Purpose

In order to increase the security of VCEA networks, this document will detail the polices related to systems and services that run end-of-life software, operating systems, or services and what kind of network availability those systems can have.

By restricting the open internet access of aging systems and services, VCEA ISG will be able to reduce the network attack surface to some of the most vulnerable systems/services and increase overall security of our networks.

Scope

Policies and guidelines defined in this document apply to all publicly available services with networking provided by VCEA. This includes the subset of services that are only available from "on-campus and equivalent networks".

Policies and guidelines

The guidelines and policies detailed below shall be effective on February 10th, 2021 at 07:00 PST (2021-02-10 07:00:00 PST)

  1. In order for a system/service to be eligible to be publicly available to the open internet, the system must:
    1. Run a currently supported and patched/updated operating system
    2. (If applicable) Run up-to-date software (for example, WordPress) that serves content that are actively maintained and/or patched
    3. Have contact information on file with VCEA ISG for a primary system administrator
  2. If a system/service cannot meet the requirements specified requirements in #1, VCEA ISG may restrict network access to the system to "on-campus and equivalent networks". VCEA ISG reserves the right to restrict a system further based on an assessment of the security risk of the system in question.