Network Security FAQ

What is the difference between the "public access network" and the "computer data network reserved for faculty, staff, and computer labs" mentioned in the policy?

I use a laptop, does my laptop have to be configured to use the "centralized authentication system"? If so, will I be able to log into my computer when I unplug it from the college network?

Why does Technical and Network Services have to have an administrative account on my computer?

I want to know when the Technical and Network Services administrative account is used on my computer; how do I determine when it was used and for what reason?

Some updates are known to break computers. I don't want TNS installing the updates and breaking my computer. Can I do the updates myself?

Why is Apple Remote Desktop running on my computer and why does it need to remain enabled?

What is the binocular symbol in the menu bar at the top of my screen?

What is a "complex password" and why do I need to have one?

Why can't I have my computer auto-login with my account when I boot up the computer? I have had it configured this way for years.

I use a Mac and there are not any viruses or security problems like Windows. Why do I have to do all this inconvenient security stuff when it doesn't seem necessary?

What is the Microsoft UAM module?

What is packet sniffing?

I have guests from who are not part of the University attending a conference I am hosting. How does this policy affect them and what needs to be done to set them up to be in compliance with the policy?

If my computer is plugged into the building network it should be safe. I don't think anybody in this building will try to get into my computer so why do I need do to all this security stuff?

What is the difference between the "public access network" and the "computer data network reserved for faculty, staff, and computer labs" mentioned in the policy?

The UT public access network is a collection of Ethernet ports in public areas across campus and all wireless access points connected to UTnet, the campus network. The Public Network allows members of the University community and sponsored guests to access University computing resources and the Internet from many buildings and common areas using network-capable laptops and portable devices. With the UT public access network, you have to log into the system with a valid EID account before you will be allowed to use the network. The UT public access network is maintained by ITS and problems with the public access network should be directed to them.
The "computer data network reserved for faculty, staff and computer labs" is maintained by Technical and Network Services and ITS holds Technical and Network Services responsible for all devices that connect to this network. The College of Education Network Security Policy as well as ITS's computer security policy applies to this network. If your computer is plugged into a computer data port in an office, then it probably is not a public access port but rather a port that connects to the Technical and Network Services maintained network.

| Back to Top |

Why do we have/need this policy?

So that Technical and Network Services can ensure that University owned computer which connect to the University's computer data network adhere to ITS policies regarding IT resources used within the University.
Users of the College of Education's computer data network need a network security policy that is clearly defined so that they know what their responsibilities are in regards to computer data network use.
Some of the policy requirements will allow for Technical and Network Services to better and more efficiently maintain computers in the various College of Education offices around campus. For example the policy granting Technical and Network Services administrative level access to University owned computers will allow technical support staff to remotely repair computers upon request or quickly send critical security related updates to your computer to ensure it is protected against viruses and other threats.
Computers which adhere to the network security policy will be more secure and less likely to be vulnerable to computer related threats such as viruses, worms, or hacking. The reduced amount of computers vulnerable to attacks will result in technical support staff being able to direct limited resources to other services. In the past year, the College of Education network had 243 computer security related incidents.
To ensure the College of Education is in compliance with Texas Administrative Code Title 1- Part 10 - Chapter 22 - Section 202.2.

| Back to Top |

I have questions about this policy, who do I contact?

For questions regarding the network security policy please contact Technical and Network Services.

| Back to Top |

Who does this policy apply to?

Any person or computer that utilizes the College of Education's computer data network.

| Back to Top |

I use my own laptop/computer - does this policy apply to me?

Owners of computers not bought with University funds need to adhere to the last policy regarding privately owned computers. Technical and Network Services is not authorized to provide support for non-University owned computers. Privately owned computers need to be registered with Technical and Network Services if they will be plugged into the College of Education's computer data network reserved for faculty, staff and computer labs. As stated in the policy, a running virus scanner with the latest virus definitions will need to be running when plugged into the College of Education's computer data network reserved for faculty, staff and computer labs. Privately owned computers make up a significant portion of the number of computer security incidents in the College.

| Back to Top |

What happens if I don't follow the policy?

