Applicable to: Duke University

Duke-owned computers and servers must adhere to Duke security standards to ensure continued access to the Duke network. At-risk systems are flagged in Planisphere (available on the Duke network or VPN) for support team assistance.

Endpoint Management

Requirement: Duke-owned desktop and laptop devices must have approved endpoint management (EPM) software installed.

Why it matters: EPM software allows a device to report important environment and security information to the IT Security Office.

How to get ithttps://sites.duke.edu/endpoints/getstarted

When ITSO detects a problem: We will send a ticket to the device's support team and then enforce a block if the problem is not addressed. See the notification timeline in the Endpoint Device Security and Quarantining Practices.

More information:

Endpoint Management Protocols

CrowdStrike

Requirement: Duke-owned computers and servers must have the CrowdStrike Falcon Enterprise software installed.

Why it matters: CrowdStrike is Duke's strongest defense against viruses and malware.

How to get it: For Duke-owned devices please visit https://software.duke.edu/node/542

When ITSO detects a problem: We will send a ticket to the device's support team and then enforce a block if the problem is not addressed. See the notification timeline in the Endpoint Device Security and Quarantining Practices.

For additional protection: For personally owned Windows devices, install CrowdStrike for Home Use

Supported Operating System

Requirement: All devices connected to the Duke network (regardless of ownership status) must run operating systems that are supported by the manufacturer.

Why it matters: Unsupported operating systems do not receive security updates to protect against known vulnerabilities.

When ITSO detects a problem: We will issue warnings to your IT support team in Planisphere starting six months in advance of the end of support date for the operating system. See the Endpoint Device Security and Quarantining Practices.

More information:

Duke University Standard: Server Security

Duke University Standard: Laptop and Desktop Security

Currently Supported Operating Systems Versions (External Links):

Apple macOS 

Microsoft Windows 

All Other Operating Systems

Device Vulnerability

Requirement: Any device with a vulnerability classified as "High" or "Critical" according to the Tenable Vulnerability Priority Rating (VPR) must be patched to remediate the vulnerability.

Why it matters: Attackers can exploit serious vulnerabilities to exploit your device and gain access to Duke systems.

How to fix it: Install patches and updates as quickly as possible. Endpoint management compliance will help to prevent issues with device vulnerabilities.

When ITSO detects a problem: We will send a ticket to the device's support team and then enforce a block if the vulnerabilities are not remediated. See the notification timeline in the Endpoint Device Security and Quarantining Practices.

More information

Vulnerability Management Policy

Vulnerability Management Procedure 

 

Read the Personal Device Security Guide

Endpoint Device Security and Quarantining Practices

Learn more about security requirements for Duke-owned devices and the processes for notifying users and support teams about issues and quarantining high-risk devices. 

Endpoint Device Security and Quarantining Practices