• Account & Access Management
• Application Services
• Data Center Hosting
• Desktop Management
• Enterprise Connectivity
• Information Security
• Messaging & Collaboration
• Professional Services
• Technology Sales
• Training, Education & Awareness
• Voice Services

OU Norman IT
OU Tulsa IT

Home  |  Online Help  |  Policies  |  Tier Ones

 :: HOME /

Virus Response policies: Effective: 9-10-2003

Information Security Services shall have authority to issue and enforce computer security policies, procedures, and standards. For example, to require security patches be applied to computers.

Departmental Local Area Network administrators shall have the authority to implement and enforce computer security policies, procedures, and standards. For example:
- Install antivirus software
- Apply security patches to computers
- Remove software that presents a security risk
- Rebuild computers that have been compromised

• Antivirus policy: All computers connecting to the university network must have an approved, functioning, and up to date antivirus program
• Antivirus procedures: Faculty, staff, and students may obtain university provided antivirus programs for campus and home use at: http://it.ouhsc.edu/services/desktopmgmnt/antivirussoftware.asp

• Antivirus standard: Antivirus programs must be set to auto update virus definitions daily.
• Security patch policy: All computers connecting to the university network must meet a standard level for security patches.
• Security patch procedures: All computers connecting to the university network must have an automated procedure for maintaining current patch levels.
• Security patch standard: All applicable critical security patches must be installed within 48 hours of patch release by the vendor. Information Security Services will notify LAN administrators concerning a general patch deployment for the campus. LAN administrators are responsible for applying patches and for determining patches required for departmental specific applications.
• Network policy: Compromised or virus infected computers must have their network connections disabled to prevent spread of infection or illegal activities.

Active Directory Policies

• All MS Active Directory compatible computers must become members of Active Directory
  - This will enable application of security group policies
  - No local workgroups allowed
• Computer Objects can only be created and joined to Active Directory by IT and Tier Ones.
  - This is to ensure that computers joining our domain are doing so by personnel who understand and have agreed to the policies for network computers in our domain (antivirus, patching, etc.)
• A computer naming scheme will be used to aid in identification.
• Computer Objects must be created and placed into Organizational Units that represent university departments.
  - The default Computers container can no longer be used to contain computers in our domain.
  - This will help ensure that all computer objects have been identified and are being managed by a Tier One.
• The “managed by” field needs to be populated with the person’s name that manages the computer for the department.
• The domain administrators group must be a member in the local administrators group.
  - This allows domain administrators the ability to use reporting tools and apply domain wide policies.
• Active Directory passwords must meet complexity requirements.
• All remaining NT domains must be migrated to Active Directory by September 30, 2003
  - Joining Active Directory is necessary for security group policies to apply to the domain.
• Accessing third party mail providers from the OUHSC campus network will not be allowed. The OUHSC Exchange email system is the supported email platform for campus and provides necessary antivirus capabilities that may not be present on third party email providers.

All computers using Microsoft operating systems must be running current supported versions and be compatible with Active Directory

Explanation:
i. Microsoft does not provide security patches for unsupported operating systems and support for products in the extended phase requires additional costs. Unpatched systems are a risk to the entire network and a few compromised systems have caused disruption for the entire campus.
ii. If the vendor no longer provides technical support for the operating system then the University cannot provide technical support for the operating system.
iii. The University provides a site license under the MS Campus Agreement to upgrade unsupported operating systems to supported versions.
iv. Older operating systems are not compatible with Active Directory (AD). The security level of AD must be lowered just to allow Windows 9X computer to logon. This reduces the value of higher security built into Active Directory.
v. Active Directory security group policies are not compatible with 95, 98, ME, or NT.
vi. HIPAA will require unique user identification (Logon to the desktop operating system) which is a feature not supported on Win 95 or 98.

Unsupported or non AD compatible operating systems:

• MS Windows 95
  - Mainstream Support ended December 31, 2000
  - Entered non supported phase on December 31, 2001
• MS Windows 98
  - Mainstream support ended June 30, 2002
  - Entering non supported phase on January 16, 20046
• Windows NT Workstation 4
  - Mainstream Support ended June 30, 2002
  - Entered non supported phase on June 30, 2003
• ME
  - Mainstream Support will end December 31, 2003.
  - Entering non supported phase on December 31, 2004
  - Consumer operating system was not designed for business use
  See MS Product Lifecycle Information
  for more information on MS Windows desktop product lifecycles.

Document Last Revised 02/01/2013