ffice of Info
Of S nd
ormation Security an Identity Services
uly
Ju 2011
mputer and Info
Com a n de
ormation Security Guid
sion 060611
Vers 1
This document vailable online at the
t is also av tion Servic
e Informat ces Websitee:
http:// services.ne
/www.infos eu.edu/get_help/con EC_packet_f
ntent/ITSE .pdf
_for_fall11.
ffice of Info
Of S nd
ormation Security an Identity Services
une 2011
Ju
ter formation S
Comput and Inf uide
Security Gu
ear Membe of the University community
De ers U c y…
N
Welcome to Northeastern. The safety and secu nt
urity of the computing environmen is essent tial to the
lea unctions of the Univers
arning and business fu ormation sec
sity. All the while, info ats
curity threa are all
ar ms, e c
round us. Viruses, worm spyware and bots can stop com mputers cold, invade privacy, interfere with
wo c esources, steal information, and cause inconvenience. Inattention to basic
ork, drain computer re n
ecurity and privacy concepts can cause inconv
se c s,
venience, financial loss and a var er
riety of othe serious
nd
an costly con nsequences.
Unn-patched computers, those with missing or out-of-dat antivirus software, those with missing,
c r te s
we tive passwor
eak, or easily-guessed administrat guest accoun
rds, open fi le shares, g re,
nts, spywar or out-
of-date oper rating syste n
em and/or application software are highl ble to com
ly vulnerab mpromise.
Co d s
ompromised computers often become slow and unsta able; damaging data; betraying sensitive
formation; infecting oth healthy computers; and disrup
inf i her ; pting both y and that of o
your work a others. In
ma ed
any cases, compromise computers eventually become u nd
unusable an must be re-imaged, resulting
in inconvenien me, tion.
nce, lost tim and in some cases, loss of critical informat
Seecurity is a shared reesponsibili ity. To assist the commmunity in u ng
understandin how to s safeguard
gainst inform
ag mation secu
urity threats the Office of Inform ation Secur
s, e entity Servic
rity and Ide ces offers
mation Secu
this Computer and Inform des
urity Guide. This year’s guide includ these se ections:
• myChecklist for Com on
mputer and Informatio Security y
• f ting your myNEU Acco
Checklist for Protect m ount
• Router/Wireless Acc S equiremen and Rec
cess Point Security Re nts commenda ations
• t
Notice to the Universsity Community: Mannagement o Copyrigh Infringe
of ht ement Com
mplaints
• 2011 Gene eral Compu nformation Security R
uter and In ndations
Recommen
• Managing Your Elect utation
tronic Repu
his a ble nformation Services we bsite at
Th guide is also availab on the In S
ttp://www
ht w.infoservic ces.neu.ed
du/get_hel t/ITSEC_pa
lp/content/ _fall11.pdf
acket_for_
hanks for do
Th art k
oing your pa to help keep the Norrtheastern c
computing e t ailable
environment a safe, ava
nd ce d,
an effective workspace. If assistanc is needed please co S esk
ontact the IS Service De at x4357, or
S tsecurity@n
Information Security at it neu.edu.
ours in security,
Yo
Maark T Nard done,
curity and Id
Director, Information Sec vices
dentity Serv
ortheastern University – Ju
No U I Security Guid – Page 2
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
ecklist for Comput
myChe Informati
ter and I rity
ion Secur
tep
St ons
Actio heck
Ch
1 Got a new comp puter?
Before connecting a new com he for
mputer to th internet f the first time, learn how
to do it safely:
//www.us-ce
http:/ ding_room/before_you_
ert.gov/read _plug_in.html
//www.microsoft.com/a
http:/ athome/secu e/newcompu
urity/update uter.mspx
2 A
Got Antivirus ?……Obtain, install and update an ntivirus sof ftware.
Down ntec antiviru FREE by logging into your myNE account. Note:
nload Syman us l o EU
ng or ty e
If usin a personally-owned computer fo Universit business, contact the IS
ce
Servic Desk (x4 o
4357) for assistance in obtaining an tware.
ntivirus soft
3 A S U
Get Automatic Software Updates.
te em
Updat your operating syste and application softw t,
ware. Next configure your
computer to auto pdates.
omatically download up
ts:
Microsoft product
http://www.microsoft.co om/athome /update/d
e/security/ default.msppx
e h
Apple products: http://ww ww.apple.coom/suppo rt/downloads/
r site for you r supplier or manufactu
Other products: Please consult the webs urer.
4 S
Got Spyware Pr rotection?
ct s uter.
Protec your privacy! Keep spyware off your compu
P
Pest Patrol: http pestpatrol.
p://www.p .com
op:
SpyCo http:// /www.spyccop.com
Lavas asoft.com/
soft: http://www.lava /
re
Note: The listed products ar for inform mation purpooses only. NNortheastern n
Unive s
ersity makes no warrant esentations as to the fit
ties or repre tness, suitability
s.
or efficacy of these products
5 F
P2P File Sharing and Copy yright Checkup
ete
• Dele illegally- d
-downloaded materials before con nnecting to a work.
any NU netw
• Read user docu y
umentation and privacy policies bef p2p software
fore using p e.
eing shared from your
• Assure sensitive/copyrighted materials are not be
computer.
