Computer Security at the Hebrew University, Staff Workstations
To ensure the integrity of the computing environment at the Hebrew University we have established basic guidelines for staff computers running Windows.
All computers must have an updated operating system. Minimal requirements are as of this writing Windows 10 using a feature update within the last 18 months. Computers running earlier features updates will not be able to receive windows security updates and therefore cannot be considered secure. All local computer accounts should have a strong password.
In addition, the university provides two applications which help ensure the integrity of the network. Umbrella and Windows Defender ATP
Umbrella:
This system is in place to block computers from entering malicious and unwanted domains. The umbrella is installed on the default DNS of the University’s networking, so no additional installations are needed for computers remaining within the network.
University computers that are taken outside the university networking should have the umbrella agent installed to provide its protection. This would include university laptops that are used at home.
Click to download for Macintosh
Umbrella Installation Instructions
- To install, extract all files from the file OpenDNS-URC-win-2.2.356. Click on file Setup.msi and use all defaults
- To uninstall, Click on Setup.msi and choose to uninstall.
Windows Defender ATP (Advanced Threat Protection)
Even with all our best intentions, we will be unable to keep all malicious programs outside the network. The Windows Defender ATP is used to monitor the network environment and help us determine if a malicious program is attempting or has entered the network. This helps us deal with holes in our security environment.
Who Needs to Install Defender ATP on their Local Computer?
Staff computers not members of the Active Directory should run a script to start the service. This applies to computers within the network and University laptops using outside university networking.
All computers in the active directory and using the universtiy LAN will receive the Defender ATP through a group policy and therefore do not need to install it.
Installation Instructions
1) Extract the contents of the file that you downloaded.
2) Right mouse click on the file WindowsDefenderATPLocalOnboardingScript.cmd and run as administrator
3) Copy the contents of alertingONonboarding.txt to an opened command window
4) To ascertain that it is working, you can look in Services and see that Windows Defender Advanced Threat Protection Service is running.
Which computers should have Additional Security Software Installed
|
|
AD\HUJI Network |
Non-AD using HUJI Network |
Staff computer used outside network |
|
Umbrella |
Available on network: No need to install |
Available on network: No need to install |
Install agent |
|
Defender ATP |
Installed using a group policy: No need to install. |
Install service |
Install service |