DSD

Securing Your Computer

Securing Your Computer

This section provides information about all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. The software on this page is intended for use by students, faculty, and staff at RIT. Inexperienced/non-technical users may want to check out our Digital Self Defense 101 Workshop, which explains the dangers of the Internet and RIT security requirements in greater detail.

Note: You do not have to use the specific software listed on this page. However, you should meet the requirements of the Desktop and Portable Computer Standard for your computer

Anti-Virus

RIT has licensed McAfee VirusScan software (available on the ITS Security & Virus Protection website) for use by students, faculty, and staff on  personally-owned computers. RIT-owned Windows computers will receive McAfee HIPS (Host Intrusion Prevention Software).

It is not necessary to use this particular anti-virus; if you prefer, you may use any of the following products.

Product

License
Company

ClamAV (Linux)

Free for personal use

Open Source

ClamXAV2 (Mac)

Free for personal use

Open Source

Norton Anti-Virus

One year paid subscription

Symantec

Trend Micro Anti-Virus

One year paid subscription

Trend Micro

avast! Anti-Virus

Free for personal use

ALWIL Software

AVG Anti-Virus

Free for personal use

Grisoft

Anti-Spyware

This should already be built into current anti-virus software.  A separate program is not needed.

Firewalls

Windows 7, Vista, XP, and Mac OS X all come with built-in firewalls; Resnet provides instructions on how to configure these built-in firewalls. If you do not want to use this firewall, RIT recommends the basic ZoneAlarm free firewall for Windows users Other firewall options may be provided by your Internet Service Provider. 

Patching/Updating

Regardless of what operating system you run, it should be up-to-date on all security patches; the easiest way to do this is to turn on the automatic update feature. Learn how to enable automatic updates for Windows and keep your Mac up-to-date automatically

Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on security patches.

Software Applications should also be kept up-to-date. This can usually be done from within the program itself or through the vendor's website; some programs have an automatic update feature. Use the links below to find updates for Microsoft, Apple, and Adobe software.

ISO-Approved Private Information Management Software

  • Identify Finder (Windows, Mac)
  • Cornell Spider (Linux only)

October is Cyber Security Awareness Month!

October is Cyber Security Awareness Month!  

This year is the 11th anniversary of National Cyber Security Awareness Month, a collaborative effort created between government and industry to guarantee everyone has the resources needed to stay safe online.

The online world has become a very important part of our everyday life. We work, learn, plan and play online all through the day and the actions that we take, whether we are connected to the Internet or not, often impact the whole online community. The campaign refers to Cybersecurity as “the mechanism that maximized our ability to grow commerce, communications, community and content in a connected world.”

The Internet is a resource that we all share. Everyone has the responsibility of securing the networks they use, as well as their portion of the cyberspace; it is also a shared responsibility to take actions to ensure cyber security and to promote these actions. If we each make an effort to guarantee the safety of the Internet, it will have a positive impact for everyone.

This October, the RIT Information Security Office encourages you to review your online safety practices, take precautions and spread the word! Help others understand the consequences of their actions and behaviors online, so that they too can enjoy the Internet safely. Cyber security is a matter that affects everyone. Do your part to make cyberspace safer!

This year, RIT is again a proud champion of NCSAM, and as a part of our shared responsibility to promote online safety for everyone, we share with you the 2014 National Cyber Security Awareness Campaign STOP.THINK.CONNECT, that is dedicated to promoting cybersecurity practices for everyone.

       

      Practice digital self-defense: protect yourself and everyone else by following these simple tips: 

       

      Keep a Clean Machine.

      • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
      • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an option available. 
      • Protect all devices that connect to the Internet: Smart phones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
      • Plug & scan: USB sticks and other external devices can be infected by viruses and malware. Use your security software to scan them.

      Protect Your Personal Information.

      • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer two-factor authentication, an additional way for you to verify who you are before you conduct business on that site.
      • Use a passphrase: Create a passphrase by choosing a short phrase, changing the capitalization of some of the letters, replacing some with numerical and symbolic substitutions and purposefully misspelling or abbreviating some words. For more information on how to create a secure password go to Creating Strong Passwords.
      • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
      • Write it down and keep it safe: Everyone can forget a password. Use a password safe such as LastPass to store your passwords.
      • Own your online presence: When available, set the privacy and security settings on social media to your comfort level for information sharing. It’s ok to limit how and with whom you share information.

      Connect with Care.

      • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
      • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
      • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

      Be Web Wise.

      • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
      • Think before you act: Be wary of communications that urge you to act immediately, offers something that sounds too good to be true, or asks for personal information.
      • Back it up: Protect your valuable work, music, photos, and other digital information by making a digital copy and storing it safely.

      Be a Good Online Citizen.

      • Safer for me means more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
      • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to http://www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file‐complaint.