• Read more abo file sharing at http://
out /www.music ,
cunited.org/, and
.campusdow
www. om
wnloading.co
e U
• Read the Notice to Students and the University C on
Community o Managem ment of
Copyr gement Com
right Infring mplaints, included with t this guide.
• You will be noti a d ace
ified if you are involved in illegal d ownloading and may fa
ersity Sanctions.
Unive
tinued on ne page…
Cont ext
ortheastern University – Ju
No U I Security Guid – Page 3
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
ecklist for Comput
myChe Informati
ter and I rity
ion Secur
tep
St ons
Actio heck
Ch
6 Manaage Your Security Set ttings and Backup
nge the adm
-Chan e
ministrative password on your com puter. Make it hard to gguess.
p
-Keep your administrative password to yourself.
p ter
-Keep all comput and syst tem passwords to yours use r’s
self. Never u another
word.
passw
r
-Remove un-necessary user accounts fr rom your coomputer.
a urn
-Remove guest accounts. Tu off file-s ures.
sharing featu
n
-Turn off un-neceessary servi s
ices such as web, FTP, etc.
r
-Use a built-in or personal firewall.
kup critical data often.
-Back d
ve,
>Use a “usb” driv zip disk or other sto e.
orage device
>Use built-in bac es
ckup feature of your operating sys ailable.
stem, if ava
>Con ng
nsider makin more than one backu copy.up
re
>Stor backups in a safe pla ace.
7 Subs ecurity Alerts
scribe to Se
b mputer secu
Get breaking com y.
urity news automatically
//www.us-cert.gov/cas/
http:/ ml
/signup.htm
8 Stay Informed. Be ready to act.
tain awarene of comp
Maint ess ty nd
puter securit events an news in t print
television, p
nternet med
and in ories are iss
dia. If adviso sued, seek information and take
protective actions immediate ely.
Microsoft link:
//www.micr
http:/ athome/secu
rosoft.com/a /default.ms
urity/online/ spx
k
Check out the lat o x
test threats and how to prevent/fix infections on the NU
rity alert das
secur shboard:
//www.infos
http:/ u.edu/get_help/symant
services.neu tec_norton__alerts.html
h r
Watch the myNEU portal for announcem ments.
http://myneu.n neu.edu
9 Be reeady to con e
nnect once on campu us.
urchase a CA
Before arrival, pu able. These cables
AT5E or higher 25 foot Ethernet ca
can easily be obt ost
tained at mo nationally-known ha ores, computer
ardware sto
s e F ho ve
stores and online vendors. For those wh may arriv without a cable, cab bles
vailable for purchase fr
are av rom the NU Bookstore, and/or the ResNet Res source
er.
Cente Note: Ev p e n
ven if you plan to use wireless service, an Ethernet cable
rt
is your passpor to the wired netwo event of wi
ork in the e ireless servvice
interruptions.
tinued on ne page…
Cont ext
ortheastern University – Ju
No U I Security Guid – Page 4
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
ecklist for Comput
myChe Informati
ter and I rity
ion Secur
tep
St ons
Actio heck
Ch
0
10 rity Streetw
Become “Secur wise”
ect
Prote your ac d
ccounts and digital de evices:
er ur ds. se s
-Neve share you password Never us another’s password.
e rd
-Make your myNEU passwor and passw word reset c nswer comp
challenge an plex
h ss.
and hard-to-gues
ect ptop by using a security cable.
-Prote your lap g y
er mputing dev
-Neve leave com vices unatten ven for a m
nded, not ev moment.
ect
Prote your pr rivacy and online safe ety:
p
-Keep personal in t
nformation to yourself. http://www ivacy/consum
w.epic.org/pri mer/
b ng
-Use discretion before sharin your pict onal information.
ture or perso
e d
-Make informed decisions ar f
round use of social netwworks.
’t
-Don’ give persoonal informa ponse to e-m
ation in resp mail or web forms.
’t o
-Don’ respond or reply to sp e
pam. Delete it instead.
’t o
-Don’ respond to phishing. http://www.antiphishing g.org/
-Guar identification, credit cards, pass
rd cuments.
sports and s ensitive doc
a ed n
-Be careful what you throw away. Shre sensitive information promptly.
nd y ss g.
Atten Security Awarenes Training Visit www for
ces.neu.edu f
w.infoservic
class schedules.
pecial Note about Bec
Sp e curity Stre
coming Sec eetwise…
P NG ON’T TAK THE BAIT!
