Best Practice

Online Safety

Online Safety

Everyone connected to the Internet is a potential target. Use of anti-virus and firewall software is critical in protecting your computer online; however, simply protecting your computer is not enough. 

Web Browsers

Cyber criminals often target vulnerabilities in web browsers. Because Internet Explorer is the web browser used by most people, it has become a primary target. Using a different browser can reduce your risk while on the web. The table below lists alternative browsers:

Browser

Operating System

License

Firefox

Mac, Windows, Linux

Free (open source)

Chrome

Mac, Windows, Linux

Free

Opera

Mac, Windows, Linux

Free

Safari

Mac OS X

Free

Configure Settings

Changing the default security settings can help protect you while browsing.  Learn more here.

Update Regularly

It is important to keep your browser up-to-date on security patches. This can typically be done from within the browser, or directly from the vendor’s website. Check for updates at least monthly.

Note: If you use Internet Explorer with RIT Oracle Applications, you may not be able to use the newest versions of Internet Explorer are not certified for compatibility with Oracle at this time.

Use Limited Account Privileges

Learn more here.

Be Smart With What you Do Online

View our pages on Social Networking and Online Banking/Shopping.  Also look for posts on our blog about identity theft, online banking, and scams. 

Wireless Networking

Wireless Networking

Wireless logo

Wireless networks are generally considered to be less secure than wired networks; however, with proper configuration and encryption enabled, they can provide more than adequate security for most users. Read our Accessing Wireless Networks Safely Brochure to learn more and better protect your privacy.

Wireless at RIT

RIT offers three different wireless networks across campus: an open public network, an encrypted WPA network, and an encrypted WPA2 network. We strongly recommend using the WPA2 or WPA network at all times, as they provide much better quality and security for users. WPA2 is the preferred protocol, as it offers the best security.

The WPA and WPA2 network signals are not broadcast publicly, so your computer will not automatically detect them. ITS provides instructions on How to Access RIT’s WPA Wireless Network.

More information on wireless networking at RIT can be found on the ITS Wireless Computing at RIT page.

Residential Networking

Please note that the use of wireless network routers is not permitted in residential areas on campus. Use of wired routers is acceptable; however, you should read and comply with Resnet’s guide to Using a Router on the RIT Network prior to setup.

Wireless at Home 

Without a secure configuration, your wireless network is open to anyone within range of the access point (typically anywhere from 100-1000 feet). Anyone in your area can "piggyback" on your connection and use your Internet, which can lead to a number of problems such as service violations, bandwidth shortages, abuse, activity monitoring, or direct attacks to your computer.

Best Practices for Home Wireless Networks

  • Change Your Default SSID and Administrator Password (See About.com for overview, but process varies by manufacturer)
  • Disable SSID Broadcasting 
  • Enable WPA Encryption
  • Enable MAC Address Filtering (See About.com for overview, but process varies by manufacturer)
  • Keep Your Access Point Software Up-To-Date with Patches
  • Use Your Router's Built-in Firewall
  • Use File Sharing with Caution

Public Wireless Networks

Many public access points are not secured, and the traffic they carry is not encrypted. This puts your sensitive communications and transactions at risk. Because your connection is being transmitted "in the clear," malicious users can use sniffing tools, "shoulder surfing," or other methods to obtain information including passwords, bank account numbers, unauthorized computer access, and credit card numbers quite easily.

Best Practices for Public Wireless Networks

  • Avoiding Sending Sensitive Information (such as online banking, shopping, etc..) over a Wireless Network
  • Stay on Secure Websites (look for HTTPS and lock icon)
  • Encrypt Your Traffic
  • Connect Using VPN (Virtual Private Networking)
  • Disable File Sharing
  • Be Aware of Your Surroundings
 

 

Virtual Private Networks

Virtual Private Networks

A Virtual Private Network (VPN) is a technology that allows for secure transmissions across the Internet between two networks by using a secure "virtual tunnel." Without using VPN, data (including passwords and confidential information) transmitted via the Internet is exposed and can be intercepted by third parties.

VPN should always be used to access RIT resources that are normally unavailable to users outside of the wired Institute network (such as department-specific services and network shares). This means that unless you are at a wired machine on campus, you must connect to the Institute network using VPN if you wish to access any private intranet resources. Your supervisor will notify you if the systems you work with require VPN.

VPN must be used when accessing RIT Confidential information on the Institute network from a remote location.

Visit the ITS VPN site to download the VPN software and find instructions and additional documentation.

 

Security Assessment Tools

Security Assessment Tools

The following tools should be used in combination to conduct security assessments.













Tool

Description

Rapid 7 Nexpose (RIT Enterprise Licensed by ISO)

Unified vulnerability management enterprise solution

Nessus

Network Vulnerability Scanner

CIS Score

Security Consensus Operational Readiness Evaluation provides various security checklists.

Secunia Vulnerability Scanners

Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.

Microsoft Baseline Security Analyzer (MBSA)

MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Nipper

Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.

Scrawlr

HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

Core Impact

Penetration testing software

Qualys

Provides a suite of tools for:

  • Vulnerability Management
  • Policy Compliance
  • PCI Compliance
  • Web Application Scanning

NMAP

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.

BidiBlah

The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools

 

Host Intrusion Prevention (RIT-owned/leased computers only)

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop and server intrusion prevention (Windows) (ISO-tested)

Bit9

Application whitelisting (Windows) (non ISO-tested)

Cimcor

Protects against unauthorized changes (Server and Network) (non ISO-tested)

Tripwire (commercial version)

Configuration assessment and change auditing (Desktops and Servers; VMware coming) (non ISO-tested)

Desktop

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop intrusion prevention (Windows) (ISO-tested)

Comodo

Internet Security Suite (ISO-tested)

Online Armor - Tall - Emu

Firewall (ISO-tested)

E-mail us at infosec@rit.edu if you have any questions or suggestions.

Pages

Subscribe to RSS - Best Practice