Q. How does the University defend itself against viruses and malware?

A.  The University requires the use of suitable host based controls (anti-virus, firewall, log forwarding software) on all managed workstations and Information Services provisioned server builds. Anti-virus software is managed centrally with host devices configured to poll for updates from a resilient pair of locally deployed servers (with Internet based backup) every 28 minutes. Automated mechanisms are in place to produce appropriate compliance reports at suitable intervals.

Microsoft security patches and software updates are released to a specified group of test workstations on the Wednesday following the second Tuesday of each month. Following successful testing, updates are deployed to ALL managed workstations on the Wednesday of the following week. Automated mechanisms are in place to produce appropriate compliance reports at suitable intervals.
A maintenance window is established between 10am and midday on the third Tuesday of each month in order to apply the latest Microsoft patches and perform any other required maintenance to our virtualised infrastructure.

For other physical and Unix-based systems, services are normally deployed in resilient pairs allowing one system to be removed from service, patched, tested and redeployed to production as required in line with change control procedures.

The University currently operates an active-passive pair of next-generation firewalls utilising a collapsed network design, such that this pair service the major requirements for Access Control, NAT and IDS for Campus, Wireless, Reslan and DataCentre networks.
The security model enforced relies upon a zone based approach, coupled with an ldap-backed role-based access control mechanism for services such as user VPN termination.

The security policy implemented is based upon a default deny stance with the firewalls enforcing this policy at the application layer as appropriate. Stream based anti-virus is enabled for suitable classes of traffic traversing these firewalls (HTTP, FTP, IMAP, POP3, SMTP).
All permitted sessions and threat events are logged to a central source and stored both in raw and aggregated forms for periods of time in line with University guidelines.
The implemented policy is subject to the University’s change control procedures, with an external review of the configuration occurring periodically.