PHISHIN – DO KE
e u
During the year, you may receiive many e-mail mes
e ssages aski ur me
ing for you user nam and
passwo onic accounts. These messages often look official, a
ord to various electro e s k and
sometimes include logos and ot
s ther inform make the m
mation to m ok
message loo legitima ate. The
messag ges may ev he f
ven carry th name of a person you know to be trus as
sted, such a a
niversity of
Un nother wel l-recognize name.
fficial or an ed
These me
T a wn
essages are know as “ph resent attempts b bad
hishing”, and repr by
s o ectronic account(
actors to gain access to your ele (s).
ch f nt, re
ALL suc messages are fraudulen and ar never sent by N stern
Northeas
niversity or any ot
Un timate bu
ther legit usiness.
a
NEVER reply to any mess sage seek me
king you r usernam and/or passw
word.
nstead, im
In mmediat te
tely delet the me essage.
ortheastern University – Ju
No U I Security Guid – Page 5
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
ecklist fo Protect
Che or r
ting your myNEU Account
our myNEU account is your passport to a world of inf
Yo w nic
formation and electron services. To help
rotect your account from unauthori
pr a m , se
ized access, follow thes steps:
tep
St A
Actions C
Check
1 C ur p
Change you myNEU password. Choose a p at
password tha is strong and
ss. re sword is at l
hard to gues Make sur your pass racters long, with at
least 8 char ,
east…
le
case charact
• one upperc ter
ter
• one lowercase charact
ric
• one numer character r
For example:
W
Weak passwword: droopyjaw
B word: droop
Better passw pyjaw5 (note use of a number)
S
Stronger paassword: DroopyJaw5 (note use o a numbe + uppercase)
( of er
E r
Even better password: Droopy$Jaw5 (note uuse of “$” character
r)
D mples for your myNE account
Do not use these exam y EU t.
2 C
Choose a pa assword re eset challenge questi re
ion and answer wher the
a n ere
answer is nonsensical, and whe only yo u will unde e
erstand the
elationship between the questi
re p e
ion and the answer. T ord
The passwo reset
e e ter
challenge answer is case sensitive, so use case to help det guessingg.
F
For example:
C uestion: wha is my se
Challenge qu at me?
ecret sham
C nswer: eating YELLOW flowers
Challenge an
C uestion: Wha are the marks of the beast?
Challenge qu at ?
C nswer: PINK elephants with sho es
Challenge an K s
D mples for your myNE account
Do not use these exam y EU t.
N a f f
Never use any of the following for passwo ords or pas ssword reset
a
challenge answers
w ,
• common words, dictionary words, phone num mbers, sequences of nu umbers
er, k,
• name of family membe favorite color, drink song, perf former, pet name,
ny p vailable: Think Facebook!
car brand, an information that is publically av
3 N
NEVER share your myN rd hallenge que
NEU passwor or passw ord reset ch estion.
D
Doing so com y nt, lt y
mpromises your accoun can resul in identity theft, and is a
iate Use Policy.
violation of the Appropri
4 C r
Change your myNEU password and password r nge answer
reset challen
requently. Consider eve 90 days or more fre
fr C ery equently.
Cont ext
tinued on ne page…
ortheastern University – Ju
No U I Security Guid – Page 6
une 2011 Computer and Information S de
Office of Information Security and Identity Services
Router/Wireless Access Point Security Requirements and Recommendations for ResNet
June 2011
This section of the Computer and Information Security Guide describes required and recommended
security practices to be used with privately-owned routers and/or wireless access points connected to
ResNet ports in those areas of the University where connection of these devices is allowed. At the
current time, privately-owned routers and/or wireless access points may be connected in any location
which is not blanketed by NuWave wireless networking service. For example, International Village is
blanketed by NuWave wireless network service, and therefore, use of privately-owned wireless access
points/routers in International Village is not permitted.
NOTICE
Owners/operators of routers and/or wireless access points are solely responsible for the
security and access control for their devices, and are liable for the actions of anyone
accessing ResNet through their device(s). For more detailed information on these
responsibilities, please read the Appropriate Use Policy, located at
http://www.infoservices.neu.edu/aup.html
Requirement or Recommendation myNotes Check
Use this space for your
notes…
1 STRONGLY RECOMMENDED
Keep all documentation supplied with your
equipment. You will need information from these
documents in order to register your router and/or
wireless access point on ResNet, and in instances
where you contact the manufacturer for
troubleshooting or warranty support.
2 REQUIRED
Register your desktop or laptop computer first, then
register other devices.
After registering, the desktop or laptop computer, it
is recommended to reboot the router/wireless access
point.
3 REQUIRED
ALL devices connected to ResNet, including
computers, XBOX, PlayStation, routers or wireless
access points MUST be registered on ResNet in the
legal name of the owner, using the factory-assigned
MAC address of the device. Operation of unregistered
devices, provision of false or misleading information
during registration, or MAC address alteration
(spoofing) violates the Appropriate Use Policy, and
may subject the violator to suspension of service
and/or referral to the Office of Student Conduct and
Conflict Resolution.
3A) If your device does not have a built-in web
browser, it MUST be brought to the ResNet Resource
Center to be registered.
Continued on next page…
Northeastern University – June 2011 Computer and Information Security Guide – Page 7
Router/Wireless Access Point Security Requirements and Recommendations June 2011 –
(continued)
Requirement or Recommendation myNotes Check
Use this space for your
notes…
4 RECOMMENDED
Select an appropriate installation location for your
device(s). Choose a location that does not create
safety or security hazards, and that limits the spread
of your wireless signal. For example, do not mount a
wireless access point in a window. Rather, choose a
location on an inside wall, under a desk, or near the
floor. If your device features a security slot, purchase
an appropriate locking cable, then secure one end to
your device and the other end to an immovable fixed
object.
