Prevention

Securing Your Computer

This section provides information about all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. The software on this page is intended for use by students, faculty, and staff at RIT. Inexperienced/non-technical users may want to check out our Digital Self Defense 101 Workshop, which explains the dangers of the Internet and RIT security requirements in greater detail.

Note: You do not have to use the specific software listed on this page. However, you must meet the requirements of the Desktop and Portable Computer Standard for your computer.

Anti-Virus

RIT has licensed McAfee VirusScan software (available on the ITS Security & Virus Protection website) for use by students, faculty, and staff on personally-owned computers. RIT-owned Windows computers will receive McAfee HIPS (Host Intrusion Prevention Software).

It is not necessary to use this particular anti-virus; if you prefer, you may use any of the following products.

Product	License	Company
ClamAV (Linux)	Free for personal use	Open Source
ClamXAV2 (Mac)	Free for personal use	Open Source
Norton Anti-Virus	One year paid subscription	Symantec
Trend Micro Anti-Virus	One year paid subscription	Trend Micro
avast! Anti-Virus	Free for personal use	ALWIL Software
AVG Anti-Virus	Free for personal use	Grisoft

Anti-Spyware

Spyware is very difficult to detect. Unlike anti-virus software, it may be preferable to run multiple spyware programs.

The License for Spybot Search & Destroy (available on the ITS Security & Virus Protection website) is free for use by faculty, staff, and students on both Institute-owned and personal computers. Be wary of other anti-spyware products - many products advertised actually contain spyware themselves! Additional spy-ware products we recommend can be found below.

Product	License	Company
SpywareBlaster	Free for personal and educational use	Brightfort
Microsoft Security Essentials	Free for personal use on Vista and Windows 7	Microsoft
MacScan	Free (for Mac computers ONLY)	SecureMac

Firewalls

Windows 7, Vista, XP, and Mac OS X all come with built-in firewalls; Resnet provides instructions on how to configure these built-in firewalls. If you do not want to use this firewall, RIT recommends the basic ZoneAlarm free firewall for Windows users Other firewall options may be provided by your Internet Service Provider.

Patching/Updating

Regardless of what operating system you run, it must be up-to-date on all security patches; the easiest way to do this is to turn on the automatic update feature. Learn how to enable automatic updates for Windows and keep your Mac up-to-date automatically.

Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on security patches.

Software Applications must also be kept up-to-date. This can usually be done from within the program itself or through the vendor's website; some programs have an automatic update feature. Use the links below to find updates for Microsoft, Apple, and Adobe software.

ISO-Approved Private Information Management Software

Identify Finder (Windows, Mac)
Cornell Spider (Linux only)

Tags:

Brochure

Brochures

Click on the brochures listed below to answer a variety of common questions regarding online safety concerns in the RIT community.

Tags:

RIT Faculty and Staff Responsibilities

Private Information Management Initiative -- Faculty and Staff Responsibilities

All RIT faculty and staff are expected to follow the Private Information Management Initiative (PIMI) remediation requirements below:

Review hard copy files for Private information.
Scan RIT computers with Identity Finder for Private information (if Identity Finder is not available, scanning with an alternative tool or reviewing the computer for Private Information is recommended). The Information Security Office will initiate scans of most computers monthly.
Scan or review personal/home computers, portable devices, and media for Private information.
Inform your manager in writing if there is a compelling business reason for retaining private information. Promptly secure the information in compliance with the RIT Information Access and Protection Standard.
Notify and receive approval from your PIMI Information Steward/Management Representative.
If you're unable to remediate the information found within Identity Finder, please redact (securely erase or securely destroy) unnecessary private information.
Complete the Digital Self Defense 103 (2009) Information Handling course. (Center for Professional Development, online) *Note: this requirement is waived if he or she does not handle RIT Private or Confidential information.

Additional Requirements for Department Managers

Ensure faculty and staff have reviewed hard copy files and scanned or reviewed electronic files.
Ensure faculty and staff have redacted, securely erased or securely destroyed unnecessary Private information.
Receive authorization to retain any Private information from the Divisional VP/Information Steward/Management Representative and the Information Security Office.
Secure the remaining Private Information in compliance with the RIT Information Access and Protection Standard.

Tags:

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

Program	Description
OSSEC	Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.
McAfee HIPS	Desktop and server intrusion prevention (Windows) (ISO-tested)
Bit9	Application whitelisting (Windows) (non ISO-tested)
Cimcor	Protects against unauthorized changes (Server and Network) (non ISO-tested)
Tripwire (commercial version)	Configuration assessment and change auditing (Desktops and Servers; VMware coming) (non ISO-tested)

Desktop

Program	Description
OSSEC	Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.
McAfee HIPS	Desktop intrusion prevention (Windows) (ISO-tested)
Comodo	Internet Security Suite (ISO-tested)
Online Armor - Tall - Emu	Firewall (ISO-tested)

E-mail us at infosec@rit.edu if you have any questions or suggestions.

Tags:

Desktop and Portable Computer Security Standard

Desktop and Portable Computer Standard

To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

What does it apply to?

All RIT-owned or leased computers.
Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.

The standard does not apply to:

Computers used only to access RIT web pages, Webmail, etc. from off campus. (RIT strongly recommends that users follow the requirements of the standard on all computers.)
Cell phones, pagers, PDAs, and other special purpose devices that connect to the Institute network solely through Web, portal, or application access.

What do I need to do?

The Desktop and Portable Computer Checklist: General User is the quickest way to check if you comply with the security requirements.
The Desktop and Portable Computer Checklist ITS-Supported Users is designed for users whose department is supported by ITS.
A Desktop and Portable Computer Checklist: Systems Support is available systems support personnel to ensure supported users comply with the standard.
Use our Securing your Computer page to find the required software and supporting documentation for the Desktop Standard.
Our Digital Self Defense Workshops provide a basic introduction to information security issues and include interactive simulations that let you practice using the required software in a safe environment.