Security

This document describes some of the security for VCU’s research machines. This is handled through multiple areas, such as network, hardware, software and physical location.

Network

  • VCU computer systems fall under the jurisdiction of the Department of Technology Planning (DTP). The state of Virginia has compiled both policies and standards which apply to all state government and higher education institutions. A link to these can be found at:

http://www.vcu.edu/vcunet/news/security%20and%20policy/intro_security.html

  • All network-related hardware is housed in secure locations with limited access to authorized network personnel, to prevent insertion of non-secure hubs that could possibly intercept network traffic.
  • Firewalls and filtering are managed through a central group (VCUnet).
    For additional information about the VCU firewalls, visit this site:

http://www.vcu.edu/vcunet/news/vcunet_requirements.html#firewall

  • The details of what is filtered are not presented in this document but can be obtained on an as needed basis.
  • To read more about the VCUnet requirements you may visit this web page:

http://www.vcu.edu/vcunet/news/vcunet_requirements.html

Unix (OS level and hardware)

  • The VCU research machines closely adhere to the SANS standards and CERT recommendations, which protect the machines and maintain data integrity.
  • The research machines include the most current security updates for each operating system.
  • The research machines at VCU are behind the VCU firewalls, which block certain ports and services. Some ‘unnecessary’ services have also been disabled.
  • The physical security is handled by an electronic entry controlled computer room, which is within a facility featuring 24-hour onsite police protection.
  • The computer room’s electrical system has full battery backup and a generator as well as multiple service entrances from several electrical grids.
  • Accessing these machines is limited to user accounts. One can only obtain an account on one of these machines only if they have a ‘valid’ affiliation with VCU.

DB2 (software)

  • This level of security is based on a user’s ability to access the database.
  • Access to the database is controlled by the database administrator, who can grant access to the database.
  • Access to the tables within the database is also controlled by the administrator. This can be handled at the row and/or column level.
  • Programs can be written to provide an audit trail of activity, meaning one could identify what login made changes, what changes were made and when the changes occurred.
  • Certain constraints can be placed upon the tables within a database, which is helpful in maintaining organizational rules and data integrity.

Backups

  • Backups are handled off-site, in the secured facility mentioned in the UNIX section above.
  • Copies of the backups are sent to an offsite storage facility on a weekly basis.
  • IBM's TSM (Tivoli Storage Manager) multi-platform backup/restore product has been implemented and is being used to provide highly reliable backups for data integrity.
 

701 W. Broad St., Box 843059
Richmond, VA 23284
(804) 828-1177
RSS

 
VCU