By Leslie Intemann
More than 90 people across campus gathered recently at a seminar sponsored by University Computer Policy and Law [see Chronicle story, July 15] to discuss four new policies unveiled in 2004: domain name, security of IT resources, reporting electronic security incidents, and network registry.
|
|
| The ninth annual Institute for Computer Policy and Law met July 6-9 at the J. Willard Marriott Executive Education Center in Statler Hall. Frank DiMeo/University Photography |
"In 2001, we began an IT policy framework initiative, a comprehensive approach to the development of IT policy for the Cornell community," said Tracy Mitrano, director of IT policy and the University Computer Policy and Law (UCPL) program. "With the promulgation of these four policies together, and with the promulgation last year of two more policies, we have more than half completed the framework initiative. We look forward to working with the University Policy Office to develop the remaining four policies. At the end of this process, Cornell should have a coherent picture of how best to protect and preserve its interests and assets and pursue its missions in the electronic realm."
The first new policy, Recording and Registration of Domain Names, involves three-part domain names such as bigred.cornell.edu and other names served by Cornell's domain name servers or purchased with university funds. These names must be registered or recorded in the Cornell Domain Name Registry. Cornell's primary domain name is cornell.edu. Within the cornell.edu domain, units such as colleges, schools and administrative departments have their own subdomain names, such as arts.cornell.edu or library.cornell.edu.
The second policy, Security of Information Technology Resources, states that if you own your own computer or manage the software on a university-owned computer, you are responsible for ensuring the security of that computer on the Internet. This includes keeping the operating system software up to date and following sound security practices, such as having virus protection that is regularly updated and a personal firewall. Additionally, you are responsible for responding to and assisting with security incident response as required.
The third policy involves Reporting Electronic Security Incidents. Any computer connected to the Cornell network that has been "hacked," compromised or abused must be reported promptly. Computer users should notify their local support provider (the person in their department who provides computer support); support providers should notify the Network Operations Center at noc@cornell.edu or the Security Team at security@cornell.edu. The person responsible for the affected device should disconnect it from the network to avoid spreading the problem, collect and report information about the incident and repair the problem before reconnecting to the network.
"Cornell is in the process of building and implementing a security infrastructure that will significantly enhance the protection of our IT resources; decrease the effects of viruses, worms and other risks with Internet access; and provide consistent incident response when security incidents do happen within our infrastructure," said Steve Schuster, director of the IT Security Office. "A required step in building this infrastructure is the promulgation of the newest security policies."
Network Registry, the fourth policy, states that all devices (including wireless hubs and switches) connected to the Cornell network must be registered in a central network registry maintained by Cornell Information Technologies (CIT). Network administrators or users must provide, at a minimum, the following information for each computer, printer or other device: MAC address (the serial number of the network interface card), IP address (if static) and the NetID of the primary user or the person responsible for the administration of the device. CIT makes tools available to assist with registration, such as Web forms that can automatically detect the MAC and IP addresses.
For more information about these policies, visit http://www.cit.cornell.edu/oit/policy/june04.html.
| Cornell Chronicle Front Page | | Table of Contents | | Cornell News Service Home Page |