5 STRONGLY RECOMMENDED
Change the default administrator password that came
with your router/wireless access point. You will use
this password when configuring your wireless access
point. Choose a hard-to-guess password, and keep it
to yourself. Never give the administrative
password for your device to another person.
6 REQUIRED
Change the SSID (service set identifier) from the
default value to a value that will help the University
locate your wireless access point in the event your
device interferes with University-provided services. A
suggested format is your building name and room
number, for example: WAP-WVE-0105.
Note 1: Ensure you use the room number to which
you are assigned. Falsification of SSID information in
an effort to mislead is a violation of the Appropriate
Use Policy, and may subject the violator to suspension
of service and/or referral to the Office of Student
Conduct and Conflict Resolution.
Note 2: Never use the SSIDs “NUwave”, “NUwave-
guest”, or any variants of an SSID using the letters
“NUWAVE” or “NUwave-guest”. These SSIDs are
reserved for University use only. Unauthorized use of
University-reserved SSIDs may subject the violator to
suspension of service and/or referral to the Office of
Student Conduct and Conflict Resolution.
Continued on next page…
Northeastern University – June 2011 Computer and Information Security Guide – Page 8
Router/Wireless Access Point Security Requirements and Recommendations June 2011 –
(continued)
Requirement or Recommendation myNotes Check
Use this space for your
notes…
7 REQUIRED – TAKE SPECIAL NOTE!
If your wireless access point is using 802.11b/g, set
your wireless access point to use only channels 1, or
6, or 11 for this version of 802.11.
8 STRONGLY RECOMMENDED
Enable MAC address filtering. This allows you to
specify which computing devices may connect to your
wireless access point. To use MAC address filtering,
obtain the wireless card MAC address of those devices
you wish to admit to your wireless access point, then
enter the MAC address(es) in the appropriate screen
of your router/wireless access point management
software.
9 REQUIRED
Do not hard-code DNS settings in your router or
wireless access point. Use only DNS settings provided
automatically by the University.
10 STRONGLY RECOMMENDED
Turn OFF your wireless access point and all computing
devices when not in use. This practice helps minimize
exposure of your devices to hackers, and contributes
to creating and maintaining a green campus.
Continued on next page….
Northeastern University – June 2011 Computer and Information Security Guide – Page 9
Router/Wireless Access Point Security Requirements and Recommendations June 2011 –
(continued)
Requirement or Recommendation myNotes Check
Use this space for your
notes…
11 REQUIRED
11A) Set your router/wireless access point to obtain a
DHCP address from Northeastern. Look for words like
“Automatic Configuration”, “DHCP client”, and
“Internet Connection Type”.
11B) Domain name should be set to “neu.edu”.
11C) MTU size should be “automatic”, or up to 1500 if
automatic is not an option on your access point.
11D) Set your wireless access point as a DHCP server,
and to give out IP addresses in one of the following
ranges:
10.0.0.0 - 10.255.255.255, or
172.16.0.0 - 172.31.255.255, or
192.168.0.0 - 192.168.255.255
Never set your device to give out IP addresses
other than those shown above.
11E) If your router/wireless access point features a
time zone setting, use the “Eastern” time zone.
Set your router/wireless access point to give out only
the minimum number of IP addresses needed at any
one time. For example, if you need to allow five
people to connect to your wireless access point at any
one time, set your wireless access point to give out
only five (5) IP addresses.
12 REQUIRED
Do not set your router/wireless access point to act as
a bridge.
13 STRONGLY RECOMMENDED
If feasible, set your wireless access point to use either
802.11a or 802.11g mode. Do not use 802.11b or
802.11n “only” modes, since these modes can cause
interference to other wireless devices.
Continued on next page…
Northeastern University – June 2011 Computer and Information Security Guide – Page 10
Router/Wireless Access Point Security Requirements and Recommendations June 2011 –
(continued)
Requirement or Recommendation myNotes Check
Use this space for your
notes…
14 STRONGLY RECOMMENDED
Set your wireless access point to use encryption such
as WPA or WPA2, and be sure to change the default
key to something hard to guess, and that only you will
recognize. The key should be random, and at least 20
characters in length. Give the key to those whom you
wish to allow to connect to your device. Change the
key often, especially after allowing one-time users
such as visitors to access ResNet through your device.
15 REQUIRED
Use AP-mode or Infrastructure setting on the wireless
access point. Ad-hoc mode should NOT be used on
access points or workstations.
Wireless Access Point Manufacturer Web Sites
For more information about commonly-available wireless access points, please refer to the website
recommended by your manufacturer. The following websites may also be valuable for information
purposes:
http://www.linksysbycisco.com/US/en/home
www.netgear.com
http://www.apple.com/
www.hp.com
http://www.trendnet.com/?todo=home
NOTICE
Approval to install privately-owned routers/wireless access points applies at this time to
ResNet only. Use of privately-owned devices such as hubs, switches, routers, wireless
access points and all other non-University installed and owned networking equipment on
NuNET is permitted only as may be agreed in writing between a department and the
Information Services Division. For more information, please refer to the Appropriate Use
Policy at http://www.infoservices.neu.edu/aup.html
Northeastern University – June 2011 Computer and Information Security Guide – Page 11
Router/Wireless Access Point Security Requirements and Recommendations June 2011 –
(continued)
Example Set Up Notes
Linksys/CiscoWRT610N Dual Radio Wireless Access Point
NOTE: Other makes and models of wireless access points should have similar options.
