Desktop

Securing Your Computer

Securing Your Computer

This section provides information about all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. The software on this page is intended for use by students, faculty, and staff at RIT. Inexperienced/non-technical users may want to check out our Digital Self Defense 101 Workshop, which explains the dangers of the Internet and RIT security requirements in greater detail.

Note: You do not have to use the specific software listed on this page. However, you should meet the requirements of the Desktop and Portable Computer Standard for your computer

Anti-Virus

RIT has licensed McAfee VirusScan software (available on the ITS Security & Virus Protection website) for use by students, faculty, and staff on  personally-owned computers. RIT-owned Windows computers will receive McAfee HIPS (Host Intrusion Prevention Software).

It is not necessary to use this particular anti-virus; if you prefer, you may use any of the following products.

Product

License
Company

ClamAV (Linux)

Free for personal use

Open Source

ClamXAV2 (Mac)

Free for personal use

Open Source

Norton Anti-Virus

One year paid subscription

Symantec

Trend Micro Anti-Virus

One year paid subscription

Trend Micro

avast! Anti-Virus

Free for personal use

ALWIL Software

AVG Anti-Virus

Free for personal use

Grisoft

Anti-Spyware

This should already be built into current anti-virus software.  A separate program is not needed.

Firewalls

Windows 7, Vista, XP, and Mac OS X all come with built-in firewalls; Resnet provides instructions on how to configure these built-in firewalls. If you do not want to use this firewall, RIT recommends the basic ZoneAlarm free firewall for Windows users Other firewall options may be provided by your Internet Service Provider. 

Patching/Updating

Regardless of what operating system you run, it should be up-to-date on all security patches; the easiest way to do this is to turn on the automatic update feature. Learn how to enable automatic updates for Windows and keep your Mac up-to-date automatically

Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on security patches.

Software Applications should also be kept up-to-date. This can usually be done from within the program itself or through the vendor's website; some programs have an automatic update feature. Use the links below to find updates for Microsoft, Apple, and Adobe software.

ISO-Approved Private Information Management Software

  • Identify Finder (Windows, Mac)
  • Cornell Spider (Linux only)

Requirements for Faculty/Staff

Requirements for Faculty and Staff

Security Standards

Standard

When does it apply?

Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always
Computer Incident Handling Standard Always
Portable Media Standard If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory. If you must store Private information on portable media, the media must be encrypted.
Web Security Standard
If you have a web page at RIT, official or unofficial, and you:
  • Own, administer, or maintain an official RIT web page that hosts or provides access to Private or Confidential Information.
  • Use RIT authentication services
Signature Standard If you are sending out an e-mail, MyCourses, or Message Center communication relating to Institute academic or business purposes. This applies to both RIT and non-RIT e-mail accounts.
Server Security Standard If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it.
Network Security Standard
If you own or manage a device that:
  • Connects to the centrally-managed Institute network infrastructure
  • Processes RIT Confidential or Operationally Critical information
Account Management
  • If you create or maintain RIT computer and network accounts.
  • Managers reporting changes in access privileges/job changes of employees.
Solutions Life Cycle Management
RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:
  • Host or provide access to Private or Confidential information
  • Support a Critical Business Process
Disaster Recovery

For business continuity and disaster recovery.  Applies to any RIT process/function owners and organizations who use RIT information resources.

NOTE The “in compliance by” date for this standard is January 23, 2016.
Authentication Service Provider Standard

If you are providing authentication services on network resources owned or leased by RIT.

NOTE The Authentication Service Provider Standard will retire on January 23, 2015 and be replaced by the Account Management Standard.

All instances of non-compliance with published standards must be documented through the exception process.

Information Handling Quick Links

Link Overview
Digital Self Defense 103 - Information Handling Covers important security issues at RIT and best practices for handling information safely.
Disposal Recommendations How to safely dispose of various types of media to ensure RIT Confidential information is destroyed.
Recommended and Acceptable Portable Media List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory).
Mobile Device Usage Recommendations Recommendations for mobile device usage at RIT
VPN Recommended for wireless access to RIT Confidential information.
E-mail at RIT Improve the security of your e-mail at RIT.

Safe Practices

  • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

Questions

If you have questions or feedback about specific information security requirements, please contact us.

Requirements for Students

Requirements for Students

 

Standard
When does it apply?

Desktop and Portable Computer Standard

Always

Password Standard

Always

Signature Standard

Always - All authentic RIT communications should include an appropriate signature as per the standard. Make it a habit to check for an authentic signature when receiving messages from RIT.

Web Security Standard

If you have a web page at RIT, official or unofficial, and you:
  • Host or provide access to Confidential information. If you’re hosting or providing access to Private information, contact us at infosec@rit.edu immediately. Private or confidential information is defined in the Information Access and Protection Standard.
  • Use RIT authentication services

Computer Incident Handling Standard

If the affected computer or device:
  • Contains Private or Confidential information
  • Poses a threat to the Institute network

Network Security Standard

If you own or manage a device that:
  • Connects to the centrally-managed Institute network infrastructure
  • Processes Confidential information. If you’re providing access to Private information, contact us at infosec@rit.edu immediately.

Portable Media Standard

If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory.

Networking Devices

  • Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

Safe Practices

  • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

Questions

If you have questions or feedback about specific information security requirements, please contact us.

Forms, Checklists, and Templates

Forms, Checklists, and Templates

Many forms and checklists below are provided as Adobe PDF Fill-in forms and can be filled in and printed from Acrobat Reader. 

NOTE: these forms may contain Javascript. If you need a different format, please contact the RIT Information Security Office at Infosec@rit.edu or call 585-475-4123.

Form Name

Use

Exception Request Form

To request an exception from an RIT Security Standard (PDF Fill-In form)

Non Disclosure Agreement (NDA)

Optional NDA used at department discretion

RIT Systems Support Personnel Non Disclosure Agreement

Required for all systems support personnel

 

Checklist Name

Use

Desktop and Portable Computer Checklist General User

Compliance checklist for use by self-supported faculty, staff, and students.

Desktop and Portable Computer Checklist ITS-Supported Users Compliance checklist for use by ITS-supported faculty, staff, and students. (1/23/13)

Desktop and Portable Computer Checklist Systems Support

Systems support personnel compliance checklist for computers they support.

Server Security Checklist

Compliance checklist for use with the Server Security Standard

Network Security Checklist

Compliance checklist for use with the Network Security Standard

Web Standard Compliance Checklist

Compliance checklist for use with the Web Security Standard

Account Management Checklist (coming soon) Compliance checklist for use with the Account Management Standard

 

Template Name

Use

MSWord RIT Confidential Template

For general marking of Confidential Information

MSWord RIT Internal Use Only Template

For general marking of Internal Information

Information Access and Protection Inventory Template (MS Excel)

For department use in creating an information inventory for Information Access and Protection.

 

Host Intrusion Prevention (RIT-owned/leased computers only)

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop and server intrusion prevention (Windows) (ISO-tested)

Bit9

Application whitelisting (Windows) (non ISO-tested)

Cimcor

Protects against unauthorized changes (Server and Network) (non ISO-tested)

Tripwire (commercial version)

Configuration assessment and change auditing (Desktops and Servers; VMware coming) (non ISO-tested)

Desktop

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop intrusion prevention (Windows) (ISO-tested)

Comodo

Internet Security Suite (ISO-tested)

Online Armor - Tall - Emu

Firewall (ISO-tested)

E-mail us at infosec@rit.edu if you have any questions or suggestions.

Pages

Subscribe to RSS - Desktop