CyberSecurity Guidelines
Windows
Macintosh
Windows
Macintosh
|
|
CyberSecurity Guidelines Windows Macintosh |
|
CyberSecurity Guidelines |
|---|---|
|
Everyone: Learn about... Backing Up Strong Passwords Spam Phishing and Identity Theft Physical Security Sharing Music and Movies Wellesley's Network Security Getting More Information Patching and Updating Your OS Viruses and Worms Windows Users: Adware and SpyWare Firewalls File & Printer Sharing |
Have you gone through the Security Checklist recently?
As computer systems get more complex, the need to keep them up to date is crucial for preventing data loss and maintaining the security and privacy of your information. Some of the computing problems that have been seen on campus recently were caused by viruses, security holes, mis-configured computers, and the illegal sharing and downloading of copyrighted material. A compromised computer affects all the other computers on campus because we are connected to the same network. The speed of and reliability of our network can be affected because compromised computers may cause large amounts of network traffic and often attack computers on and off the campus network. Therefore it is important that you keep your computer up to date. See the contents to the left to see where you might find helpful hints to do this. Note: Detailed documentation is provided for the operating systems supported by Information Services. Students, faculty and staff, if you have a different operating system running on your computer, you may wish to post your questions to the Computing Questions conference in FirstClass for assistance. Also included in this page are tips for staying safe while using the web, backing up your documents in case your computer crashes, "filtering" your e-mail "spam" if your e-mail inbox always seems to be flooded with unwanted ads and other "junk mail," locking up a portable computer, and other information related to your security when using technology. For details, follow the links to the left or scroll down through this page. |
CyberSecurity Information |
|---|
Computer operating systems need regular updating with security patches and “bug fixes.” Windows XP and OS X are the currently supported systems on campus and details are provided here. If you use another OS, such as Linux, be sure you know how to update it.
Watch a brief
award-winning video from the EDUCAUSE website on why regular updating and security
patches are important:
Play in Windows
Media Player
Play in Real
Player
Windows Update
Windows Update helps you keep your computer up-to-date with the latest security
patches and updates. If your computer is not up-to-date, you are at risk
from viruses and worms taking over your computer to use it for illegal purposes
without your knowledge. More information can be found at:
www.wellesley.edu/Computing/WinUpdate/
Information Services uses a Cisco Clean Access system to help secure our network. People have to do Windows Updates to connect to the network via Clean Access.
Macintosh Software Update
Macintosh Software Updates fix bugs and security holes in applications and
the operating system and in general help make your computer more secure and
function better. Links with more information can be found at:
www.wellesley.edu/Computing/OSX/#update
Viruses and Worms are two of the biggest CyberSecurity threats. They spread by infecting insecure computers that, in turn, infect other insecure computers.
For protection from dangerous e-mail, Information Services scans all incoming
and outgoing e-mail for suspicious attachments. Some attachments, such as
.exe or .zip, are not allowed to be received in e-mail from the Internet because
they are frequently used for spreading viruses. There is a simple work-around
if you need to receive an email with an .exe or .zip file attachment, available
in the Anti Virus Updates conference in Computing Questions on FirstClass.
More information can be found at:
www.wellesley.edu/Computing/TVD/EmailScan.html
Infected and compromised computers may have their network access disabled to isolate network problems. This is done to keep the entirety of the network secure while infected computers are repaired. Don’t let this happen to you! To prevent and eliminate viruses, use an anti-virus program in combination with regular security updates for your operating system. Wellesley College provides anti-virus software and virus-definition updates free for College-owned computers and computers owned by Wellesley College students, faculty, and staff.
To install antivirus software, please log in to FirstClass and go to the Computing Questions > Anti Virus Updates conference and follow the directions for your computer's operating system. If you do not have Internet access, you may check out a VirusScan CD from Knapp or the Science Library for up to three days to install VirusScan.