Basic Setup
1. Force the WAP to use DHCP to procure an IP address from Northeastern. Look for worlds like
Automatic Configuration, DHCP Client, and Internet Connection Type.
2. Use a unique HOST NAME. The recommendation is to use the Building Abbreviation followed by
your assigned suite Number, i.e. WVG-1204. It should be UNIQUE.
3. Domain Name should be neu.edu
4. MTU Size should be AUTOMATIC or up to 1500 if AUTO is not an option. Larger than 1500 will
cause packets to be dropped. Smaller may cause performance issues due to fragmentation.
5. ENABLE the DHCP server on your WAP. All the default values should be ok.
6. Set the Time Zone and adjust for Daylight Savings Time, if desired. As of Fall move-in, Boston is in
the Eastern time zone, or GMT -5.
Wireless Setup
7. Select SSIDs that are unique. It is suggested to use a unique HOST NAME as in step 2 above. If
your wireless access point supports both 5GHz and 2.5GHz on the same device, you will potentially
have two SSIDs. Append a 5.0G or 2.4G on the end of the HOST NAME to make your SSIDs unique.
8. If you have a 5GHz radio in your WAP, you can support 802.11a and 802.11n. Mixed Mode will
support both.
9. If you have a 2.4GHz radio in your WAP, you can support 802.11b and 802.11g, as well as a
subset of 802.11n. Mixed mode will support all three. You can disable support for 802.11b if you
like, unless you wish to connect some 802.11b devices to your WAP. Be advised that even one
802.11b device will slow down all other connections on your WAP.
Wireless Security Setup
10. Use WPA2-Personal or AES encryption if supported. Failing that, use WPA-Personal or TKIP.
Please avoid using WEP security, as it features no practical security, and can cause your WAP to
become exposed to shutdown in the event of conflicts or security exposures.
11. Using WPA-Personal (TKIP) or WPA2-Personal (AES) encryption will require the use of a shared
key. When utilizing WPA2-Personal, some WAPs have a mixed mode which allows you to use either
TKIP or AES. If you have some older devices, you may wish to allow either mode.
Continued on next page…
Northeastern University – June 2011 Computer and Information Security Guide – Page 12
Router/Wireless Access Point Security Requirements and Recommendations June 2011 –
(continued)
Example Set Up Notes (continued)
Linksys/CiscoWRT610N Dual Radio Wireless Access Point
Security Settings
13. If your WAP has a firewall built-in, enable it. Be advised that for your protection, ResNet does
not accept incoming connection requests from outside the University network. Therefore, all incoming
traffic you see will be local to the University. Should you encounter problems, disable the firewall to
troubleshoot.
14. FTP Server – If available, consider disabling. Use MyFiles on the myNEU portal instead.
Device Administration
15. Alter the default password to be something hard to guess, and Disable Remote Management. Be
aware that once local management via Wireless is disabled, the WAP can only be managed via a
wired port.
16. Know how to get back to factory defaults, via the GUI and via powering down the WAP. Learn
reset procedures.
17. Periodically verify your WAPs firmware is current. Instructions should be found in the
manufacturer’s paper or electronic documentation/website. CAUTION: Errors made during firmware
updates can render your WAP inoperable. When updating firmware, print out and follow update
instructions carefully.
Wireless Printing
18. Wireless printing, while being commercially available, isn’t always as reliable as desired. If your
printer has a network (Ethernet) port, it is recommended to connect it to a wired port on your WAP.
Alternately, a printer may be connected to a USB or parallel interface on your PC. A Print Server
typically has a USB port as well. Plug the Print server into -WAP, and the printer into the Print Server.
If possible, use the same vendor for both the WAP and Print Server.
Commonly-used wireless device models
(For Information Purposes Only)
Two commonly-used and generally available wireless access points are the Cisco/Linksys WRT54GL,
and the Cisco/Linksys BEFSR41. Please note, the University makes no warranties nor endorsements
of any kind with respect to these devices.
WRT54GL (wireless access point and router combination)
http://www.linksysbycisco.com/US/en/products/WRT54GL
BESFR41 (wired router with four port switch)
http://www.linksysbycisco.com/US/en/products/BEFSR41
Northeastern University – June 2011 Computer and Information Security Guide – Page 13
tice to Stu
Not d
udents and the Univ ommunity
versity Co y
agement of Copyrig
Mana ngement C
ght Infrin ts
Complaint
nded 6/10/0
Amen 09
In early 2007, the Recordding Industr Associatio of America (RIAA) c
ry on garding
changed its strategy reg
opyright infringement co
co T y act e
omplaints. This strategy may impa you. The University is also requ uired by
w y tional inform
law to notify you of addit nt,
mation about copyright infringemen so we feel it is impoortant to
hare the details of the RIAA’s strate
sh R ditional infor
egy and add rmation.
