CCS A Guide for Safe Computing

Document Sample
CCS A Guide for Safe Computing Powered By Docstoc
					                                                             CCS Help Desk                             CCS Reception
  CCS                                                        416-979-5000 ext. 6806                    LIB-B99
  COMPUTING AND COMMUNICATIONS SERVICES                                       350 Victoria Street, Toronto

                            A Guide for Safe Computing
Everyone has heard of Trojans, malware, identity theft and worms. Because of these and other threats
computer security has taken on an importance that never existed a few years ago. Malicious files
masquerading as legitimate files that can take over your computer and turn your machine into a “bot” to be
used by hackers for unsavoury or illegal purposes, web pages that you browse on the Internet may contain
malicious content; scripts can be embedded within HTML formatted email message bodies and some email
programs can be tricked into running raw code hidden within the message itself.

These and other threats place your computer and others on the RIN (Ryerson Information Network) and the
data on them at risk.

To thwart these potential threats Ryerson has implemented a layered approach to information security. This
architecture uses several different types of hardware and software to provide the best available level of
security. As a result Ryerson monitors the inbound and outbound traffic to the Internet, using information from
firewalls, anomaly traffic monitoring and warning systems, and e-mail filtering at its borders.

These systems cannot protect your computer from an inside threat - from a computer already on the RIN that
is seeking vulnerable computers.

Therefore, there are defensive steps you can take to protect yourself, and by so doing, help protect the other
computers running on the RIN. You can get started right away.

As a university, our openness, large number of computers and large amount of disk space, makes us a prime
candidate for attacks and probes by unwelcome visitors. In a day, there are literally thousands of attempts to
break into the Ryerson network and attached computers. It takes less than a minute for a Windows computer
to be attacked and compromised after being connected to the network if it is not behind a firewall, completely
patched, or running antivirus software. This can happen even before the machine has finished starting up. We
all have to protect ourselves in this new environment.

To make sure your computer is not vulnerable; you need to incorporate security measures on your
computer. Like the network components, a firewall, an intrusion detection and prevention system, operating
system patches, strong passwords, and antivirus software also need to be installed and kept up-to-date on
your computer to help secure it.

Anyone who is connected to the Internet should know about security.

                                A Guide for Safe Computing      |       Computing and Communication Services - Ryerson University     1
                                                                CCS Help Desk                             CCS Reception
     CCS                                                        416-979-5000 ext. 6806                    LIB-B99
     COMPUTING AND COMMUNICATIONS SERVICES                                       350 Victoria Street, Toronto

Tips on how to minimize the risk to yourself and others when computing anywhere:

Protecting Your System:

1.    Keep your operating system updated - Most desktop security incidents are centered on flaws in the
      operating system. As these flaws are discovered, vendors release patches to cover these security holes.
      By updating your operating system you ensure it has all the latest patches. Both Windows and Macintosh
      operating systems have Automatic Update features.

2.    Protecting against Viruses - Viruses, worms and trojans spread through many venues - network, E-Mail,
      Instant Messaging, hostile web sites. Get it, install it and maintain it. Make sure it is updated with the
      latest pattern files and scan your system regularly for malware. Ryerson students, faculty and staff can
      get McAfee Anti-Virus free from the following location:

3.    Protect Against Spyware - Spyware is software that collects personal information without your
      knowledge or permission. You might be the target of spyware if you download music from file-sharing
      programs, free games from sites you know nothing about, or other software from an unknown source. If
      your computer suddenly begins to display hundreds of pop-up ads or if your start page changes without
      your knowledge, you may be the victim of spyware.

      Use a program such as AdAware, SpyBot Search & Destroy, or Microsoft AntiSpyware to remove
      unwanted Spyware.

4.    Get and Use a personal firewall - Stop network-based hacks by installing or activating the firewall that
      comes with Windows XP and Vista operating systems.

5.    Keep your system locked away - Always make sure your office or room is locked when leaving for long
      periods. If you have a laptop, stash it somewhere out of sight or take it with you when you go. Don't fall
      prey to theft.

6.    Don't let others use your system - If you use your computer for work or study, then it is a tool - an
      important tool. Letting a friend, child or relative access your system can only spell trouble.

7.    Log out of applications and computers - When you are finished using an application or your computer,
      logging out or shutting down the computer will help prevent unauthorized access. This is especially
      important on public terminals such as those in the Library or in Computer Labs where someone can gain
      access to your account if you do not log out.

8.    Prevent sharing of files from your hard disk - Your hard disk may be wide open to those who'd like to
      use it as a server by allowing any files on it, including those they have placed there, to be accessible over
      the Internet. This includes traditional network shares as well as peer-to-peer file sharing programs.

                                   A Guide for Safe Computing      |       Computing and Communication Services - Ryerson University     2
                                                                CCS Help Desk                             CCS Reception
     CCS                                                        416-979-5000 ext. 6806                    LIB-B99
     COMPUTING AND COMMUNICATIONS SERVICES                                       350 Victoria Street, Toronto

Protect Your Data:

1.    Save your work frequently – Sometimes you've spent hours creating work that could come to a sudden
      end if your system lost power or the program you use experienced a crash. Many programs have auto-
      save features, use it.

2.    Backup your data – People that have access to a personal network drive - use it! Copy any important
      files you have on your system to it for redundancy. For added protection, save all data you create to your
      personal network drive. Make copies on a removable hard drive, diskette, CDROM or a personal USB
      device and store these off-site or in a secured area. Keep your archives updated. This will help prevent
      data loss if your computer is attacked by a virus or trojan,

Protect Your Privacy:

1.    Never share out your account - Your computer account is your identity. Sharing your account is no
      different than handing your house keys to a stranger - anything can happen and often always
      does! Remember that you are responsible for your computer/network account and whatever activities are
      generated by that account.

2.    Use different passwords for different accounts - If one of your accounts becomes compromised, you
      can minimize the exposure to other accounts by having unique passwords for each one.

3.    Use strong passwords

             a) Be creative;
             b) Do not use simple, obvious or predictable passwords such as names or nicknames of people,
                pets, places, or personal information that can be easily found out, such as your address,
                birthday, or hobbies;
             c) Do not use any word found in any dictionary;
             d) Use a minimum of 8 characters that includes a mixture of uppercase and lowercase letters,
                numbers, and special characters;
             e) Protect your security codes and passwords;
             f) Do not share your passwords with anyone;
             g) Do not write down your passwords or store them on your computer;
             h) Always change the password provided by a vendor or other system provider;
             i)   Change your password frequently;
             j)   If you think your password has been compromised, change it immediately;
             k) Do not reuse your previous passwords

                                   A Guide for Safe Computing      |       Computing and Communication Services - Ryerson University     3
                                                                CCS Help Desk                             CCS Reception
     CCS                                                        416-979-5000 ext. 6806                    LIB-B99
     COMPUTING AND COMMUNICATIONS SERVICES                                       350 Victoria Street, Toronto

4.    Choose secure options when accessing online services - When accessing network or Internet
      services where you must enter personal or confidential information (password, account info), make sure
      you select secure methods. Use Secure Shell (SSH) rather than Telnet or FTP and Secure HTTP (HTTPS)
      for web-based transactions.

5.    Protect yourself from Identity Theft - You cannot assume you are immune to identity theft -- one of the
      fastest growing consumer crimes in the nation. Identity thieves do not steal your money; they steal your
      name and reputation and use them for their own financial gain. Identity theft literally steals who you are,
      and it can seriously jeopardize your financial future. See point #1 under Trust No One!”

Trust No One!

1.    Always question E-Mail from organizations requesting personal information - E-Mail coming from
      banks or online services requesting account information. Never fill out forms in E-Mail and always access
      the online service by manually typing the URL in your web browser.

2.    Always suspect notices telling you to delete files on your system - Most of the time it’s a
      hoax. Never delete files from your local system unless you know exactly what they do.

3.    Never install software from an unknown website or company - Software you download for free often
      has Spyware and Adware embedded in them. Programs requiring you to register may sell your name to
      spammers or other ad companies. Nowadays, the term "free" has many hidden dangers!

4.    Never assume the media you receive is free of viruses - Scan all media (diskette, CDROM, USB)
      before using the data on them.

5.    Protect your privacy online - When sitting at your computer surfing the net, sending electronic mail
      messages, and participating in online forums, it is easy to be lulled into thinking that your activities are
      private. You should be aware that at any step along the way your online messages can be intercepted and
      your activities monitored in the untamed world of cyberspace. Educate yourself on the risks as well as the
      measures you can take to protect yourself online.

Visit the following web pages to learn more about protecting your privacy online.

Office of Privacy Commissioner of Canada

Microsoft: Maintain Your Privacy

                                   A Guide for Safe Computing      |       Computing and Communication Services - Ryerson University     4

Shared By: