Policy 1005 - Policy on Unsupported Operating Systems
1.0 Overview
In order to ensure the security of the Florida Institute of Technology network, software products such as Operating Systems need to be kept up to date with the latest security patches to protect against vulnerabilities. Operating Systems that are no longer maintained by their manufacturers lack the most recent security updates and enhancements.
2.0 Purpose
This policy outlines the requirement that all Operating Systems on the Florida Institute of Technology network must be currently supported by their manufacturer.
3.0 Scope
This policy applies to all devices connected to the Florida Institute of Technology network, and all users of the Florida Institute of Technology network services.
4.0 Policies
Devices with operating systems that are no longer supported by their manufacturer are not allowed to connect to the Florida Institute of Technology network without explicit approval by the Florida Institute of Technology IT department. Out of date operating systems are susceptible to many critical security vulnerabilities and many of those vulnerabilities might not be public. Running devices with such operating systems put the university at an increased risk for compromise.
If an application requires an unsupported operating system, that application may be executed on a device with an unsupported operating system as long as that device is not in any way connected to the university network.
In most cases, placing a device running an unsupported operating system behind a firewall is not sufficient to mitigate associated risks.
Some examples of unsupported operating systems that may not be used on the university network without approval include, but are not limited to, the following:
Microsoft Windows 95, 98, ME, NT and earlier
Redhat Linux 1.0 - 9.0
IBM OS/2 - All Versions
SUSE Linux 9.1 and earlier
Mandrake Linux 10.1 and earlier
Fedora Core 3 and earlier
Debian Linux 3.0 and Earlier
Ubuntu Linux 4.10 and earlier
Sun Solaris 2.6 and Earlier
Sun Solaris 7 without a valid Sun support contract.
Apple MacOS 10.2 and earlier. Mac OS version 9 may be used in its 'classic environment' configuration on systems running Mac OS 10.3 or later.
The websites of operating system providers should provide information on whether or not a specific operating system is currently supported.
Printers, and network infrastructure devices such as routers, switches and bridges are exempt from this policy unless a security related issue has been identified in the device. The Information Security Officer regularly researches newly discovered vulnerabilities and will be able to inform users of vulnerable devices about updates, provided the Information Security Officer is supplied with the device make, model and the campus contact information for the user of the device.
5.0 Enforcement
Devices determined to be running unsupported operating systems will be disabled from accessing the network until the operating system is upgraded to a supported version, or an exception is approved by the IT Department. Consistent willful violation of this policy will be subject to whatever penalties the university administration deems appropriate.