Doownloading and/or shar s
ring of copyrighted content such as movies, m music or softtware without
pe w
ermission, whether throough peer-to o-peer netw y
works or any other meth n
hod, without permission of the
opyright hold or their designated agent, is bo illegal a nd a violatio of Northe
co der oth on versity’s
eastern Univ
Ap U http://infose
ppropriate Use Policy (h ervices.neu.edu/aup.ht ml) which a of
applies to all members o the
un mmunity. En
niversity com ngaging in such activitie may subj
s es ere
ject the violator to seve penaltiees,
cluding but not limited to impound
inc dment of com mputer equi ipment, sub es, ers
bstantial fine and orde to
ease activitie Engaging in the acti
ce es. g ivities descr
ribed above may also re ere es
esult in seve penaltie at the
Un vel.
niversity lev
While the University does not monito content, the Recordi ng Industry Association of America (RIAA)
s or y n a
nd
an other org a
ganizations actively do so via the In
s d,
nternet, and on occasion, issue co o
omplaints to internet
ervice provid
se ders, including the Univ ers
versity, whose subscribe are alleg ngaging in t
ged to be en these
ac nerally, at the time of the complain the RIAA or other co
ctivities. Gen t nt, A omplainant is only aware of the
ne ess om
etwork addre of the computer fro which co opyrighted m s
material was alleged to have been shared
nd
an not the id he
dentity of th individual community member. A
l y y,
Additionally the RIAA aand other external
or s,
rganizations do not have access to Northeastern’s networ ks, systems nor confid dential information,
inccluding indivvidual commmunity mem mber’s persoonal informaation stored on university systems. .
When the University rece mal nt, e
eives a form complain the Office of Informa ity
ation Securi investiga ates and
takes appropr , o er
riate action, including outreach to the commu nity membe and recom mmends how w
aff s ce
fected users may regain complianc with law and Univers Any time be
sity policy. A g,
efore, during or
ter
aft this proc m o
cess, the complainant may seek to subpoena University r e
records to establish the identity
a d ginal compla
of the person tied to the computer address cited in the orig University re
aint. If the U eceives
uch a subpoe
su dividual who records are sought is notified a
ena, the ind ose n
and given an opportunit to ty
ob ation. The person may at their ow expense s
bject to the release of their informa p y wn seek legal
effort is not successful w
representation in an effort to quash the subpoena. If this e within the time
ame demanded in the subpoena, th Universit must rele
fra s he ty ease the req quested info ormation to the
omplainant.
co
he A
Th new RIAA strategy in ew nt s
ncludes a ne documen known as a "settlement letter", which cites the
omputer add
co ender, and requests the internet se
dress of the alleged offe r e ard
ervice provider to forwa the
tter to the user who is alleged to have infringe RIAA cop
let u h ed orms the use they
pyrights. The letter info er
ha 0) c R
ave forty (40 days to contact an RIAA legal re epresentativ or face be
ve n
eing sued in Federal Coourt. The
tter also fea
let b
atures a web link (URL), where the user may p ter
pay to “settle” the matt using a c credit
ard. These le
ca urrently defined, are ne
etters, as cu documents nor formal c
either legal d to
complaints t the
un d
niversity and do not com t
mpel the university to take any spe ecific action .
Me he ty
embers of th universit communit who chos to violate copyright p
ty se e protections and univers sity policy
re y a he y e
ar personally responsible for their actions. Accordingly, th University will not be a party to these
ctions nor to “settlemen discussio
ac o nt” ng
ons in these matters. U pon receivin a “settlem ”,
ment letter” the
niversity will not disclos the identi of the co
un se ity ommunity m member in question to t the RIAA nor will the
niversity retransmit the ‘settlement letter’ to the commun
un t r.
nity member To summarize, comm munity
meembers (stuudents, facu ging in illeg al download
ulty, and/or staff) engag sharing usin
ding or file s ng
No ng ir
ortheastern networks and/or systems are doin so at thei direct, pe ersonal risk a ely
and are sole
or a ces
responsible fo any and all potential consequenc of their actions.
ortheastern University – Ju
No U I Security Guid – Page 14
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
11
201 General Computer and Inform mation Sec curity Reco ommendations
y A (AUP)
Read and comply with the Appropriate Use Policy (
w.infoservic
http://www u/aup.html
ces.neu.edu
hysical Secu
Ph urity
•L Cs, s
Lockdown PC laptops, flat panel displays, printers and other h ems.
high-value ite
•N m ble
Never leave mobile/portab devices unattended.
•L o w w u
Lock doors to rooms and workspaces when not in use.
•L ers
Lock desks and file drawe when unat ttended.
Do
• D not allow unknown per rsons to use your comput ting devices.
•SShred un-neeeded materials containing sensitive or confidential i
information.
asswords
Pa
Define a stron administra
•D ng omputer, and keep it to yourself.
ative password on your co d
Change the administrative password often.
•C a e
Define strong passwords. Use a combination of letters and num bers. Don’t use dictionar words.
•D g ry
Avoid writing passwords down.
•A d
Change all pa
•C quently.
asswords freq
Never share passwords.
•N p
Never check the “rememb my passw
•N t ber d
word” box in dialog boxes.
Yoour personal privacy
It re g
• I is not necessary to shar everything about yours ers.
self with othe
•K ve
Keep sensitiv personal in nformation to yourself.
