Remote use of Rutgers Resources
Standards for Operating from a Remote Environment
1. All hosts connected to RUNet via remote site access technologies must use current anti-virus software to ensure that equipment is protected from hackers and malware. Rutgers antivirus software for desktops and servers (RADS) is free and easily available to university faculty staff and students at home and on campus. RADS is supported by the university and includes protection against spyware, adware, malware, and grayware and includes a built-in firewall.
2. All hosts connected to RUNet via remote site access technologies should employ a software or hardware based firewall. Note: the use of unified host endpoint protection products that incorporate this capability, such as RADS, satisfy this standard.
3. All equipment should utilize operating systems and software that are currently supported by a legitimate vendor (i.e., Microsoft, Apple, Adobe, etc.).
4. All hosts connected to RUNet must automatically or manually apply all necessary Operating System (OS) and application security updates or “patches” and keep the equipment up to date.
5. Portable equipment, such as data sticks/flash drives, CDs, PDAs, phones, etc., containing sensitive data must be kept secure, and locked when unattended. These items are vulnerable to theft and loss. All current on campus processes, policies and procedures must be used for restricted data. When business practices and/or policies mandate, encryption is required. Contact Information Protection and Security for recommended tools and software.
6. The wireless (wi/fi) preferences/settings for your computer and portable devices must not be set up to auto-connect to any wireless network they detect. Auto-connecting to unknown networks could put your computer and data at risk.
Home Wireless Networks
Home wireless networks are easy to set up and are often times provided by Internet Service providers. While they are extremely convenient to use, an insecure wireless environment opens up several risks that need to be addressed.
1. A person that is in close proximity to your home can use your Internet connection.
2. A person that is in close proximity to your home may be able to access your computer.
3. Information sent over the wireless connection can be stolen.
In order to help mitigate the risks associated with home wireless networks used for remote site access, the following wireless home networking configurations must be implemented.
• WPA encryption should be enabled
• The default SSID for your wireless router should be changed
• The default Administrator Passwords and Usernames for you wireless router should be changed
• MAC filtering should be utilized
Physical Security
- Hardware, software and data destruction of restricted materials must be done securely and disposed of at the termination of business need, and in conjunction with the Rutgers data disposal policy. Remote working arrangements should be equipped to facilitate this activity (shredder).
- Files must be backed up and tested on a regular schedule, and stored in a secured location.
Additional Requirements for Restricted Data
Users may not store any Rutgers restricted data on their personally owned devices. Restricted data includes data that Rutgers is required to protect under regulatory or legal requirements. Examples include student or employee identifiable information (i.e., name, SSN, birth date, home address, etc.), medical records, legal records, student records, police records, and credit card information. Restricted Data needs to be protected at the same level that it is when it is on campus.
Definitions
Term Definition
Encryption: The process of converting information using an algorithm to make it unreadable to anyone except those possessing special knowledge, referred to as a key.
MAC: Refers to Media Access Control. A PC network card or device has a unique identifier defined to it called the MAC address that is used for identification purposes.
Patch: A patch is a piece of software designed to fix problems or update a computer application or operating system. Intruders often seek methods to take advantage of vulnerabilities resulting from these problems to penetrate systems.
SSID: Refers to Service Set Identifier, and is the name that identifies a particular wireless Local Area Network (LAN).
WPA: Wi-Fi Protected Access is a certification created by the Wi-Fi Alliance to indicate compliance with security protocol. Most newer Wi-Fi certified devices support the security protocols, out-of-the-box, as compliance with this protocol has been required for a Wi-Fi certification since September 2003.
NOTE: Employees and units are responsible for security breaches involving NPPI. The measures described will help reduce the number of security breaches and limit the cost, time, and negative publicity associated with such breaches. For more comprehensive information on NPPI and your department responsibilities please visit this link.
NPPI exists in many places including files containing:
· Data or programs from retired faculty or staff members
· Student rosters
· Student, applicant, faculty or staff databases
· Email related to faculty, staff or students
· Personnel documentation
IPS provides two software tools that can locate unencrypted NPPI on your systems: the Cornell Spider and SENF. Instructions are available at http://rusecure.rutgers.edu/nppi.
If the information located is necessary for operation it should be encrypted. If not necessary for operations it should be deleted/wiped. IPS can recommend several open source and commercial encryption and wiping tools that provide the necessary functionality and security.
Data maintained on portable devices, such as laptops or USB memory sticks, is extremely vulnerable. All data on such devices should be encrypted.
Hardcopy records (e.g. paper, DVD, tapes) containing NPPI should be kept secure in locked cabinets behind locked doors. Information no longer needed should be destroyed.