Information

Safe Social Networking and Blogging

Safe Social Networking and Blogging

Social networks are great. They do present some security challenges and risks, however.

This guide describes the dangers you face as a user of these websites, and provides tips on the safe use of social networking and blogging services.

Dangers of Social Networking

Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes. Below is a short list of users who may be using the same sites as you:

Identity Thieves
Online criminals only need a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. The large numbers of people that use these sites also attract many online scammers.

Online Predators
Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it be breaking in while you're gone, or attacking you while you're out. Don't make it easy for the Facebook Stalker to find you!

Employers
More and more employers are beginning to investigate applicants and current employees through social networking sites and/or search engines. What you post online may put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or stupid.

Protecting Your Information - Safe Practices

Keeping your information out of the wrong hands can be fairly easy if you adopt a cautious attitude. Here are some tips to make sure your private information stays private.

Don't Post Personal Information Online!
It's the easiest way to keep your information private. Don't post your full birth date, your address, phone numbers, etc. Don't hesitate to ask friends to remove embarrassing or sensitive information about you from their posts either.

Use Built-In Privacy Settings
Most social networking sites offer various ways in which you can restrict public access to your profile, such only allowing your "friends" to view your profile. Of course, this only works if you only allow a few people to see your postings-if you have 10,000 "friends" your privacy won't be very well protected. Your best bet is to disable all the extra options, and re-enable only the ones you know you'll use. Sophos provides Recommended Facebook Privacy Settings. These best practices can be applied to any social networking or blogging website.

Be wary of others
Most sites do not have a rigorous process to verify identity of members so always be cautious when dealing with unfamiliar people online.

Search for yourself
Find out what information other people have easy access to. Put your name into Google (make sure to use quotes around your name). Try searching for your nicknames, phone numbers, and addresses as well-you might be surprised at what you find. Many blogging sites have instructions on how to exclude your posts from appearing in search engine results using something called a "robots text file." More information can be found here.

What Happens on the Web, Stays on the Web

Before posting anything online, remember the maxim "what happens on the web, stays on the web." Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So be safe and think twice about anything you post online.

Find out more about how information security affects you by becoming a Fan of the RIT Information Security Facebook page. Follow us on Twitter for updates on current security threats.

 

Media Disposal Recommendations

Media Disposal Recommendations

Media

Disposal Method

Paper

Use a shredder. Crosscut is preferred over a strip shredder.

CD, DVD, diskette, etc.

Use the media shredder (located at the ITS HelpDesk, 7B-1113).

Hard Drives

If the hard drive is to be reused, contact your support organization for recommendations for secure erasure.

If the hard drive is damaged or will not be reused, render the hard drive unreadable by using the degausser (located at the ITS HelpDesk, 7B-1113).

Tapes

Use the degausser (located at the ITS HelpDesk, 7B-1113).

Other

Use an industry standard means of secure disposal.

 

 

Printer Best Practices

Printer Best Practices

Printers often handle RIT Confidential information, but they can easily be overlooked when securing a network. Use the following best practices to secure any printers you support.

  • Update the firmware
  • Assign a password for web access to the printer
  • Change the SNMP community strings (these are the equivalent of printer "passwords." "Public" and "private" are the defaults and are widely known)
  • Disable any unused protocols (Do you really need Novell IPX enabled, etc?)
  • If possible, change the default TCP port from 9100 to another port number (Specific exploits target the default port and may cause the printers to print blank pages. However, some printers may not be capable of changing this port number)
  • If you have a firewall in front of your printers, only allow trusted IP’s (i.e. print server, etc.) to talk directly to the printer
  • Disable FTP or assign a password
  • If the printer is only used for on-campus printing, consider changing it to a private net 10 IP address. (This is a good security measure to prevent malicious attacks from the Internet. If you need assistance enabling this, contact ITS HelpDesk.)
 

E-mail us at infosec@rit.edu if you have any questions or suggestions.

 

Keeping Safe

Keeping Safe: Guidelines and Best Practices

Not sure how to keep yourself, your information, and your devices safe? Click on the headings below for best practices, resources, and more; also be sure to check out our blog for more specific content, answers to your information security questions, and best practices guides!

Subject Area

Comments

Securing your Computer

Free downloads and instructions to support the Desktop and Portable Computer Standard.

Mobile Devices

Learn how to safely use mobile devices when dealing with Private Information or everyday use.

Phishing

Learn how to recognize these common online scams.

Safe Blogging and Social Networking

Is a potential employer reading? Learn how much information is too much and how to protect yourself on social networking sites.

Wireless Networking

Learn about wireless networking at RIT, at home, and on public networks; and the potential dangers you face.

Web Browsing Safely

Learn about the different web browsers available, add-ons that can improve security, and how to browse using limited account privileges.

Identity Theft

Did you know that people aged 18-29 are five times more likely to be victims of identity theft than those 60 or older?

Instant Messaging

Tips on how to avoid malware and scams through instant messaging.

Safe Online Shopping and Banking

How to use these popular online services securely.

Digital Copyright

Are you aware that the Recording Industry Association of America (RIAA) and MPAA (Motion Picture Association of America) files copyright violations and has sued students at RIT? Visit the ITS Digital Copyright page to learn more about copyright violations at RIT and how they are handled.
Browser Security Configuration Outlines how to configure various security settings for common browsers.
Cloud Computing Information on secure cloud service use.

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongyly discourage placing Private Information on portable media.

 

Approved Portable Media (updated 6/20/2013)

When handling RIT Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security Office requires 128-bit or 256-bit AES encryption).

USB Memory/flash drives

Recommended
  • IronKey
  • Stealth MXP™ (biometric capable)
  • Stealth MXP™ Passport
  • Apricorn Aegis Secure Key
  • Imation Defender F200 Biometric
Acceptable
  • Lexar JumpDrive Lightning
  • Lexar JumpDrive Secure 2 Plus
  • Kanguru Defender
  • Kanguru Defender Pro
  • Kanguru Defender 2000
  • Kanguru Bio AES
  • KanguruMicro Drive AES
  • Kingston Data Traveler BlackBox
  • Kingston Data Traveler Vault – Privacy Edition
  • McAfee Zero-footprint Bio FIPS
  • SanDisk Cruzer Enterprise
Secure Option for External Backups
  • MXI Outbacker MXP Bio (External HDD)
  • Apricorn Aegis Padlock Pro
Additional Solutions

TrueCrypt Software using AES (An additional option is to use XTS cascade mode - AES-XTS, Serpent-XTS, TwoFish-XTS. Cascading is optional in any combination.)

Unacceptable

USB memory that doesn't include encryption

Encryption of CD’s, DVD’s, Removable Hard Drives, and Other Portable Media

Please contact Paul Lepkowski, RIT Security Engineer, for recommended encryption methods.

3rd Party Encryption Products

The RIT Information Security Office requires 128-bit or 256-bit AES encryption to protect RIT Confidential information when transferred or stored on portable media.

Media Disposal Recommendations

Media

Disposal Method

Paper

Use a shredder. Crosscut is preferred over a strip shredder.

CD, DVD, diskette, etc.

Use the media shredder (located at the ITS HelpDesk, 7B-1113).

Hard Drives

If the hard drive is to be reused, contact your support organization for recommendations for secure erasure.

If the hard drive is damaged or will not be reused, render the hard drive unreadable by using the degausser (located at the ITS HelpDesk, 7B-1113).

Tapes

Use the degausser (located at the ITS HelpDesk, 7B-1113).

Other

Use an industry standard means of secure disposal.

 

Pages

Subscribe to RSS - Information