For more information about VirusScan and Virex, including how to protect older
computers, see:
www.wellesley.edu/Computing/TVD/
Anyone who browses the Web, uses instant messaging software, or file sharing software with a Windows computer is very likely to have software installed on their computer without their knowledge. Such software, called Spyware and Adware, will slow down the computer or even, in some cases, cause the computer to stop working. Even something as innocuous as a small program like WeatherBug is often a conduit for malicious software.
In an attempt to help combat this problem, the College has purchased a site license for an add-on to VirusScan 8.5 for Windows program that helps track down and remove these programs from your home or office computer. Information Services recommends that all users install and run this add-on. A full scan of your computer should be performed weekly.
For details about this anti-spyware module, log in to FirstClass and open the Computing Questions & IS Alerts conference, then the Anti Virus Updates conference. Look for the posting about the McAfee AntiSpyware Module and follow those directions.
If your computer is compromised, your data backup will be you best friend. Files missing? Corrupted? If you have a recent back up of your documents, you will be able to restore them after your computer gets cleaned up, or be able to work on your documents elsewhere while your computer is being cleaned up.
For tips about backing up, including files like your web bookmarks that you
might not have thought about backing up, please visit:
www.wellesley.edu/Computing/Backup/
A firewall is set up to protect a computer or network from intrusion. This can be done with a firewall box or with software. If you have a computer on the Wellesley College network, some protection is provided by a campus firewall box between our network and the Internet. In addition, it is a good idea to use firewall software on your own computer.
Having firewall software on a Windows computer is a smart idea. Connecting your computer to the Internet can be equated to leaving your front door unlocked and open all the time. On the Internet, hackers can delete information from your computer, access private information, or even crash your computer. Having a firewall in place to protect your computer helps prevent hackers from being able to access your computer in the first place.
Included in Service Pack 2 for Windows XP is the Windows Firewall. Faculty and Staff desktops running Windows XP with Service Pack 2 should already have the Windows Firewall enabled by default. Firewall software for Windows protects your computer by monitoring (and restricting in some cases) any information that travels between your computer and the Internet, and also the information that travels between your computer and other computers on your network. Should a network worm somehow make its way onto campus, having the Windows XP Service Pack 2 firewall enabled helps protect a computer from infection.
If you have a firewall installed from another vendor (such as Norton or McAfee) at home, it is recommended that you disable the Windows XP Service Pack 2 Firewall so that they do not counteract each other. For on-campus computers, you are likely to need instead to disable the other vendor’s firewall and just use the Windows XP SP 2 built-in firewall. This makes it more likely that Information Services staff will be able to identify problems you may have with firewall software interfering with legitimate programs on your computer being unable to access the network properly.
In this electronic age, most of us have many, many passwords for various electronic accounts, at Wellesley College and elsewhere. At Wellesley, most of us have a password for FirstClass, another for a Domain Account, a PIN for Banner Web. At home you might have a PIN for your electronic banking, a PayPal account, your home e-mail password, perhaps an eBay account. Confused about when to use which passwords? Check out Wellesley's password guide.
How do you remember them all? Are you one of those people who uses the same password for all of your accounts? Do you write them down? What should you do?
Philosophies vary somewhat, but the bottom line is this: make sure your passwords are secure. If you must write them down, you need to find a way to secure your list so that you and only you can get to that list. If you write them down, where is the piece of paper? If you store a list electronically, how to you secure the file?
A strong password is at least 8 characters long (use a mix of uppercase and lowercase letters, and include at least two numbers) and is never shared with anyone or written down in an easily found location. The use of mnemonics is often useful in remembering a password. For example, the phrase “Route 9 was too slow this morning” can become Rt9w2stm.
Please keep in mind that the web browsers on your computer are often set up to assume you prefer convenience to security, and the browsers save not only usernames but passwords. This may not be a security risk for something like your hotmail account, but it is for something like your PIN for your online banking or for access to secure data here at Wellesley. If you use the web to access information that needs to be kept secure, be sure to set up your browser so that it does not save secure passwords and PINs to your computer. Wellesley has instructions for securing Firefox, Internet Explorer, and Safari. When working on a computing lab computer, make sure to properly log out of any websites that you log into during your session instead of just closing the browser. If you are working on a shared computer, remember to clear the browser cache if you used the computer to access secure data.
