Go to the U of M home page
School of Physics & Astronomy
Physics & Astronomy Wiki


This is an old revision of the document!

Network Security Policy

May 2010 - this is no longer a draft

Required for all network-connected devices

  1. All systems connected to the School network1) must be running an operating system which is still supported by its vendor for security updates.
    • For example, (at the time of writing) the minimum acceptable version of Windows is XP with SP2. Windows 95, 98, ME, NT and 2000 are not acceptable, and cannot be connected to our network.
    • Apple generally provide support for two concurrent OS releases, for example when 10.6 is available then 10.5 is also supported but 10.4 becomes unsupported and so unacceptable by this policy.
    • The same overall requirement applies to Unix, Linux, and other systems such as embedded data acquisition devices.
  2. Only one device may be connected to any physical network port. No hubs, switches, wireless access points or routing devices may be connected, directly or indirectly, without prior discussion with and agreement from School computing staff.
  3. Non-departmentally-managed systems may not inhabit the same network subnet as departmentally-managed systems.

Data security

  1. For any Windows or Macintosh computers which you connect to the School network:
    1. You must install the Bigfix software agent. Please see our Bigfix information page for more details.
    2. You must install and run antivirus software.
    3. You must install firewall software and configure it to prevent unrestricted connections.
  2. Strong passwords must be used for all accounts.
  3. All systems are subject to regular network security evaluation. Systems which are found to be non-compliant will be removed from the network if not corrected.

Some more information about available options for antivirus and firewall software can be found here: antivirus

Exception mechanism

If you cannot meet the above criteria, or do not wish to install the Bigfix client or antivirus software, your computer will be placed on a separate protected network segment. You must also declare that the computer will not be used to store or process any University private data. It may not be registered for a static ip address or receive incoming network connections, and will be given limited access to the following School resources:

  • School web sites, mail services, and secure shell.
  • Printing, either via the School's file/print server, CUPS, or port 9100 (“jetdirect”).
1) The School network encompasses all network jacks within Tate Lab. All subnets used by groups within the School are considered to be part of the School network
computing/policies/network_connection.1323454349.txt.gz · Last modified: 2011/12/09 12:12 (external edit)