control.  Items under $1500 should have a purple inventory tag issued from the IT Service Desk.  If the tag is missing, contact the IT Service Desk for assistance in obtaining one and making sure the system is properly inventoried.

The WSU device naming convention is to have the building code, room number and the full WSU inventory number.  An example would be: EH206-WS0123456. 

Verify your system is tagged and named properly:

Tag is affixed to outside of device.

Weber State UniversityOgden, Utah 84408

Privacy PolicyTerms of UseNondiscrimination Policy