Hi folks –
This mail is to remind you that starting Sunday, the campus reserves the right to terminate network access without notice, for systems which do not meet the campus minimum security standards for networked devices.
Although EECS has made good progress towards meeting the standards, there are still many many systems on our networks which are not up to code. We are continuing to work with you to fix the existing problems, and are actively developing tools to assist you in assessing the state of your systems.
Aspects of the standards which are most likely to cause problems in EECS include:
* Windows and Apple systems must run antivirus software.
* All mail servers must scan mail for virus laden attachments.
* Most hosts, including Windows 2000 Professional, XP, MacOSX, and all unix systems, must run personal firewall software.
* All services must be authenticated, and no unencrypted authentication mechanisms are allowed. Services such as telnet and non-anonymous FTP need to be turned off. All unnecessary services must be disabled.
* Systems must be fully patched. Systems must not run software or operating systems which are not actively supported by the developer. A partial list of operating systems no longer allowed on campus networks includes:
Windows NT4 and earlier
Windows 98, first edition and earlier
RedHat Linux 9.x and earlier (must upgrade to Fedora or enterprise edition)
Solaris 7 and earlier, unless you have an active “Vintage Support” contract with Sun
SGI IRIX before 6.5.27
HP-UX 10.30 and earlier
Ultrix
OSF
AIX 4.3.3 and earlier
MacOS 9 and earlier (must upgrade to OSX)
Systems running these operating systems *may* be disconnected from the network without notice starting Monday (see below).
The full set of standards is online here:
http://socrates.berkeley.edu:2002/MinStds/AppA.min.htm
The overall campus security policy (including implementation guidelines and mechanisms for requesting exceptions to the standards) is here:
http://socrates.berkeley.edu:2002/MinStds/
Although we do not anticipate that there will be a mass disconnection of noncompliant systems on Monday, recent security incidents elsewhere on campus have *significantly* increased the likelihood that this will happen in the not-so-far future. We *strongly* urge all members of the department who are responsible for computing resources (there are about a thousand of you) to make sure that those systems are compliant with the minimum standards in order to avoid inconvenience.
Please send questions or concerns directly to me.
Thanks, folks.
–alex