It depends on the nature of the policy violation. For small infractions with University owned computers you will be notified of the violation and given the chance to bring your computer into compliance with the policy. For larger or repeat infractions, your supervisor and possibly your departmental head will be notified of the violation. Technical and Network Services recognizes the fact that the network security policy might pose problems with special configurations of computers required for research activities. The Network Security Policy has a large portion dedicated to exemption procedures which were developed to account for this situation. Technical and Network Services will work with you to ensure your computer is in compliance as much as possible with the Network Security Policy while not impacting your research.
For privately-owned computers, repeat violations of the network security policy will result in your computer not being allowed to use the College of Education's computer data network reserved for faculty, staff and computer labs.

| Back to Top |

What is a "network service"?

A program running on a computer that provides access and services to other computer on the network (i.e. web server, file server, etc.)

| Back to Top |

How do I register my computer?

University owned computers used by Faculty and staff which are directly supported by Technical and Network Services will be registered by Technical and Network Services support staff.
Faculty and staff computers which are not directly supported by Technical and Network Services staff will either be registered by the departmental IT support personnel for the computer or Technical and Network Services staff at the request of the departmental IT support personnel.
Privately owned computers will need to be registered with Technical and Network Services by the owner. Technical and Network Services will verify that the computer meets the minimum standards for privately owned computers as specified in the College of Education Network Security Policy. Once registered with Technical and Network Services, the computer may be used on the College of Education's computer data network reserved for faculty, staff and computer labs.

| Back to Top |

What is the "centralized authentication system" mentioned in the policy and how will it affect me?

The system allows your computer authentication information to be stored in a centrally located server as opposed to individually on each computer that you log into. This will allow you to have a single account across all computers you need access to so that you can quickly and easily change your password if needed. In addition you will be able to quickly disable your account in the event your account is compromised thus ensuring your data is secured. The system will also ensure your password meets the minimum complexity requirements to ensure your data is safe.

| Back to Top |

I use a laptop, does my laptop have to be configured to use the "centralized authentication system"? If so, will I be able to log into my computer when I unplug it from the college network?

The first phase of the centralized authentication system does not include laptops. As the technology becomes more reliable for laptops, they will be included in the system.

| Back to Top |

Why does Technical and Network Services have to have an administrative account on my computer?

An administrative level account is needed to perform security related updates to University owned computers.
It will allow support personal to repair your computer when you are not in the office or otherwise available to log support staff into your computer.
Support staff will be able to repair computers faster by remotely connecting to a computer at the user's request.

| Back to Top |

I want to know when the Technical and Network Services administrative account is used on my computer; how do I determine when it was used and for what reason?

When your computer is set up to use the centralized authentication system, log file entries which log use of the Technical and Network Services administrative account are sent to a secure event logging server. You may view the log entries pertaining to your computer. Log files which track all logins to your computer are also stored locally on you computer's hard drive.
Administrative level access to computers is only used by Technical and Network Services on the user's request or request of the user's departmental head. Users will be notified if critical security updates were applied to their computer by Technical and Network Services.

| Back to Top |

Some updates are known to break computers. I don't want Technical and Network Services installing the updates and breaking my computer. Can I do the updates my self?

Technical and Network Services will only update computers with updates which are deemed "critical" and pose an immediate security threat to your computer and the College of Education's or University's computer data network.
You will retain the ability to apply updates to your computer.

| Back to Top |

Why is Apple Remote Desktop running on my computer and why does it need to remain enabled?

Apple Remote Desktop allows Technical and Network Services to quickly update computers remotely.
It allows Technical and Network Services support staff to connect remotely to computers for repairs at the the computer user's request.

| Back to Top |

What is the binocular symbol in the menu bar at the top of my screen?

This icon gives the status of the Apple Remote Desktop (ARD) connection.
- A grey binocular icon means ARD has been installed on your computer but is not running.
- A black binocular icon means ARD is running on your computer but the remote connection is not being used.
- A square monitor icon with binoculoars inside the box means an administrator is actively observing or controlling your computer.

| Back to Top |

What is a "complex password" and why do I need to have one?

