Learn security best practices for protecting Web applications, servers, and workstations. Also, find out about ITS resources that are readily available to help you. If you have questions about training or policies, this site is your launch pad. The contents of this page include:
- Get a Preconfigured Secure Computer
- Get Security Software
- Configure Firewalls
- Get ITS Network Services
- Get Secure Server Administration
- Other Tips and Guidelines
- Get Training
- What to do if you have a security problem
Secure Your Servers, Workstations, and Network
- Through the Departmental Computing Inititative, Cavalier Computers makes departmental computer purchasing easy. Their knowledgeable sales staff will work with you to get you the computer best suited for your needs.
- AntiVirus: Use Microsoft Windows Defender for PCs, Gatekeeper for Macs, or Cylance for Linux, Mac, or Windows
- Delete your data safely and securely by following the Electronic Data Removal Procedures guidelines. You can download the Secure Deletion Shredder for Windows using this link. To securely delete information for Macs and get more information on securely deleting data on your device, follow this link.
- Transfer files to/from servers using SecureF
- Secure remote access and file transfer with SecureCRT
- Encrypt files on your computer
- Patch Management Service
Endpoint Management System Center Configuration Manager (EM-SCCM): Enables administrators to remotely manage large groups of computers for Operating System deployment, software deployment, patch management, and hardware and software inventory
JAMF: Enables administrators to manage departmental Mac computers for Operating System updates, software deployment, and patch management
Windows Software Update Server (WSUS): Enables administrators to manage the distribution of updates and Microsoft Security patches to Windows computers
- Networks Hardware Firewall Service: ITS's Level III Firewall Service is offered to support customized secure zones within the UVA network. Typically these are for small groups of departmental servers that have specific access requirements which cannot be accommodated on the free UVA More Secure Network.
- The More Secure Network: If your department is managing sensitive or internal use data, we recommend that devices used by members of your department be secured behind the University's hardware firewall, the More Secure Network. The list of "devices" includes (but is not limited to) desktop computers, laptops, tablets, cameras, audio recorders, smart phones and other mobile devices, as well as servers (including shared drives), printers, copiers, routers, switches, firewall hardware, network-aware devices with embedded electronic systems (i.e. “Internet of Things”), supervisory control and data acquisition (SCADA) and industrial control systems, etc. If your department manages highly sensitive data, you must locate devices behind a hardware firewall configured by a highly skilled IT professional and approved by the UVA Information Security office or the Health Information and Technology office as appropriate.
- Netbadge Developer Info for Windows and IIS: Follow the link to access information for developers who need to build or adapt Windows applications to use NetBadge, and IIS Web server administrators who need to work in the NetBadge environment.
- Netbadge Developer Info for Linux/Apache: Follow the link to access instructions for installing & configuring a Shibboleth SAML service provider for NetBadge single-signon.
- Network Registration: ITS requires most devices connecting to the University wired and wireless network be registered in ITS’ database. This policy enables ITS to track down compromised or “hacked” machines quickly, minimizing damage done not only to those machines, but also to others on the University network as well. More timely problem resolution means shorter downtimes and shorter periods of degraded network performance for all users at UVA.
Log into UVA Network Registration through NetBadge to register a device, or to check and/or update an existing device's registration.
- Public Key Infrastructure: Follow the link to access instructions for generating and using an openssh key pair (Secure SHell - SSH).
- ITS Windows Server Support (for fee): Whether you need a physical server or a virtual host, Information Technology Services (ITS) has options to accommodate your needs. Let ITS manage your server (and everything that goes along with it) so you can devote your time to other tasks.
- ITS UNIX Systems Servers Support: Learn how to manage your Home Directory account, including how to recover files and manage groups and file ownership if you are a UNIX group administrator.
- Scan your operating systems for vulnerabilities: Tenable.io is Tenable’s new vulnerability scanning platform, with scanning performed by a lightweight agent installed on your device. Tenable Scans occur daily, use very minimal system resources, are invisible to the user, and complete in a matter of minutes.
- Scan Web applications for vulnerabilities: Detailed reports from the scanner will give you mitigation techniques and fixes that you can implement in a timely manner. Given the address of a web application, the scanner will create a report of the vulnerabilities found in the application. If you would like to request a web application vulnerability scan, please contact firstname.lastname@example.org.
- Implementing Wireless at UVa: Information on all things WiFi at UVA, including instructions for devices, Setup FAQ, Digital Certificates, and Help Desk Support.
- Secure Your Web Applications: An informative guide on the top 10 cyber risks involved with running web applications.
Help your department Choose Strong Passwords
Provide Security Tips for Traveling members of your department
Contact the Information Security Office for more information or assistance
IT Security Risk Management Program: In accordance with the Information Security of University Technology Resources policy, all units and departments are required to complete an annual information security risk assessment (IS-RM) to evaluate the effectiveness of their IT security controls within their environments. Access the PDF version of the assessment here.
- GIAC Certified Windows Security Administrator: The GIAC Certified Windows System Administrator (GCWN) certification validates a practitioner's ability to secure Microsoft Windows clients and servers. GCWN certification holders have the knowledge and skills needed to configure and manage the security of Microsoft operating systems and applications, including: PKI, IPSec, Group Policy, AppLocker, DNSSEC, PowerShell, and hardening Windows against malware and persistent adversaries. Follow the link to find out more about and register for the exam or renew a GIAC certification.
- School of Continuing and Professional Studies - Certificate in CyberSecurity Management: The online Cybersecurity Management Certificate is ideal for cybersecurity professionals who want to move into leadership, managers who may soon be assigned cybersecurity duties, and career changers who seek entry-level and mid-level positions in the industry. You will learn the essential skills needed to identify cyber threats, devise appropriate defense strategies, develop policy, and plan and conduct assessments. You will also gain familiarity with the ethical, legal, and regulatory environment as it relates to operating in cyberspace.
- Report an information security incident
- Information Security Incident Response Guidelines for IT Professionals: University information technology (IT) resource owners and overseers providing technology support for others are often the first to respond to information security incidents that are reported involving the resources these IT professionals manage. This document is intended to provide guidance for these individuals.