Notes on Computing Security
The C&NS staff does its best to keep our campus computing environment safe, but it is an uphill battle. There are some things that you, the user, can do to help.
Network Security Tips
- Don't share your username and password. We often hear stories about users who share passwords while they are on vacation or out sick. We also occasionally hear about people using the accounts of people who no longer work at the university or who have transferred to another department. If you need to have an account created for you on a system, or if you need more access privileges for your existing account, please contact the administrator of the system (simply call ext. 4069 to reach the C&NS Help Desk). There is never a reason to share passwords.
- Use a strong password. A strong password is at least nine characters long, preferably more, with a mix of numbers, upper and lowercase letters, and special characters like %, #, and *. Your password should not contain any words that can be found in a dictionary, written forwards or backwards. A "dictionary attack" is one of the first things an intruder will try if they are after your password. Do not use names, phone numbers, Social Security numbers, birth dates, anniversary dates, or words easily guessed. An example of a bad password is muffin. A better password would be M!u@F#fin208.
- Change your password regularly. You should be in the habit of changing your network account password on a regular basis. At least every 30 to 45 days, more often if you have access to sensitive information.
- Don't write your password down. Please choose a password and then memorize it. If you absolutely must write down a password, keep it on your person. Treat it like a credit card or your driver's license. A post-it note under the keyboard is not secure.
- Be careful about file sharing. If you set up file and print sharing on your PC or Mac and share a folder on the network, please password protect it. Remember that anyone on the campus network can see your shared folder in the Network Neighborhood or in the Chooser. Sensitive information should never be stored in a shared folder on your office computer. If your department needs to have a space for shared files on the network, please contact Computing and Network Services at ext. 4069.
- Don't install software on your office computer. It's no fun, but you should not install any software on your office computer. This includes those neat screen savers, on-screen fireworks programs, etc. Only C&NS technicians are authorized to install software. The internet "bad guys" often use these fun programs to deliver viruses or other malicious software. This method of delivery is known as a Trojan Horse. Remember that you are responsible for what happens on the computer assigned to you.
- Fight viruses. Make sure that you have a working anti-virus program installed, and that it is frequently updated. If you are unsure how to do this please call C&NS Support Staff at ext. 4069 and request assistance.
- Log out. Get into the habit of logging out whenever you step away from your desk. Crimes committed using your network account will be traced back to you. Be safe, log out.
Some "Safe E-mail" Tips
- Passwords. Treat your e-mail account password as your would your network account password. See Items 1 through 4 above.
- Be careful with attachments. Never open attachments that you were not expecting. The opening of unexpected attachments can spread many hostile Trojan and virus programs. Many viruses hijack the sender's e-mail program and force it to send a malicious attachment without their knowledge. When in doubt call the person who sent you the e-mail before you open the attachment.
- Know where you're going before you click. Be very careful following website links sent to you in e-mail. If you are not sure of the website listed, do not click on the link. There are hostile sites or inappropriate sites that should not be visited.
- Remember acceptable use. Never send inappropriate or illegal items through e-mail. E-mail is not considered a private form of communication. It's not very hard to capture e-mail messages as they travel across the internet. A rule of thumb is to never send anything in an e-mail you don't want others to see.
- Control attachment size. Do not send very large attachments via e-mail. Very large attachments will slow down everyone's access to the e-mail services and may result in your e-mail access being terminated. One megabyte (1024 bytes) should be the size limit for an attachment.
- Log out. Do not leave your e-mail account logged in. Get into the habit of checking your e-mail on a regular basis and logging out. This keeps your account safe and frees up resources for others.