More Secure Network (MSN)
Rules for Participation
All computer systems moved to the More Secure Network and all network outlets migrated to the More Secure Network must comply with these rules. If you have any questions about how to interpret the rules, please email us.
Before Moving A Device to the More Secure Network
- Ensure only one computing device is attached to each network port on the More Secure Network.
- Devices that are allowed on the MSN include user workstations, servers, printers, or other specialized computing resources.
- Not allowed are network sharing devices, routers, switches, hubs, wireless access points, or computers configured for network sharing.
- Complete a full antivirus scan. (Free antivirus software for the Windows and Mac platforms is available for download at UVA Software Gateway. Users not wishing to take advantage of this free software may purchase a product of their own choosing for their platforms.)
- Notify (by LSP) users of their responsibilities for using the More Secure Network both at work and home.
- Enable real time virus scanning (Windows and Mac OS X).
- Install all critical operating system updates (Microsoft and Macintosh).
- Ensure University-owned machines used by student employees are secured like any staff or faculty machine on the More Secure Network.
After Moving A Device To The More Secure Network
- Do a full weekly scan using antivirus software. (Free antivirus software for the Windows and Macintosh platforms is available for download at UVA Software Gateway. Users not wishing to take advantage of this free software may purchase a product of their own choosing for their platforms.)
- Check daily for automatic antivirus signature updates. (This requirement may be met by using the free, properly configured antivirus software)
- Check your More Secure Network ports periodically to ensure that your users have not connected hubs, switches, routers, or other network sharing devices to ports on the More Secure Network.
- Departmental public lab machines. (Researchers are encouraged to move the machines in their labs to the More Secure Network.)
- Open network plug-in jacks. (All jacks must be in non-publicly accessible locations.)
- Undergraduate or graduate student-owned machines.
- Computer systems which interface with both the More Secure and the standard University networks.
- Machines that are accessible when the owner is absent. (Machines on the MSN must be in a physically protected space.)
While not formally required, the following are good practices:
- Doing full daily scans using antivirus software.
- Utilizing push management for antivirus signature updates.
- Assigning computer names that help identify location/owner of machine.
- Keeping security patches current (Windows/Apple/UNIX/Other).
- Having system administrators configure systems according to the standard best practices.
- LSPs may request vulnerability scans for servers they manage which access the MSN.