Your responsibilities

Read, understand, and follow all related UW policy and guidelines.
Never use UW Computing resources for any illegal, unauthorized or unethical act as defined by law or UW standards of conduct.
Protect and never share your password or UWNetID. Remember you are accountable for all activities associated with your account.
Never share your computer accounts and access privileges assigned to you or others. Access privileges are assigned based on a person's specific requirements for using UW computer and network resources. The ability for the UW to protect its electronic records and systems depends on access control measures.
Always restrict your use of UW computer systems, networks, email, and Internet privileges to authorized and appropriate uses.
Always save sensitive information on a well-managed and well-protected server. Saving sensitive information on a desktop machine is not appropriate in most circumstances.

Turn off unneeded system and application services whenever and wherever possible.
Keep systems up-to-date as possible vendor-issued security patches.
Enable and maintain all appropriate integral firewalls and/or network access controls.
Determine if a logical firewall (available through UW Technology services for free) would add value for your system protection plan.
Support and participate in pro-active probing services if available in your department or college.
Protect remote file access using IPSec or equivalent.
Cluster and isolate servers that have sensitive information on them and consider installing Intrusion Detection Systems and appropriate logging practices to support proactive administrative monitoring.
Document and report all incidents of security breaches related to the potential compromise of sensitive information (e.g. personally identifiable information) to the appropriate security services.
Advocate for security resources within your budget processes.
Support and cooperate with all incident response activities and investigations.

Don't require or permit passwords or other sensitive information (e.g. Charge card information, student records, personally identifiable information) to pass over networks in the clear.
Do require two-factor authentication for sensitive access.
Use secure application protocols that provide end-to-end encryption (e.g. SSL, SSH, Kerberos).

UW Technology provides or assists with several support services for UW computer users and system administrators. They include:

Provide network-level protection against traffic, traversing UW Technology routers, with (spoofed) source addresses from the wrong campus subnet.
Assist with proactive scanning and probing.
Assist with security training and education.
Provide incident analysis and response services.
Develop tools to assist departments (e.g. logical firewall).
Provide security services and tools.