Security

Each computer server connected by the Web must have an administrator who is responsible for maintaining a secure environment. Precautions must be taken to protect the information referenced by the Web as well as the University computers and networks. In addition, no unauthorized persons should have access to the University's Internet resources. Access for contracted vendors must be terminated as soon as the contract is complete.

Information providers must create strong passwords when establishing their IP account. As of March 2004, IP account passwords must be reset every four months. ITS defines a strong password as:

A string that contains three of the following
- Uppercase letters,
- Lowercase letters,
- Punctuation, OR
- Numbers, AND
Does not appear as a word or is derivable from a word in ANY dictionary, AND
Does not repeat a character more than twice, AND
Is not the same as a previous password.

Increasingly, individual computers are attacked to gain access to University networks. Each department's computer support staff can provide advice on security measures. For example, turning off computers when they are not in use is a simple but effective protection. Members of the University community who suspect that their computers have been compromised should seek assistance immediately because one networked computer can be used to gain access to others. Contact Information Security with any questions or concerns.

PHP and Other Programming Languages

The use of powerful scripting languages such as PHP and Perl brings with it the responsibility to ensure that they are used in a secure manner. All of these languages can allow hackers access to University content when they are used improperly. Site authors and webmasters are expected to know and use secure methods and best practices.

Content last modified: Tuesday, 17-May-2005 14:53:29 EDT
Questions or comments