Value of the Desktop Security Initiative to Campus

• Provides faculty and staff with seamless desktop protection and software updates
• Provides an enterprise solution to protect against spyware and malware
• Provides a solution to automatically update Office and Windows
• Increases security and stability of the domain computers
• Increases end-user productivity by removing the need for each end user to install and/or verify patch level each month when campus messages are sent out
• Provides OIS staff with information concerning constituents' operating system and Office/Windows updates to determine if their machine is vulnerable to an attack.
• Consolidates patch management and policies on campus desktop systems
• Provide OIS staff opportunities to create more consistent desktops for new system installations
• Negates the need to send campus messages to staff and faculty regarding their Windows operating system updates. Student groups are not included in the scope of this project and will need to continue to manually update/verify their patch level. Campus messages will still be sent to staff and faculty for critical and security Macintosh updates and PC updates for non-Microsoft applications.

Technical Information about the Desktop Security Initiative

DSI involves three key components:

1. Upgrading the current McAfee VirusScan software to version 8.5 for Macintosh and PC systems via automated process (via ePO server) and manual process for Macintosh systems
2. Adding active McAfee Anti-Spyware protection to campus PC systems which is integrated in the McAfee anti-virus engine
3. Adding automated management of Microsoft patches on PC systems.

OIS will implement WSUS (Windows Server Update Services), a product to complete the Microsoft security and critical updates via deployment over the network to PC machines. OIS will test and push out updates to workstations in a timely manner on a routine basis.

The DSI upgrades will be deployed or pushed out across the network after 5:00 p.m. to provide a seamless process for the end user and minimum disruption. An OIS staff member will arrange to visit faculty and staff members at their workstations the following morning if there are any problems that arise in the overnight process. 

Because we do not have a mechanism to update Macintosh and non-Microsoft PC software, campus users will continue to receive notifications asking them to update these application when critical and security updates are necessary.

Timeframe and Deployment Process:  

Updated October 11, 2007

OIS successfully deployed the DSI upgrades  to university machines in all administrative offices during August 6, 2007 through August 17, 2007 using the following schedule:

• Week of August 6: OIS, President's Office, Academic Advising, Academic VP, Dean's Office, Associate Dean's Office, Bookstore, Finance & Administration, Career & Employment Services, Center for Writing and Learning , Admission, Communications, Accounting and Budgeting Services, Student Financial Services, Human Resources, Registrar, and International Programs
• Week of August 13: Library, Advancement Services, Alumni Programs, Annual Giving, Parent Program/Community Relations, Development, Gift Planning, Public Events, ASUPS, Counseling, Health & Wellness, Dean of Students, Student Services, Student Development, Residence Life, Community Music, Copy Services, Dining & Conference Services, Facilities Services, Instructional Research, Mail Services, and Security

During fall 2007, OIS will remotely deploy the upgrades to machines in the academic departments (faculty and their support staff) beginning October 31 through November 16, 2007.  OIS will contact the department head or liaison in advance to schedule the deployment upgrades for the department.

All DSI upgrades will be deployed or pushed out across the network after 5:00 p.m. Other than leaving the machines on and locked after 5:00 p.m., the upgrade process requires no preparation on the part of the constituent. We are happy to accommodate any requests in consideration of teaching, class or work schedules. An OIS staff member will arrange with a faculty and staff member a preferred time to handle the upgrade of their workstation.

Machines not Included in DSI

• University servers will not be included in the Desktop Security Initiative. Servers will continue to be upgraded manually by their respective administrator.
• Non-university-owned computers will need to be maintained by their respective owner. This includes staff and faculty personal machines, as well as student-owned computers.
• Computers with Linux and Unix operating systems are not included.

Testing Phase

75 PC machines and 40 campus users were involved in our testing phase process of the initiative. We had a remarkable rate of 95% successful deployment to machines! In most occurrences for unsuccessful deployment, the machine was not turned on or there were existing issues with the system.

