Trace: Version 3 Wish list » Main Page » EIT Overview » Special:Recentchangeslinked » 11:45 Breakout Reports

11:45 Breakout Reports

From AgriLife WIki

Jump to: navigation, search

Off Campus

How would you recommend these security issues be addressed?

  • Passwords. preparation and education for users. Email a notice 10-15 days ahead of implementation and send instruction for users to print out. All environments should utilize the same procedure. Implement the policy at administration level and keep procedure for outside agencies as well. Write down password and keep in secure location. Personal password and professional password distinction and use the same password for all professional passwords and change them every 60-120 days. Regular cycle of password changes for users. Novell Netware password does not increase security for the workstation. It only allows access to the shared drives. Windows password restricts workstation access. However, the Netware and the Windows passwords can be synchronized to where the Netware password effectively protects the workstation as well.
  • Backups. Evaluate off-site location to keep files. Decision must be made on a site-by-site basis. Use iFolder--uses inexpensive secondary server, and operates on auto backup mode. Hot swappable drives somewhere else on campus. Relative to your site: tornado, fires, hurricanes, floods.
  • Business Continuity. We do not train the same. Develop standards and follow them.
  • User Accounts: Need to know last effective date; new hire.

What are the industry best management practices?

What should be done locally (i.e., at the unit level) and what should be done centrally?

On Campus

How would you recommend these security issues be addressed?

  • Can we use LDAP for password management on many platforms?
  • Deal with remembering passwords; give users an algorithm for generating and remembering or use password management software such as KeePass or Password Gorilla from SourceForge.net
  • Set up local security at "get-go" (local password policies)
  • Need to get users on board:
    • Make them as security-conscious (aware) as we are
    • Tell them about viruses that can get in with weak passwords
    • Give them a lot of advanced notice
    • Increase security requirements at various levels to get them accustomed
  • Authoritarian approach vs cooperation
    • Users comply and are unhappy; vs.
    • Tell them what they need to do and why, and HELP them do it
    • Users will try to get around measures they don't buy into.
  • So much information & change to keep up with; we are faced with an ocean and have a spoon to work with.

What are the industry best management practices?

What should be done locally (i.e., at the unit level) and what should be done centrally?

  • Norton corporate antivirus is good; appreciated by admins
  • Would like similar capability for antispyware
  • Tools for knowing what is out there on your subnet are desired
  • Centralized email is good; but some want to have a local server to accommodate special needs--like a 200MB ppt that X has and Y wants it tonight
  • Poultry Science--downloads student information from SIMS and uses to set up student accounts with good passwords; this could be a privacy concern
  • Dual accounts; one with administrative rights to workstation but no net access; one with net access but no administrative rights
  • Monitor access logs mainly for sign of hacking/security breaches; again privacy might be an issue

Agency Wide

How would you recommend these security issues be addressed?

  • Designate/identify a responsible person for workstations.
  • Those who own the data are responsible, but do they have control?
  • Identify strategic issues and who controls the strategies.
  • Set policies and obtain administrative support.
  • Policy may be different in different locations.
  • Policy implementation must be flexible and respond to users’ needs and yet still addressed security concerns.

What are the industry best management practices?

  • Strong passwords that are changed regularly.
  • Standard workstation set ups that meet the needs of the users.
  • Implement user policies and group policies. (Role-based Access Management)
  • Regular back ups according to policy.
  • Physical security.
  • User access only to software and resources necessary to do his job according to supervisor’s/unit head’s assessment.
  • No unmonitored or unauthorized access.
  • Establish and document appropriate contact information and procedures in case of emergency, legal and/or administrative access
  • Policy must be in place to address disaster recovery and business continuity

What should be done locally (i.e., at the unit level) and what should be done centrally?

  • Identify and document local administrative IT contact if possible.
  • Document policies for account and workstation management locally and centrally.
  • Establish a chain of command.


Back to IT Conference

Retrieved from "http://agrilifewiki.tamu.edu/index.php/11:45_Breakout_Reports"