A Virtual Private Network (VPN) is a technology that allows for secure transmissions across the Internet between two networks by using a secure "virtual tunnel." Without using VPN, data (including passwords and confidential information) transmitted via the Internet is exposed and can be intercepted by third parties.
VPN should always be used to access RIT resources that are normally unavailable to users outside of the wired Institute network (such as department-specific services and network shares). This means that unless you are at a wired machine on campus, you must connect to the Institute network using VPN if you wish to access any private intranet resources. Your supervisor will notify you if the systems you work with require VPN.
VPN must be used when accessing RIT Confidential information on the Institute network from a remote location.
Visit the ITS VPN site to download the VPN software and find instructions and additional documentation.
RIT requires all communications relating to Institute academic or business purposes to be signed with an appropriate signature. This includes e-mails from both RIT and non-RIT accounts, as well as MyCourses and Message Center communications. For more information on the new requirements, visit our Signature Standard web page.
RIT Confidential Information in E-mail
When sending RIT Confidential information through e-mail, the subject line of the e-mail must state that the information is RIT Confidential, and must reference the subject. For example:
From: RIT Employee A Sent: Monday, February 11, 2008 10:05 AM To: RIT Employee B Subject:RIT Confidential - Performance Review Signed By: employeeA @rit.edu
Body of e-mail...........
CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.
Social networks are great. They do present some security challenges and risks, however.
This guide describes the dangers you face as a user of these websites, and provides tips on the safe use of social networking and blogging services.
Dangers of Social Networking
Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes. Below is a short list of users who may be using the same sites as you:
Online criminals only need a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. The large numbers of people that use these sites also attract many online scammers.
Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it be breaking in while you're gone, or attacking you while you're out. Don't make it easy for the Facebook Stalker to find you!
Employers More and more employers are beginning to investigate applicants and current employees through social networking sites and/or search engines. What you post online may put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or stupid.
Protecting Your Information - Safe Practices
Keeping your information out of the wrong hands can be fairly easy if you adopt a cautious attitude. Here are some tips to make sure your private information stays private.
Don't Post Personal Information Online!
It's the easiest way to keep your information private. Don't post your full birth date, your address, phone numbers, etc. Don't hesitate to ask friends to remove embarrassing or sensitive information about you from their posts either.
Use Built-In Privacy Settings
Most social networking sites offer various ways in which you can restrict public access to your profile, such only allowing your "friends" to view your profile. Of course, this only works if you only allow a few people to see your postings-if you have 10,000 "friends" your privacy won't be very well protected. Your best bet is to disable all the extra options, and re-enable only the ones you know you'll use. Sophos provides Recommended Facebook Privacy Settings. These best practices can be applied to any social networking or blogging website.
Be wary of others
Most sites do not have a rigorous process to verify identity of members so always be cautious when dealing with unfamiliar people online.
Search for yourself
Find out what information other people have easy access to. Put your name into Google (make sure to use quotes around your name). Try searching for your nicknames, phone numbers, and addresses as well-you might be surprised at what you find. Many blogging sites have instructions on how to exclude your posts from appearing in search engine results using something called a "robots text file." More information can be found here.
What Happens on the Web, Stays on the Web
Before posting anything online, remember the maxim "what happens on the web, stays on the web." Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So be safe and think twice about anything you post online.