ACOM Dangerous Software Policy

This policy addresses 5 categories of dangerous software. Such software sets up a workstation or desktop computer to be a server, and because the machine initiates the connection, the software creates a bypass around our security perimeter, exposing the UCAR network to risk from outside compromise.  Dangerous software may also result in identity theft or other risks for the user.

In general, any of the following types of software may be uninstalled upon discovery by a Systems Administrator.

Peer-to-Peer

Peer-to-Peer (P2P) software works by making a machine a server on a special network whereby all machines are servers to all other machines. These networks usually bypass firewalls and span the Internet. One purpose has been to swap media content among a set of users.

P2P software must be uninstalled from systems attached to the UCAR network. This includes but is not limited to

  • KaZaA, KazaaLite
  • BearShare
  • GNUTella (and derivatives)
  • eDonkey (and eDonkey 2000)
  • Direct Connect
  • BitStream
  • BitTorrent

Some instant messaging (IM) clients may work in a manner similar to P2P software unless carefully configured. Such clients are discouraged on the ACOM and UCAR networks. If you require IM software, see your Sysadmin for a review of its settings, or for more secure variants of the software.

Unauthorized VPN

VPN software works by having a server inside of a network route connections back and forth to machines on the Internet. Such machines usually have VPN client software. Our authorized VPN solution is a Cisco 3000 VPN server on the UCAR network, and Cisco VPN client software on machines on the Internet. Such clients make a VPN connection whereby the traffic is encrypted, and all communications are as if the machine is on the local network.

The Cisco VPN server maintained by CISL and its "AnyConnect" client software is the only authorized VPN solution in ACOM.

Other software may provide VPN functionality but is not allowed:

  • ssh in tunneling mode
  • Open Source Cisco-compatible VPN clients
  • Spyware (see below)

 

Unauthorized Screen Sharing

Similar to unauthorized VPN, unauthorized screen sharing programs make a PC or Mac into a server allowing remote access.  If the service is not authenticated with a one-time password or has not been approved by a System Administrator, the service must be removed.

Software that provides such unauthorized screen sharing includes but is not limited to:

  • TeamViewer
  • GoToMyPC and its variants
  • LogMeIn
  • PC Anywhere
  • WebEx

Screen sharing may be used on computers which are not attached to a UCAR network.  For example, at a field research location.  Please see your System Administrator if you believe a machine might be eligible for screen sharing.

Distributed Computing

Distributed Computing applications set up workstations across the Internet at large to cooperative process data for a particular application. The best known is "SETI@home" which uses homes computers to diagnose radio spectra associated with the SETI project.

Because Distributed Computing applications creates accessibility from the Internet, and because the software used in Distributed Computing is not under our administrative control, we are disallowing the use of such software except by explicit permission from a Primary Systems Administrator, and only when such use is demonstrably related to UCAR work in progress.

Distributed Computing Applications must be uninstalled from systems attached to the UCAR network. Examples include these, but there are many more:

 

Spyware

Spyware applications often get installed without the user's knowledge -- simply by browsing the web, or viewing an email with HTML content. At best these applications send information back to other servers without the knowledge of the user or the sysadmins of UCAR. At worst, they reconfigure software settings in order to enable advertising, infection, or malicious use of the computer.

Additional recommendations to avoid Spyware include:

  • Set your browser configurations to be as secure as possible -- making sure browsers prompt you for downloads and installs, and making sure that cookies are stored only for the session (if possible).
  • Always use Firefox with the NoScript plugin enabled when browsing non-UCAR sites on the internet.
  • Do not use P2P software (see above)
  • Install business or science relation applications only. Do not install "entertainment" applications or other software which does not serve a business or science related need.
  • Use a browser which prevents pop-ups.  (The uBlock Origin plugin and most modern browsers also prevent popups)
  • Do not use Internet Explorer except to access UCAR hosted web sites.
  • Follow all Sysadmin recommendations for browser management, and keep your browser updated to the current release.

UCAR/NCAR Share

                  

                  

ACOM | Atmospheric Chemistry Observations & Modeling