•TTrust is earne Look to establish trust first, then consider shari
ed. t ing, but with discretion.
•DDon’t be afraid to say “I’d rather not share that info
ormation.”
•WWhen someon asks you for personal information, don’t be afra to ask the
ne f i aid em:
>w
what items of informatiion are you collecting ?
why are you collecting the informa
>w u ation ?
how will the informatio be used ?
>h e on
with whom will the info
>w e
ormation be shared ?
how will the informatio be protec
>h e on cted ?
r wer kly sely, refrain
If the person asking you for information cannot answ all the qu estions quick and concis
fro giving out your information.
om t
Protect your e-mail addres
•P e ss.
Avoid configu
•A al n eb
uring persona information into your we browser sooftware.
Configure you web brows software to clear perso
•C ur ser t tion when quitting the bro
onal informat owser.
Reespecting ot cy
thers’ privac
•D o nal
Don’t share others’ person or confide ation.
ential informa
Use
• U of web ca ams or other technologies to capture, transmit or r
s record video aand/or audio in locations
whhere a reason ation of privacy exists may violate the Appropriate Use Policy. N
nable expecta y e
Never engage in
thi activity unless permission has first been obtained from all per
is b d rsons to be d /or
depicted and/ recorded.
tinued on ne page…
Cont ext
ortheastern University – Ju
No U I Security Guid – Page 15
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
11 mation Sec
201 General Computer and Inform ommendations
curity Reco
(continued)
ntivirus and firewall sof
An ftware
Install and maintain anti-v
•I ewall software on every co
virus and fire e omputer you own.
Schedule auto
•S omatic virus definition updates.
E-mail
Don’t click on or open une
•D n expected messsages or atta nks or messages from unk
achments, lin known senders.
Don’t open messages with unrecognize subject lin
•D m h ed nes.
Never reply to unsolicited e-mail or we forms.
•N eb
Never click on an unsolicit
•N n ted web link.
Never respon to a reques for your pa
•N nd st assword. All such requests are fraudulent.
s s
Prrotecting your identity
•P S d se
Protect your Social Security Number, driver’s licens number, a nd passport number, as w well as
do w n
ocuments on which these numbers app pear.
•DDon’t write doown PIN num t S ty
mbers. Do not carry your Social Securit Card.
•A o
Avoid giving out personal information unless you in ransaction.
nitiated the tr
•P w se
Protect your wallet or purs from loss or theft.
•C tly
Collect paper mail prompt from your mailbox.. Sh hred confiden ntial information before discarding.
•C ng
Check bankin and credit card stateme ents for accuracy. Report any suspicious transactio ons immediately
al
to your financia institution.
•CCheck credit report regula e sual activity i
arly. Report errors or unus ant
immediately to the releva financial
stitution and all three cred reporting agencies:
ins dit
quifax: http:/
Eq fax.com/hom
//www.equif me/
rans-Union: http://www.transunion.c
Tr com/
xperian: http
Ex p://www.experian.com/
onfidential Information
Co I
Never discuss confidential information in public plac
•N s ces.
Keep your de clear of se
•K esk ensitive information.
Secure sensit
•S ion in locked containers.
tive informati
Shred unwanted/unnecess
•S sary papers.
nstant Messa
In A
aging and Audio/Video Chat
•N d
Never accept unsolicited downloads/of ffers.
•N s
Never discuss confidential information on chat.
•NNever use IM or IRC to au sactions or pa
uthorize trans ayments.
Be f ers chat.
• B mindful of the privacy rights of othe who may be range of your video and/or audio c
pyware/Troj
Sp jan Horse/K Keylogger detection
•C aintaining spy
Consider installing and ma yware/Trojan detection soft
n/keylogger d tware on every computer
ou
yo own.
•A ming sensitive transactions on public workstations o open (hots
Avoid perform e w or ks.
spot) network When on
der
campus, consid using NuW Wave Secure wireless servvice.
tinued on ne page…
Cont ext
ortheastern University – Ju
No U I Security Guid – Page 16
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
11 mation Sec
201 General Computer and Inform ommendations
curity Reco
(continued)
Opperating Sys stem and Ap pplication Software
•K stallation med & license keys.
Keep original copies of ins dia
•R p
Register for product updat tes.
•MMonitor manu ufacturer web dates.
bsites for upd
Use
• U “auto upd es ng d
date” feature of operatin system and application websites.
ata
Da Managem up
ment, Backu and Stora age
Backup critica data daily. Use myFiles, USB stick or other meth
•B al hoice.
hod of your ch
Store backups in a safe lo
•S ocation.
Delete unnecessary files on a regular basis.
•D o b
aking your computer le
Ma c ve
ess attractiv to unauth horized user rs
Lock your dev
•L U c
vices down. Use security cables.
Before leaving your computer, always logout.
•B
Turn computing devices OFF when not in use.
•T O
Don’t write pa
•D d
asswords in, on or around computer or keyboard.
Consider stor
•C ring laptops and other high value porta
a ocked drawers/containers
able gear in lo s.
raveling with mobile de
Tr h evices
Secure all mo
•S g
obile devices using locking cables.
