Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Critical Host Policy Information

In summary, the Critical Host Policy describes the requirements and constraints for attaching and securing a critical computer to PennNet. One requirement is that passwords cannot travel over Penn's network in clear text. The policy also provides "best practice" recommendations to guide system administrators in further steps to protect PennNet-connected systems. The purpose of this policy is to ensure that all systems installed on PennNet are maintained at appropriate levels of security while at the same time not impeding the ability of users and support staff to perform their work.

LSPs are encouraged to read the complete policy at:

http://www.isc-net.upenn.edu/policy/approved/20000530-hostsecurity.html

All critical hosts must offer compliant services by the follwing dates listed on the chart below. However due to the unavailability, in some cases, of mature clients for various protocols, the compliance timetable differs for each protocol on the client side:

Protocol

Server Mandatory

Client Use Mandatory

https (ssl)

10/14/2002

10/15/2002

POP

10/14/2002

TBD

IMAP

10/14/2002

TBD

SMTP

10/14/2002

TBD

Telnet

10/14/2002

01/28/2003

FTP

10/14/2002

TBD

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania