Securing Computers: Policy Statement

September 23, 2003

September 23, 2003

Memorandum to: Provosts, Deans, Directors, and Department Chairpersons

From: Dr. Philip Furmanski, Executive VP for Academic Affairs
Karen Kavanagh, Executive VP for Administrative Affairs

Subject: Securing Your Computers and Their Files

Information in its many forms has become a critical institutional asset that needs to be protected. No computing system at Rutgers is immune from being compromised or crippled. With over 30,000 computing systems and the high bandwidth capacity associated with RUNet, we must assume that Rutgers will be a target. The recent outbreaks of two highly effective worms, Slammer and MS Blaster, and the newer version of the W32/SoBig virus, greatly emphasize the need to keep computer operating systems current with the latest anti-virus software updates and operating system patches. The costs of recovery from these events have been significant, with the burden of responsibility of addressing the effort falling on departments.

To assist you in this responsibility, OIT has developed tools for use by your local computing staff.

1. Rutgers Antivirus Delivery System (RADS): You must ensure that all desktop computer systems in your area are configured to automatically update both operating system and anti-virus software by October 31, 2003. It is recommended, but not mandated, as an additional layer of security, to install a software firewall as well. The RADS software is available at http://mssg.rutgers.edu/documentation/rads. RADS installation assistance is available through your local computing services Help Desk.

2. Baseline Security Evaluation Checklist: You or your designated representative must complete the department's Baseline Security Evaluation Checklist, which can be found at http://rusecure.rutgers.edu/secplan/secintvw.htm. Upon completion, email to rusecure@rutgers.edu by December 15, 2003.

Progress reports on both RADS and the Baseline Security Evaluation Checklist will be submitted to the University Cabinet on a monthly basis.

Rutgers University is a dynamic learning and working environment for students, faculty and staff. Providing secure and reliable information technology resources to further the goals of the institution represents considerable commitment of personnel and assets across the university. With this in mind, it is imperative that all departments take appropriate steps to create a safe computing environment. We appreciate your cooperation in this regard.