Never place a laptop in ch
•N hecked bagga age.
Avoid carrying a laptop in a “computer case”. Inste
•A r ss-conspicuo
ead, use a les ous carrier.
Onnline shoppi ing and auct tions
ay, net
(Sources: E-Ba FBI Intern Fraud Cen nter, Federal Trade Comm mission)
•D m
Deal with only reputable merchants. Check seller fe ore
eedback befo buying.
•CCheck website URL’s caref s e
fully. Make sure you have the correct site.
•BBefore supply e ge,
ying sensitive information to a web pag look for t ”
the “https://” in the URL.
•P w
Pay by credit card, never with a bank wire.
•C w
Consider avoiding sellers who demand Western Uni ion payment. .
•D d nsaction. Co
Don’t be lured off an auction site to complete a tran onsider using the site’s authorized
, or
escrow service, especially fo expensive items.
•B ng
Before sendin money, co w a
ommunicate with seller via email and p sible.
phone, if poss
•P andise descriptions, transa
Print records of all mercha communicatio
actions and c ers.
ons with selle
•N nd r c
Never respon to email or websites asking you to confirm inform as
mation such a name, pas ssword, or
edit card num
cre mber.
tinued on next page…
Cont e
ortheastern University – Ju
No U I Security Guid – Page 17
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
11 mation Sec
201 General Computer and Inform ommendations
curity Reco
(continued)
Siggns and sym c
mptoms of computer co ompromise
on gns
If a combinatio of these sig and symptoms are pr ur act et
resent on you computer, please conta the ResNe
Re er a
esource Cente or IS Service Desk for assistance.
•U d w ter u
Unexpected disk activity when comput is not in use.
•U f E s
Unexpected files appear. Expected files disappear.
•D tilization is higher than ex
Disk space ut xpected.
•C u
Computer is unusually slow or sluggish h.
Yoour Credit Report
It is recommen k st y.
nded to check your credit report at leas once yearly All consum tled to one fr
mers are entit ree
cre er he
edit report pe year. At th time of wri L is
iting, the URL to order thi report is:
htttps://www.an eport.com/cra
nnualcreditre a/index.jsp
CAAUTION ! Wh he L eb
hen typing th above URL into your we browser, p any imposter
please do so carefully. Ma
tes ry he L ve.
sit exist with spellings ver close to th official URL shown abov
nauthorized Interceptio of Electro
Un on onic Commu unications
nauthorized in
Un o c
nterception of electronic communicatio
ons may cons
stitute a viola ral er
ation of Feder law. Neve
engage in this activity.
opyright Res
Co sources
S e
US Copyright Office home page:
tp://www.loc
htt c.gov/copyright/
S
US Copyright FAQ
tp://www.loc
htt c.gov/copyright/faq.html
omputer Sec
Co urces
curity Resou
icrosoft: http://www.m
Mi om/security
microsoft.co y/
pple: http:/
Ap //www.info.apple.com/ /
ymantec: ht
Sy ttp://www..symantec.ccom/
ERT: http://
CE /www.cert.org/
U on
NU Informatio Security Resources
estions about information security, ple
If you have que t the Office of Information Security at
ease contact t
its
security@neu.edu.
ortheastern University – Ju
No U I Security Guid – Page 18
une 2011 Computer and Information S de
ffice of Info
Of S nd
ormation Security an Identity Services
E ic ation
Managing Your Electroni Reputa
On t
nline expression has become a component of individ dual reputa e
ation, where even yeaars later,
ectronic expressions can be eas
ele c bly leading to a varie
sily discovered, possib nticipated
ety of unan
onsequences
co s.
Coonsider mak ectronic reputation a po
king your ele rce r r
owerful and positive for for your life and for your
ture. Here’s how:
fut s
hen expre
Wh ourself o nline, consider…
essing yo
• You own and are responsible for what you say
Y w y.
• What you sa online wi likely be captured and stored fo rever, somewhere in c
W ay ill c cyberspace.
• What you sa can be fo
W ay orwarded an republish
nd hed without your knowle nsent.
edge or con
• What you sa is virtually impossibl to remove from cybe
W ay le e e
erspace once it’s out there.
• Others are likely to sea
O l d kely find your expressio
arch for you online, and they will lik ons.
• What they see might af
W s mpressions of you, and could affec decisions made about you.
ffect their im ct t
s naging yo
Tips for man ronic rep
our electr …
putation…
• Never use electronic ex
N e xpression to make a thr reat or to st others.
trike out at o
• Think before speaking, then speak as if the wo
T e k stening.
orld were lis
• Consider an respect difference.
C nd
• Be o s gs
B mindful of the rights and feeling of others s.
• Think about how others might perc
T t s y
ceive what you say.
• Express you
E ys
urself in way that supp port the life goals to whhich you asp pire.
• Not hat r y
N sure wh to say or how to say it? Ask for help.
Q ns
Have Question ?
ed
Nee Help ?
rs
If assistance is needed with matter of electro ssion and re
onic expres contact your advisor,
eputation, c r
pr pervisor, or itsecurity@
rofessor, sup @neu.edu
ortheastern University – Ju
No U I Security Guid – Page 19
une 2011 Computer and Information S de