Updated August 13, 2015

To: DVI System Manager
From: Digital Vision Support
Re: Computer and Network Security Standards

Labs lose hours, and even days of productivity because of inadequate computer and network security. More than ever, lab equipment depends on computers in order to function, and many processes require network and internet access. Because of this, it is critical for labs to obtain professional level computer and network security. Malicious software (malware) continues to proliferate, and though most malware is intended to just annoy a computer operator, some is more nefarious and can pose a direct threat to computers or computer networks.

DVI’s policy is that labs need to take the following steps to protect your system and maximize your network robustness

 

1. All labs must have access to a local Information Technology (IT) support person or company that is available to assist them not only during the initial setup, but also guide them through troubleshooting and recovery operations.

2. Restrict use of the DVI Server and Backup Server.

  • Access to the servers should be limited to only the DVIADMIN user.
  • No processes should be run on the DVI Server other than the daily cycling procedure.
  • Processes on the DVI Backup server should be limited to those approved by DVI.

3. Install business versions of a DVI qualified antivirus software on every Windows computer on the network, including the server and backup server.

  • The use of antivirus software designed for home PCs has resulted in important VISION files being locked or deleted.
  • DVI is not responsible for VISION not functioning because of the use of non–business antivirus software.
  • Remember other computers on the network, e.g. accounting, shipping, or digital surfacing devices (including generators, engravers, etc.).
  • Unsecured media such as thumb drives and CDs/DVDs can be the source of malware and should not be introduced to the system.

4. Antivirus software should be set to automatically download updates.

  • Active scanning (real-time protection) on the server, backup server, and machinery interfaces should be turned off due to performance issues. Schedule scans to run only during off/after hours.
  • Active scanning on remotes is recommended.
  • Active scanning should exclude the VISION directory and the DVI system’s program directory from its targeted directories.

5. Only use the internet for business related tasks.

  • It is critical to configure your security to allow remote support from DVI to access your system.
  • The server should be limited to DVI directed WebEx or TeamViewer sessions.
  • The backup server should be limited to DVI directed activities such as WebEx or TeamViewer sessions, Opticom ordering, fax services, VISION emailing functions, or the Combobulator.
  • Remotes are especially vulnerable to malware.
    • Do not open links to unknown websites.
    • Do not open email attachments unless you know the person who sent it or are expecting the attachment.
    • Do not download or install software from the internet unless directed by your IT or DVI. This includes apps such as search engine quick links, music players, video players, internet games, and offers to “fix” your security or computer.

6. Make sure that all of your Windows computers have current Microsoft updates installed.

7. The firewall that comes standard with the Windows operating system should be left with its default settings. Additional firewalls should not be set up unless you have an internal IT department.

8. If computers are exposed to malware that cannot be removed by antivirus software, then it is DVI’s standard remediation practice to:

  • For workstations:
    • Disconnect the affected machines from the network immediately.
    • Restore to a clean version of Windows.
    • Rebuild the network connections.
  • For servers:
    • Disconnect the affected machines from the network immediately.
    • Determine the most current backup location (local image, removable backup, or web backup).
    • Restore to a clean version of Windows Server.
    • Restore VISION databases and programs.
    • Rebuild network connections.

New servers purchased from DVI are configured to our most current security specifications. Remotes do not come with antivirus software unless requested by the lab. It is up to the lab to install approved antivirus software on remotes. DVI currently recommends and supplies ESET Endpoint Antivirus as the standard antivirus software solution.