University of California, San Diego



June 10, 2004

ALL ACADEMICS AND STAFF AT UCSD (including Healthcare)

SUBJECT:    Minimum Network Security Requirements

UCSD depends on its information technology infrastructure to support its research, instruction, healthcare and administrative systems. This infrastructure is under constant attack: hackers are attempting to break into computers across campus every day. Even more dangerous and costly threats loom as viruses become increasingly malicious and hackers become more sophisticated.

To combat this threat we have jointly approved a set of minimum security standards to be met by any device connected to the UCSD network. The Academic Senate Committee on Academic Information Technology has also endorsed these standards.

The minimum standards and how to implement them are listed in the Implementation Guide (see below) and include:

*                      Anti-virus software
*                      Firewall protection

We encourage you to implement these standards as soon as possible. However, because the impact of these standards is broad, a six-month grace period has been established, ending on December 31, 2004. Devices that have not met the new standard by the end of this period will be subject to disconnection from the UCSD network. Exceptions to the minimum standards will be approved on a case-by-case basis and only if network security is not jeopardized.

The campus has purchased a volume license for the Sophos anti-virus product (Windows, Mac, and Unix environments) and has made it available at no charge to the UCSD community for both campus and home use. Other major vendors' anti-virus products are also acceptable for the purposes of meeting the minimum standards. Host-based firewall protection is included in current versions of the major supported operating systems (Windows XP and Mac OS X). Instructions for configuring and enabling these and other OS versions can be found in the Network Security Resources link below.

Computer users should check with their system administrators to see if their machine(s) are already policy-compliant and, if not, what steps need to be taken to make them compliant. Computer users who serve as their own system administrators are responsible for bringing their devices into compliance with policy, using the instructions provided on the websites below. Additional help may be available from departmental and/or divisional computing staff.

Administrative officials should review the Network Security Policy, which contains the minimum standards to be met to determine the impact on their unit and to ensure that steps are taken to comply. Information concerning implementation of the minimum standards is available on the websites below.

System administrators should review the Network Security Policy and bring any noncompliant machines into compliance.

Implementation Guide:
Network Security Resources:
Network Security Policy:

Questions about this policy can be sent to computingpolicies@ucsd.edu. Questions about the announcement should be addressed to Charlotte Klock, Chair of the ACTPC Security Subcommittee, at cklock@ucsd.edu or x21223.

Steven W. Relyea
Vice Chancellor - Business Affairs

David R. Miller
Acting Sr. Vice Chancellor - Academic Affairs