Network

Virtual Private Networks

Virtual Private Networks

A Virtual Private Network (VPN) is a technology that allows for secure transmissions across the Internet between two networks by using a secure "virtual tunnel." Without using VPN, data (including passwords and confidential information) transmitted via the Internet is exposed and can be intercepted by third parties.

VPN should always be used to access RIT resources that are normally unavailable to users outside of the wired Institute network (such as department-specific services and network shares). This means that unless you are at a wired machine on campus, you must connect to the Institute network using VPN if you wish to access any private intranet resources. Your supervisor will notify you if the systems you work with require VPN.

VPN must be used when accessing RIT Confidential information on the Institute network from a remote location.

Visit the ITS VPN site to download the VPN software and find instructions and additional documentation.

 

Security Assessment Tools

Security Assessment Tools

The following tools should be used in combination to conduct security assessments.













Tool

Description

Rapid 7 Nexpose (RIT Enterprise Licensed by ISO)

Unified vulnerability management enterprise solution

Nessus

Network Vulnerability Scanner

CIS Score

Security Consensus Operational Readiness Evaluation provides various security checklists.

Secunia Vulnerability Scanners

Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.

Microsoft Baseline Security Analyzer (MBSA)

MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Nipper

Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.

Scrawlr

HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

Core Impact

Penetration testing software

Qualys

Provides a suite of tools for:

  • Vulnerability Management
  • Policy Compliance
  • PCI Compliance
  • Web Application Scanning

NMAP

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.

BidiBlah

The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools

 

Printer Best Practices

Printer Best Practices

Printers often handle RIT Confidential information, but they can easily be overlooked when securing a network. Use the following best practices to secure any printers you support.

  • Update the firmware
  • Assign a password for web access to the printer
  • Change the SNMP community strings (these are the equivalent of printer "passwords." "Public" and "private" are the defaults and are widely known)
  • Disable any unused protocols (Do you really need Novell IPX enabled, etc?)
  • If possible, change the default TCP port from 9100 to another port number (Specific exploits target the default port and may cause the printers to print blank pages. However, some printers may not be capable of changing this port number)
  • If you have a firewall in front of your printers, only allow trusted IP’s (i.e. print server, etc.) to talk directly to the printer
  • Disable FTP or assign a password
  • If the printer is only used for on-campus printing, consider changing it to a private net 10 IP address. (This is a good security measure to prevent malicious attacks from the Internet. If you need assistance enabling this, contact ITS HelpDesk.)
 

E-mail us at infosec@rit.edu if you have any questions or suggestions.

 

Keeping Safe

Keeping Safe: Guidelines and Best Practices

Not sure how to keep yourself, your information, and your devices safe? Click on the headings below for best practices, resources, and more; also be sure to check out our blog for more specific content, answers to your information security questions, and best practices guides!

Subject Area

Comments

Securing your Computer

Free downloads and instructions to support the Desktop and Portable Computer Standard.

Mobile Devices

Learn how to safely use mobile devices when dealing with Private Information or everyday use.

Phishing

Learn how to recognize these common online scams.

Safe Blogging and Social Networking

Is a potential employer reading? Learn how much information is too much and how to protect yourself on social networking sites.

Wireless Networking

Learn about wireless networking at RIT, at home, and on public networks; and the potential dangers you face.

Web Browsing Safely

Learn about the different web browsers available, add-ons that can improve security, and how to browse using limited account privileges.

Identity Theft

Did you know that people aged 18-29 are five times more likely to be victims of identity theft than those 60 or older?

Instant Messaging

Tips on how to avoid malware and scams through instant messaging.

Safe Online Shopping and Banking

How to use these popular online services securely.

Digital Copyright

Are you aware that the Recording Industry Association of America (RIAA) and MPAA (Motion Picture Association of America) files copyright violations and has sued students at RIT? Visit the ITS Digital Copyright page to learn more about copyright violations at RIT and how they are handled.
Browser Security Configuration Outlines how to configure various security settings for common browsers.
Cloud Computing Information on secure cloud service use.

Network Security Standard

Network Security Standard

The Network Security Standard provides measures to prevent, detect, and correct network compromises. The standard is based on both new practices and best practices currently in use at RIT.

Please consult the checklist or the standard below for a complete list of requirements.

Who does it apply to?

All systems or network administrators managing devices that:

  • Connect to the centrally-managed Institute network infrastructure
  • Process Private or Confidential Information

Currently, personal network devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. However, the use of wireless routers is prohibited in residential areas on campus. The use of wired routers is still acceptable. Read and comply with the requirements in the Resnet guide to Using a Router on the RIT Network prior to using them.

See our Wireless Networking page for information on how to access wireless networks at RIT and how to set up and use a wireless network at home.

What do I need to do?

Use the Network Security Checklist to set up your networking device.

Network Security Standard

Because of the technical nature of this standard and its audience, we have not created a Plain English Guide. Network administrators should consult the Technical Resources pages for detailed information, including preferred and prohibited protocols, trespassing banners, etc.

 

Pages

Subscribe to RSS - Network