College-Owned Machines
Computers owned by the College are configured to our current specifications.  IT must maintain an administrative user account on all College-owned machines. For network security, McDaniel licensed antivirus, antispyware and firewall software must be installed and used.  Update schedules for the OS and security software will be determined and configured by IT before deployment and should not be changed by the user.

Servers
Servers on the network will be deployed in the DMZ.  IT must have administrative access on all servers on our network.  OS and application patches are to be applied when available, especially when those patches correct security issues.

Non-College Owned Machines
Non-mobile computing equipment owned by organizations affiliated with the College may be placed on the network under the following restrictions:

·      Configured with the same security software packages installed on our own computers

·      Update schedules for the OS and security software matches our own

·      IT is granted an administrative account on the computer

If the previous conditions cannot be met, access to the network will be granted only through our network access control system (Clean Access).

Personal Machines
Personal machines need not meet the requirements for non-College owned computers if access is granted by the network access control system.  Clean Access will be used to determine whether or not a personal machine meets the minimum requirements for use on the network before access is granted.

Mobile Computing
Mobile devices, particularly laptops, are especially vulnerable to security issues as they may be used on outside networks.  For this reason, they must be evaluated for security issues any time they connect to McDaniel's network.  All laptops will be required to log in through the network access control system (Clean Access) to be scanned for security problems. (NOTE: This policy will only be applicable after the Clean Access system for faculty and staff has been set up.)

VPN
There are various levels of VPN access available. Access to protected vlans (Admin, IT, BldgCtrl, Card Reader) will be provided only for College owned devices.  Computers used for protected vlan access must only be used by authorized McDaniel users; not to be used by family and friends.  Access to the student and faculty vlans via VPN will be allowed on a case by case basis, and may be allowed from an outside computer.  Vendors may require access to protected systems for support calls and will be allowed when needed.  Vendor access accounts will be activated only when needed and deactivated otherwise.  Non-emergency access must be scheduled at least a day in advance to plan for activation/deactivation of the account.