Skip navigation.
New Mexico State University
The website for the College of Business at New Mexico State University

4. Computers and Internet

Go directly to BC Computer Lab | Equipment and cabinet info

Date of last process review/modification: September 1, 2004

Detailed Description

Passwords

There have been many security issues regarding information technology in the recent news. NMSU is not immune from these attacks and we must take steps to protect ourselves. Many attacks that occur are a result of an unauthorized person gaining access to equipment and/or an organizations network. One of the first things we can to do protect ourselves to assure that our employees are protecting their passwords and following a policy designed to prevent unauthorized access.

This policy can help protect us from the following vulnerabilities: An intruder will often only need access to a network. Although you may not have extensive rights on the network, allowing an intruder to access the network with your password may pose a risk.

Once a user has access to a network they may be able to install software and/or plant viruses that will collect other passwords or access other computers on the network. Intruders can obtain passwords a number of ways. These can include anything from a brute-force attack, network snooping, Trojans, and/or trial and error.

  • Brute-force: Compares entire dictionaries with password files.
  • Network snooping: Software that will pick up passwords over the network
  • Trojan horse: May record keystrokes and record passwords
  • Trial and error: It is not uncommon for users to use names of children, pets, spouse or birthdays for passwords.

It is not difficult for an intruder to guess these passwords. It is important to change passwords frequently and to use passwords that are “complex.” By changing passwords frequently it increases the chances of an intruder obtaining an obsolete password. To better secure our network and protect ourselves the following policy will be implemented in the college with respect to users’ Windows domain passwords:

  • Minimum Length: 7 characters.
  • Complexity Requirements: Must contain numbers and letters.
  • Password Age: Must change password every 120 days.
  • Password History: Cannot use previous four passwords.
  • Account Lock: Account will be locked out after seven incorrect password attempts. Account will be locked for 1 hour or until it can be reset. It may be inconvenient to lock out a user account when they make a legitimate mistake, but this policy can deter persistent password guessers and more importantly help to foil dictionary attacks that require logging on as the user to test each guessed password.
  • Inactive accounts will be disabled: If you are gone from the University for an extended time, your account will be disabled and then enabled on your return. This prevents unauthorized users from using your network identification to gain access.
  • Reminder: This does not affect all passwords. Only your Windows domain password (password you use when you first turn on your computer and Exchange accounts) will be affected. Webmail, FRS, etc., will not be affected.

Password Tips

  • Use a combination of letters and numbers: Remember that Windows passwords are case sensitive.
  • Avoid using birthdays unless combined with letter.
  • Avoid using names of pets, children, spouse, etc., especially if they are visibly posted near your computer.
  • Create combinations of names and dates.
    • Example: Your son is John Green and his birthday is 09/03/88. Password = j090388g or j09o03h88n. This meets all the requirements for a new password and is more difficult for somebody to guess.
  • NEVER give your password to anyone (including IT personnel); Remember, if you give another person your id/password you are taking responsibility for any of their activity If you feel your password has been compromised change it immediately.
  • DO NOT leave your password written on a paper that is visible to others (i.e., Post-it’s on the side of your monitor). Avoid using common words (i.e., words that can be found in a common dictionary)

Servers

To ensure that we are effectively utilizing our resources and to assure proper configuration and support, all servers in the college will fall under a specified service level agreement as outlined below. To receive support from lab personnel, all servers that are brought online must receive approval from the Computer Operations Manager and will be assigned to an SLA level.

Each server will fall under an SLA Level. Regardless of the level of support the following must be noted for all servers in the college:

  • Unless purchased by the college, the server hardware components are the responsibility of the department. The BC Computer Lab cannot be responsible for server outages due to insufficient hardware, lack of data redundancy, warranty issues or specific vendor issues.
  • All software installed on servers must be licensed by the department or college.
  • Servers that have been compromised or that have experienced a breach of security will be taken offline immediately and will remain offline until the problem is resolved, regardless of their purpose.
  • Lab personnel can only be responsible for installing applications and assuring functionality and are not to serve as tutors to classes which utilize the servers.

Level 1: Full Support/Critical Server

These servers will be treated as critical servers and any support issues will be treated as high priority to the extent of available resources and may include support issues outside of regular support hours.

  • Servers will be built and maintained by BC Lab personnel.
  • Physical access to server will be limited to lab personnel and responsible faculty member.
  • Servers will run backups (daily differentials and weekly full) on all files unless responsible faculty member approves omissions of files and/or directories.
  • Only lab personnel and responsible faculty member will have administrative rights.
  • These should ONLY include servers that are critical to college operations.
  • All changes made to the server by responsible faculty will be provided to lab personnel in written documentation.

Level 2: Escalated Support/Important Servers

These servers will be treated as important servers with escalated priority limited to regular support hours.

  • Servers may be built and maintained by lab personnel or responsible faculty member.
  • Physical access to server will be limited to lab personnel and responsible faculty member.
  • Servers will be backed up only at the request of responsible faculty member.
  • Only lab personnel and responsible faculty member will have administrative rights.
  • These should include servers that play an important role in the college but are not deemed critical to college operations.
  • Lab personnel cannot be responsible for wrong configurations or changes made by non-lab personnel; support issues that arise from these situations will not be determined high priority.

Level 3: Standard Support/Non-Critical Servers

These are servers that faculty/staff wish to maintain themselves and will not receive an escalated priority.

  • Support issues will be managed as all other support issues in the college during regular support hours.
  • Servers may have various faculty members, student employees and/or GAs granted administrative rights.
  • Lab personnel may or may not have physical access or administrative rights to servers; understanding that denial of either of these may delay support.
  • Lab personnel are not to act as tutors to aid student employees in building and supporting servers; this responsibility should fall on the appropriate faculty member.
  • Lab personnel cannot be responsible for wrong configurations or changes made by non-lab personnel; lab personnel may not be able to resolve support issues that arise from these situations.
  • These servers are deemed to be non-critical to college operations.
  • Backups will only be performed on request and to the extent that the information is official college business.

BC Computer Lab Support Hours

Regular support hours are defined as the normal times that technicians are scheduled. Hours are posted on the BC Computer Lab webpage. Technicians will be available 8am – 5pm all non-class days in which the university is officially opened.

Individual responsible for monitoring process: XXXX
Review cycle: XXXX

Published: December 3, 2009 Updated: May 17, 2011 Permalink