       

      Go to Best Practices and visit http://www.stopthinkconnect.org for more tips and information.

      RIT is a proud champion of NCSAM

       

      Requirements for Faculty/Staff

      Requirements for Faculty and Staff

      Security Standards

      Standard

      When does it apply?

      Desktop and Portable Computer Standard Always
      Password Standard Always
      Information Access & Protection Standard Always
      Computer Incident Handling Standard Always
      Portable Media Standard If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory. If you must store Private information on portable media, the media must be encrypted.
      Web Security Standard
      If you have a web page at RIT, official or unofficial, and you:
      • Own, administer, or maintain an official RIT web page that hosts or provides access to Private or Confidential Information.
      • Use RIT authentication services
      Signature Standard If you are sending out an e-mail, MyCourses, or Message Center communication relating to Institute academic or business purposes. This applies to both RIT and non-RIT e-mail accounts.
      Server Security Standard If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it.
      Network Security Standard
      If you own or manage a device that:
      • Connects to the centrally-managed Institute network infrastructure
      • Processes RIT Confidential or Operationally Critical information
      Account Management
      • If you create or maintain RIT computer and network accounts.
      • Managers reporting changes in access privileges/job changes of employees.
      Solutions Life Cycle Management
      RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:
      • Host or provide access to Private or Confidential information
      • Support a Critical Business Process
      Disaster Recovery

      For business continuity and disaster recovery.  Applies to any RIT process/function owners and organizations who use RIT information resources.

      NOTE The “in compliance by” date for this standard is January 23, 2016.
      Authentication Service Provider Standard

      If you are providing authentication services on network resources owned or leased by RIT.

      NOTE The Authentication Service Provider Standard will retire on January 23, 2015 and be replaced by the Account Management Standard.

      All instances of non-compliance with published standards must be documented through the exception process.

      Information Handling Quick Links

      Link Overview
      Digital Self Defense 103 - Information Handling Covers important security issues at RIT and best practices for handling information safely.
      Disposal Recommendations How to safely dispose of various types of media to ensure RIT Confidential information is destroyed.
      Recommended and Acceptable Portable Media List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory).
      Mobile Device Usage Recommendations Recommendations for mobile device usage at RIT
      VPN Recommended for wireless access to RIT Confidential information.
      E-mail at RIT Improve the security of your e-mail at RIT.

      Safe Practices

      • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

      Questions

      If you have questions or feedback about specific information security requirements, please contact us.

      Online Safety

      Online Safety

      Everyone connected to the Internet is a potential target. Use of anti-virus and firewall software is critical in protecting your computer online; however, simply protecting your computer is not enough. 

      Web Browsers

      Cyber criminals often target vulnerabilities in web browsers. Because Internet Explorer is the web browser used by most people, it has become a primary target. Using a different browser can reduce your risk while on the web. The table below lists alternative browsers:

      Browser

      Operating System

      License

      Firefox

      Mac, Windows, Linux

      Free (open source)

      Chrome

      Mac, Windows, Linux

      Free

      Opera

      Mac, Windows, Linux

      Free

      Safari

      Mac OS X

      Free

      Configure Settings

      Changing the default security settings can help protect you while browsing.  Learn more here.

      Update Regularly

      It is important to keep your browser up-to-date on security patches. This can typically be done from within the browser, or directly from the vendor’s website. Check for updates at least monthly.

      Note: If you use Internet Explorer with RIT Oracle Applications, you may not be able to use the newest versions of Internet Explorer are not certified for compatibility with Oracle at this time.

      Use Limited Account Privileges

      Learn more here.

      Be Smart With What you Do Online

      View our pages on Social Networking and Online Banking/Shopping.  Also look for posts on our blog about identity theft, online banking, and scams. 

      E-mail at RIT

      E-mail at RIT

      E-mail is a standard communication tool. Unfortunately, it is also an ideal channel for social engineering and phishing attempts; protect yourself and your information.

      Managing Your RIT E-mail

      Visit the ITS E-mail Services page for RIT e-mail account set-up and usage resources.

      E-mail Signatures

      RIT requires all communications relating to Institute academic or business purposes to be signed with an appropriate signature. This includes e-mails from both RIT and non-RIT accounts, as well as MyCourses and Message Center communications. For more information on the new requirements, visit our Signature Standard web page.

      RIT Confidential Information in E-mail

      When sending RIT Confidential information through e-mail, the subject line of the e-mail must state that the information is RIT Confidential, and must reference the subject. For example:

      From: RIT Employee A
      Sent: Monday, February 11, 2008 10:05 AM
      To: RIT Employee B
      Subject: RIT Confidential - Performance Review
      Signed By: employeeA @rit.edu

      Body of e-mail...........

      CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

      Pages

      Subscribe to RSS - DSD