Department of Molecular & Cell Biology

Computer and Network Security

The UC Berkeley campus has in place a set of Minimum Security Standards that applies to all computers and devices connected to the campus network, either directly or with a wireless connection. The purpose of these standards is to protect both individual devices and the network in general from attacks. Any computer or other device that does not meet the standards is subject to being blocked from access to the network.

Before purchasing any computer or device that you plan to connect to the network, verify that it is capable of meeting the standards below. All existing computers (including laptops) and network devices and newly purchased ones should be configured using the guidelines below (this particularly applies to computers).

Minimum Standards

1. Operating System and Software patch updates - All software including operating systems must have security patches provided by their vendors in a timely fashion and these patches must be installed.
   

   Operating Systems - Computers running older operating systems such as Microsoft Windows 95,98, NT and Apple OS9 (or earlier) are no longer supported by their vendors and should not be connected to the network (see software patch FAQ for details). All other computers must be routinely updated with security patches and preferably configured for automatic updates. Detailed instructions for performing updates are available for Microsoft Windows, Apple OSX, and Linux/UNIX.
   
   Other Software - All other software should be routinely patched. This is particularly important for network applications such as web browsers, e-mail clients, server software (e.g., mail, web and database servers) and file sharing software. Some applications will notify you of updates, otherwise check the vendor's web site for patches. Software that is not supported by the vendor any long (e.g., Eudora) should not be run.

2. Anti-Virus Software - Microsoft Windows and Apple OSX systems must have anti-virus software installed. Consult the list of approved software for links to downloads of campus licensed anti-virus programs.
   
3. Host-based Firewall Software - Microsoft Windows, Apple OSX and Linux/UNIX systems must have host-based firewalls installed. These programs help prevent access to your computer from hackers. Consult the list of approved software for links to downloads of campus licensed firewall programs. At a minimum, you can enable your operating systems' built-in firewall.
   
4. Passwords - Access to computers and network devices must require passwords for access and passwords should meet minimum complexity requirements. This is especially critical for any computer or device that allows for logging in over the network such os OSX's remote login or Windows Remote Desktop.
   
5. No Unencrypted Authentication - Don't use network services that send usernames and passwords in clear text across the network. Common examples are FTP, Telnet and unencrypted POP or IMAP (for email access). You should use encrypted versions instead, such as sFTP, SSH, SSL/TLS for email. In line with this, campus servers such as CalMail, Socrates and the MCB webserver already currently only allow encrypted connections. Additional information is available at https://security.berkeley.edu/MinStds/unencrypted.auth.html.
6. No Unauthenticated Email Relays - If you run your own e-mail server (highly discouraged), you need to make sure that it is configured not to allow email to be sent by anyone who does not have an account. This is vital to prevent spam. For more information see http://www.net.berkeley.edu/antirelay_resources.shtml
7. No Unauthenticated Proxy Services - If you run your own proxy server (a service that make it appear that you are from a different computer than you are), it must be configured to authenticate users. There are alternative methods of accessing campus resources without running your own proxy server, namely the free campus VPN service or the library's proxy service.
8. Physical Security - To prevent unauthorized people from using your computers you should make sure that they are in a secure location or locked down. In addition, you should configure them to automatically log out or "lock" the computer, requiring a password to resume, after a period of inactivity such as 20 minutes. This can commonly be set up in screen saver or sleep settings. For more information, including instructions on how to enable locking in Windows and OSX see https://security.berkeley.edu/MinStds/Physical.html
9. Disable Unnecessary Services - Services are programs that run on your computer in the background. Both for security and performance reasons it is best to disable any services that you do not need. Information on how to find and disable unnecessary services for Windows, OSX and Unix are available at https://security.berkeley.edu/MinStds/Un-Services.html.

Exceptions

If you have a computer or device connected to the network that can not meet these standards, but which is essential for you teaching or research, you can request an exception to the policy. You should contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it for assistance.

Help and Links

If you have any questions or problems not addressed here, check the links below.

• Campuswide IT Security - https://security.berkeley.edu/
• Minimum Standards - https://security.berkeley.edu/MinStds/AppA.min.htm
• Implementation guidelines - https://security.berkeley.edu/MinStds/impl.guide.html
• System and Network Security Knowledge Base - https://kb.berkeley.edu/jivekb/kbcategory.jspa?categoryID=48
• Campus IT Policies - http://technology.berkeley.edu/policy/itpolicy/