A complex password is a password which is not easily guessed or deduced. A complex password helps to ensure your computer and data are kept safe. Computers participating in the "centralized authentication system" utilize user accounts which must adhere to the following rules:
- Passwords must be at least eight (8) characters long.
- Passwords must contain characters from at least three (3) of the following four (4) classes:
  - English Upper Case Letters A, B, C, ... Z
  - English Lower Case Letters a, b, c, ... z
  - Westernized Arabic Numerals 0, 1, 2, ... 9
  - Non-alphanumeric ("Special characters") E.g., punctuation symbols.
- Passwords may not contain your user name or any part of your full name.
- Your password must be different from the last 10 passwords you used.

| Back to Top |

Why can't I have my computer auto-login with my account when I boot up the computer? I have had it configured this way for years.

Information Security not only deals with computer network security but also physical security of the information contained within your computer. You can have the best password in the world but if your computer auto-logs in with your account, a person does not need to know your password to gain access to the data on your computer. UTPD reports many instances of people walking into offices with the intent of stealing items. There have been documented instances of item theft from offices in the Sanchez building.
Password protected screen savers alone are not sufficient enough when the computer can be rebooted and the computer auto logs in with your account.

| Back to Top |

I use a Mac and there are not any viruses or security problems like Windows. Why do I have to do all this inconvenient security stuff when it doesn't seem necessary?

OS X is now based on UNIX which has many vulnerabilities. UNIX is inherently more secure than Windows but UNIX is not perfect. All it takes is one instance of a computer being compromised and all email, data, etc on the computer is exposed. Apple users can no longer rely on the obscurity of the MacOS to protect them. It only takes one incident such as social security numbers being exposed to make newspaper headlines across the world.

| Back to Top |

What is the Microsoft UAM module?

A program that when installed on your Mac will ensure authentication information is encrypted with Windows based server shares. The default network share connection program in OS X sends usernames and passwords unencrypted when connecting to a Windows server. It is trivial to extract usernames and password from unencrypted network traffic. Versions of Mac OS X 10.4.6 and later have the Microsoft UAM module built into them so no additional program needs to be installed.

| Back to Top |

What is packet sniffing?

Computer data is transferred between computers in a stream of packets. Packet sniffing is when the packets are "listened" to by a third party. Think of a phone conversation going through a phone line and someone hooking up a phone to the telephone line and listening to your conversation. If you speak in plain english what you say is heard and recorded by the third party listener. If you speak in a language only you and the person you are talking to understand, the third party can hear what you are saying but won't be able to understand it. Speaking in a language only you and the person you are talking to understand is like "encrypting" your conversation.
The UT public wireless network is unencrypted so unencrypted programs such as standard FTP can be listened to by anyone in range of your computer's wireless signal. Passwords and other confidential information can be easily harvested and used. When sending sensitive data over a wireless network, ensure the data is encrypted. When in doubt, physically plug your computer into the network with a network cable.

| Back to Top |

I have guests who are not part of the University attending a conference I am hosting. How does this policy affect them and what needs to be done to set them up to be in compliance with the policy?

Notify Technical and Network Services as soon as possible if you are coordinating an event which will require network access to individuals who are not a faculty, staff, or students of the University. Individuals who do not have an EID account will need to have guest EID's created so that they can to log into the UT public computer data network. When in doubt, contact Technical and Network Services as soon as possible before the event in order to ensure there are no complications with computer network access for your event attendees.

| Back to Top |

If my computer is plugged into the building network it should be safe. I don't think anybody in this building will try to get into my computer so why do I need do to all this security stuff?

Plugging your computer into the University network is basically plugging it directly into the Internet with no wall or barrier protecting you. In a traditional corporate computer network, a device called a firewall is placed between the corporate network which contains the company computers and the rest of the Internet. In this configuration, the corporate computers are free to communicate with each other while staying protected behind the wall between the Internet and them. Since the University has such a large number of computers and a tremendously large number of varying requirements due to research, an effective firewall cannot be placed between the University network and the Internet.
Plugging your computer into the University network is like jumping into an ocean. If your computer is not secured, then it's like jumping into an ocean of sharks with a bleeding cut on your arm. Anyone in the world can connect to your computer. The only thing stopping them from actually accessing the data on your computer is your password and how well the programs and operating system running on your computer are configured and patched for security related vulnerabilities. The College of Education network and the computers connected to it are constantly probed for weaknesses by computers from all over the world. Instances of computer vulnerability scans from places as far away as Brazil and eastern Europe are common on the College of Education network.

| Back to Top |

Last updated on February 14, 2012