SafeConnect & Network Management Policy
Network and Policy Management System
The College has recently implemented a system called SafeConnect used to manage the residential and wireless portions of our campus network. The goal of the system is to help establish a computing environment that is safe and reliable for all users through the enforcement of policies that have long been in place. All computers connecting to the network in Eastchester housing and YUWireless are required to register through SafeConnect.
How it works:
When the user of the computer brings up a web browser SafeConnect responds to the initial attempt to contact the default home page and the user is presented with a login page. (Eastchester Housing only) Once authenticated the user is directed to a page that allows them to download the policy key.
The policy key is a small piece of software that runs in the
background once installed. When the key starts up it contacts
the SafeConnect appliance on our network, downloads the parameters of the
policies that we have defined and it checks to see if those policies are
met. No private information is ever looked at or stored and the policy key uses
practically no system resources. If the computer is taken off the network
the key goes dormant and has no impact on use of the computer.
Policies that are enforced:
Authentication: All computers must be authenticated using an ITS provided login and password (same login as email). Your login and password are your keys to the network and email. Do not share them with anyone!
Policy Key: All Windows and Mac computers must have the
SafeConnect policy key installed and running.
Antivirus: One of the following antivirus programs with up-to-date virus definition files must be installed and running on every Windows PC on the network. Sophos, McAfee, TrendMicro, EZ Antivirus, Symantec, AVG, Authentium, Microsoft OneCare, Symantec Corp, McAfee NA, McAfee 45, TrendMicro Corp, Panda, AVGuard, Avast, Bitdefender, Kaspersky, SpySweeper AV. Other computers such as Mac and Linux systems are expected to be running up to date antivirus software as well.
System Patches: All Windows computers should be set to automatic download and install all critical security patches. Macintosh and Linux systems have that ability and it should be turned on as well.
Routers, Switches and Hubs: While the use of routers and wireless routers are not forbidden, they are highly discouraged and may cause network performance problems. These devices are not supported by ITS in any way. Generally desktop Ethernet switches or hubs are preferred. If a router is to be used, students need to first register and install the policy key while their computer is directly connected to an Ethernet wall outlet (without the router in place). Additionally all wireless routers and access points must be fully secured according to the manufactures instructions.
Policy enforcement is as follows:
Authentication: Users will be denied access until valid
credentials are supplied.
Policy Key installed: If the policy key is not installed and running the computer is blocked from network access. Access will be provided to a web page from which to download and install the policy key.
Antivirus installed: If one of the approved antivirus programs is not installed the computer is blocked from network access. Access will be provided to a website from which to download and install Symantec antivirus software, which we have, site licensed so that it is available to everyone at AECOM free of charge.
Antivirus running: If antivirus software is installed, but not running the user will be warned every 12 hours that they are out of compliance, but not blocked from network access. If the software is not running within 3 days of the first warning, then the computer will be blocked.
Antivirus definitions: If antivirus software is installed and running, but the virus definition files are out of date, the user will be warned every 24 hours that they are out of compliance, but not blocked from network access. If the virus definitions are not updated within 5 days of the first warning, then the computer will be blocked until the definitions are updated.
Automatic Updates: If auto-update is not turned on; the user will be warned every 7 days that they are out of compliance. If the condition is not rectified within 2 weeks of the first warning, the computer will be blocked from the network.