IT code of connection

On

Governance

You must comply with the University’s IT code of practice and any other relevant policies and procedures.

IT code of practice

Applies to Endpoint users, Servers and Applications


Records

You must keep records of ownership up to date, including network registrations and local asset registers. If you fail to keep records up to date then systems may be disconnected from the network. Speak to your local IT support contact or the IT Service Desk if you are unsure where records are held.

Applies to Endpoint users, Servers and Applications


Patching

Security patches must be applied promptly. Unpatched systems that present a security threat will be suspended from the University network.

University information security (login required)

Applies to Endpoint users, Servers and Applications


Antivirus software

All systems which are able to do so must have antivirus installed, enabled, updated and configured appropriately.

Antivirus advice (login required)

Applies to Endpoint users and Servers


Firewall

All systems which are able to do so must have a firewall installed, enabled and configured appropriately.

University firewall (login required)

Applies to Endpoint users and Servers


Encryption

All systems which are able to do so must have encrypt data both at rest (eg. Bitlocker, Filevault) and in transit (eg. TLS).

Encryption advice (login required)

Applies to Endpoint users, Servers and Applications


Security testing

IT Services tests the security of systems connected to the University network. You must not carry out any unauthorised security tests (e.g. vulnerability testing of other peoples systems). You can request a security test of your system or application by contacting the Information Security team (login required).

Applies to Endpoint users, Servers and Applications


Accounts and passwords

Only necessary accounts must be enabled; unused accounts and guest accounts must be disabled. All accounts must be protected with strong passwords. Default usernames and passwords must be changed.

Password advice (login required)

Applies to Endpoint users, Servers and Applications


Network management

You must not extend the University network (for example by using a wireless access point) without authorisation.

Applies to Endpoint users


Security incidents

You must report all security incidents to IT Services in accordance with the University’s Information Security Incident Policy.

Information security incident policy and procedure

Applies to Endpoint users, Servers and Applications


System security

Systems must be secured/hardened in accordance with vendor supplied and/or industry good practice guides. Systems communicating sensitive information must only do so over secure protocols such as SSH/HTTPS. Unused/insecure network services must be disabled.

Applies to Servers and Applications


Secure development

If providing a service or application (e.g. a web application) then you must ensure that the system has been developed in accordance with recognised good security practice, such as OWASP Top 10.

Applies to Applications


If you have any questions about the above points or require advice on configuring and securing your system, contact the Information Security team (login required) or the IT Service Desk