Management or Mitigation of Risks and Dependencies

The Desktop Security Initiative is a continuing effort for OIS to use automated processes to provide security and protection to the campus desktop systems. While OIS has been able to successfully and automatically manage the anti-virus software upgrades to the campus machines of faculty and staff, we have not been able to automatically manage the Windows and Office updates or had the appropriate software to handle spyware. Through means of the Windows Server Update Services (WSUS), OIS will be able to push out Windows and Office updates and patches to university-owned machines. McAfee Anti-Spyware software was purchased earlier this year to combat against spyware and malware instances.

OIS has been working on this project for approximately six months. Many key OIS staff members are involved in this project as the deployment plan calls for OIS teams to work together and provide technical expertise to ensure the success of the project.

There is an elaborate review process that OIS will use for the deployment of the Microsoft Office and Windows updates. OIS staff will review the monthly Microsoft updates that will be deployed via WSUS to contribute feedback and determine when critical and security updates are ready for release to the campus.

Please know that OIS staff will conduct themselves ethically, honestly, and with integrity when working with university machines and any data on the system. Our university policies, in particular the Information Use and Acceptance Policy, clearly address the inappropriate use of electronic communication resources (telephones, voice mail, computers, servers, electronic mail, and network systems). OIS staff members are bound by these policies as well.

OIS is working with Seitel Leeds & Associates (Seattle, WA) to engage their technical consulting services and scope of work on the setup and deployment of the Windows updates to include best practices for network deployment and upgrades, and to help ensure the success of the WSUS deployment process. Seitel Leeds provided consultation on our migration to Exchange project and performed our network vulnerability security assessment last year.

Communication Plan

OIS has developed an effective communication plan to keep the campus community apprised of the Desktop Security Initiative.

During the spring 07 semester, OIS met with (Library, Media and Information Services) LMIS and the Student Technology Advisory Board STAB groups to discuss the project.

In May 2007, OIS met with the Support Partnership Agreement (SPA) liaisons, who represent various administrative departments on campus, to discuss DSI and the various aspects of the project.

Our SPA liaisons are members of our testing group. OIS has effectively communicated with the liaisons throughout the DSI testing phases.

OIS has developed uniform messages to inform the campus community about the implement and deployment of DSI, the necessity of DSI, timelines, and the Web site to review for periodic updates. Messages have been crafted to inform users of the completion of the project; remind them about their machines being automatically updated; and to inform users about the success of the updates.

The Office of Information Services is recommending the implementation of the Desktop Security Initiative. This initiative is our continued quest to improve the security and productivity of campus workstations while providing high-level support to our constituents as we support the mission of Puget Sound.

The Desktop Security Initiative (DSI) is a campus-wide project to improve the security and productivity of campus workstations and better protect desktops against viruses and malware. OIS will provide automated software distribution and patch management to distribute anti-virus machines to Macintosh and PC systems, and Office and Windows software updates and patches to PC systems. Constituents will simply need to leave their machines on (and locked) overnight and periodically restart their computers. With this minimal requirement, constituents will be relieved of the manual effort of keeping their workstations protected and up to date.

Since August 2003, OIS has provided proactive measures to improve the security and productivity of campus machines by means of centrally managing McAfee anti-virus software for PCs and Macintoshes and requesting that our campus users to complete the monthly Windows and Office updates on their computers. Through the Desktop Security Initiative, OIS will use automated processes to take desktop security to another level to further the security of our university-owned machines.

Information technology is a thread in the tapestry of learning and is needed to achieve all of the goals of the Strategic Plan for Puget Sound. All goals require reliable and highly available technology to achieve. The Desktop Security Initiative supports the mission by securing and making the underlying desktops and network of the university stable and secure. This initiative addresses the Technology Planning Group's goals to implement and maintain safe, confidential integration information systems (#3); to provide reliable and secure access to information technology resources (#4); and to provide and support sustainable and affordable programs to deliver information technology services (#5).