Some viruses spread by infecting files in Windows shared folders or printers which are not password-protected. All Windows users should check to see whether it is enabled. If you use file sharing to provide remote access to files on your hard drive, be sure to use secure passwords. If file sharing is enabled but you do not use it, you should disable it. Most users on campus do not need Windows File Sharing enabled.
For more information, please visit:
www.wellesley.edu/Computing/FileSharing/Windows/
Incoming E-mail messages are scanned at our central server to be “tagged” if they may be spam. You can easily set up FirstClass to put these annoying (and sometimes harmful) messages into a folder for simple reviewing at a time convenient to you. This process helps keep your mailbox clean and your computer from being infected by viruses that can come in through spam mailings.
More
information can be found at:
www.wellesley.edu/Computing/FirstClass/fcrules.html#spam
Phishing is a type of information collection scheme that specifically targets users with online accounts of some kind (i.e. banking, PayPal, etc.) The information that they collect is then used to perform various acts of identity theft.
Phishing schemes typically come through as e-mail or instant messages that have become more and more sophisticated in their attempts to make the messages appear to be from an official source, like your bank. The best advice at this time for avoiding being caught in such a scheme is to avoid clicking on a link asking you to verify your information or in some other way contact the bank or other trusted source. Instead, use the link you would normally use to visit their web site, or give the bank a call.
To protect against identity theft, Information Services takes the security of protected information very seriously. Personal information, such as home addresses of students, faculty and staff, is only available to persons working on computers within the Wellesley College network. Private information, such as financial aid and salary information, is protected from public viewing.
For more information about Phishing and Identity theft, please visit:
www.antiphishing.org and www.consumer.gov/idtheft/
In addition to protecting your data electronically, don't forget the obvious: physical security.
Do you lock your door/house/apartment when you are not there?
Is your computer locked down? Most people with a computer in their home do not lock it down there, but you should if you fall into one of these categories
Portable computers are much easier to steal than bulky desktop computers. While such thefts are rare at a place like Wellesley College, how would you feel if yours was the rare exception? Use common sense: lock down your portable computer wherever it is, leaving yourself free to disappear for five minutes to get more research materials without casual theft of your computer -- and your documents, digital photos, etc. -- being a major concern.
Peer-to-peer file sharing software for downloading and sharing music, movies and other materials are well-known security risks for your computer. Most, if not all, of these programs come bundled with adware and spyware that compromise the security of your computer.
Wellesley College received over 60 Copyright Infringement notices for student computers on campus for the 2004-2005 academic school year. Most of these notices were for downloading copyrighted content using Kazaa or BitTorrent file sharing programs, although there were a few notices for other file sharing programs. Downloading any material that may be copyrighted and offered on the internet without permission of the copyright holder, such as popular movies and music available on file sharing programs like Kazaa, Limewire and BitTorrent, may put you at risk for Wellesley College receiving a Copyright Infringement notice on your behalf.
Downloading copyrighted works without the permission of the copyright owner is also a violation of Wellesley's Policy for the Responsible Use of Information Technology Resources. Please see Wellesley's Copyright Policy for more information, or the brochure Sharing Music and Movies: Your Responsibilities at Wellesley College with Respect to Copyright Law.
We encourage all users to uninstall any file sharing programs and not use them. If you must use them for legitimate purposes please follow the directions on our Peer-to-Peer File Sharing website to disable sharing of files from your computer or to remove some of the common file sharing applications.
Visit the University
of Richmond Intellectual Property Institute site to check out their documentary
on intellectual property and file-sharing,
titled "What Do
You Think?"
In addition to the critical vigilance you need to maintain, the College has in place many security measures to help keep your computers and your data secure. These include Cisco Clean Access. The College also has central e-mail anti-virus.
For a good, basic overview of CyberSecurity, we highly recommend taking a look at the government's Cyber Security Tips web site. An additional helpful resource for people who are interested in more information about CyberSecurity issues and guidelines is the Stay Safe Online web site.
|
|
|
