Secure Systems (top)

The Desktop Support group supports clients in setting up and maintaining systems that are secure for use with confidential information. Consistent with University policy, all University laptops and all desktop systems with access to IQSS/HMDC file services must be configured securely.

For laptop and desktop systems, the following are required:

  • A password protected screen saver, which activates in 15 minutes or less
  • Complex passwords, which have a combination of letters, numbers, and special characters, and are at least eight characters in length following Harvard’s password complexity rules
  • A host-based firewall
  • Up to date virus scanning software and virus dictionaries, and regular operating system updates
  • Any service that allows remote login or desktop access to the laptop must be disabled
  • PGP Whole Disk Encryption (PGP WDE) and File Vault [this is required for PC & Mac laptops, and optional but recommended for desktops]

To get File Vault and/or PGP WDE installed on your laptop please contact us, or visit http://pgp.fas.harvard.edu/icb/icb.do for instructions.

For any portable storage device, the following is required:

    Any portable media housing confidential information should be encrypted appropriately, either through hardware encryption (such as Ironkey devices) or with software encryption using PGP Desktop or Truecrypt.

Note: No high-risk confidential information (HRCI) should be stored on personal laptops or desktops or portable storage devices. HRCI may be stored on designated and approved servers only.

For assistance with secure system set up, please contact us.

Secure Systems

The Desktop Support group supports clients in setting up and maintaining systems that are secure for use with confidential information. Consistent with University policy, all University laptops and all desktop systems with access to IQSS/HMDC file services must be configured securely.

For laptop and desktop systems, the following are required:

  • A password protected screen saver, which activates in 15 minutes or less
  • Complex passwords, which have a combination of letters, numbers, and special characters, and are at least eight characters in length following Harvard’s password complexity rules
  • A host-based firewall
  • Up to date virus scanning software and virus dictionaries, and regular operating system updates
  • Any service that allows remote login or desktop access to the laptop must be disabled
  • PGP Whole Disk Encryption (PGP WDE) and File Vault [this is required for PC & Mac laptops, and optional but recommended for desktops]

To get File Vault and/or PGP WDE installed on your laptop please contact us, or visit http://pgp.fas.harvard.edu/icb/icb.do for instructions.

For any portable storage device, the following is required:

    Any portable media housing confidential information should be encrypted appropriately, either through hardware encryption (such as Ironkey devices) or with software encryption using PGP Desktop or Truecrypt.

Note: No high-risk confidential information (HRCI) should be stored on personal laptops or desktops or portable storage devices. HRCI may be stored on designated and approved servers only.

For assistance with secure system set up, please contact us.

Scanning for HRCI

All Harvard computers systems must be scanned annually for sensitive information. For CGIS affiliates, HMDC is using a software package called Identity Finder to assist in confidential data scanning.  If you are a CGIS affiliate, and have not yet had Identity Finder installed on your Harvard-owned computer, contact us to schedule an installation appointment.

To request a high-risk confidential information (HRCI) assessment of your department’s data, please contact the FAS Help desk (617) 495-9000 or help@fas.harvard.edu.

Securing Remote Access

All Harvard systems used for remote access to confidential information must be securely configured. See Setting Up Secure Systems - Overview.

In addition:

    We recommend the use of the FAS VPN whenever connecting to Harvard from public networks.
    FAS Networking Operations offers customized firewall services for administrative and research purposes.  Network firewalls allow for a higher level of security by limiting the connections to a specific system or groups of systems from the outside network. If your interested in acquiring a firewall for your department, please contact the FAS Help desk at (617) 495-9000 or help@fas.harvard.edu.

For help with secure remote access, please contact us.

Transferring Files Securely

Confidential information must be encrypted whenever it is sent over any network. Never send confidential information unencrypted in e-mail, even if the connection to the e-mail server is encrypted.  High-risk confidential information may be sent only directly from one approved system to another.

Guidelines regarding secure file transfers comprise the following:

    If you are transferring files containing confidential information or if your files are simply too large to send over email, please use the Accellion Secure File Transfer System.  The Accellion server provides robust data security, and accommodates the transfer of files and folders up to 20 GB in size. For more info please visit: http://www.fas-it.fas.harvard.edu/services/catalog/browse/39/760
    PGP Desktop can be used to create encrypted files, which can be transferred securely between PGP users.  For more information, please contact us.
    WinZip Encryption, SFTP, and Ironkeys can be used for transferring files securely.

For help with secure file transfer, please contact us.