Smart Device & Tablet Security
Smart devices and tablets are quickly becoming the new standard for accessing information. As these devices continue to proliferate, it is incumbent upon system administrators to appropriately secure them. Appropriate system management of user devices assures the confidentiality of data and information by preventing unauthorized access, the integrity of the host configuration, and availability by preventing unnecessary downtime.
Scope
These guidelines apply to any host system managed by any McMaster University. These are recommendations and guidance for system administrators.
Guidelines for deploying secure smart devices and tablets
Content...
- Encryption of device contents such as contacts strongly encouraged if available
- Files containing corporate and/or student information must not be stored on the device
- Where possible, retention of electronic mail should be limited to 2 weeks on device
- Passwords used to access McMaster University information systems must not be stored on the device
Perform regular risk assessments...
System Administrators should perform the following risk assessments:
- Malware scans should be performed weekly
Enable and maintain local technical controls
- Uninstall software and disable services that are not in use and/or not required
- Configure the operating system and applications to automatically install security updates and/or patches
- Install, maintain and use anti-virus and/or anti-malware software
- System administrators should install the Trend Micro OfficeScan client:
https://antivirus.mcmaster.ca
- System administrators should install the Trend Micro OfficeScan client:
Enable physical controls...
- Devices must not be left unattended unless properly secured.
Control local access
- Pin or password protection must be used
- System should automatically lock if unattended
- Recommended setting is 10 minutes of inactivity for password protected screen saver to become enabled
- Disable, rename or delete unnecessary default accounts, including but not limited to operating system accounts, remote access accounts, application management accounts, service accounts
Control remote access...
- Enable and configure a local system firewall or host based intrusion prevention
- Connections to management interfaces from outside of the McMaster University network should always be made through the Virtual Private Network (VPN)
- Disable remote desktop and remote access unless absolutely necessary
- Remote access should be granted using the principle of least privilege and authority*
- System firewall should be enabled and properly configured.
Service Desk
| Hours: | Monday - Friday 8:30 am - 4:30 pm |
|---|---|
| Phone: | 905-525-9140 x24357 (2HELP) |
| Email: | uts@mcmaster.ca |
| Location: | Main Campus BSB Rm. 245 |
| Service Catalog: | |
| http://www.mcmaster.ca/uts | |
Service Bulletins
- There are no Service Bulletins at this time