Prevention

Securing Your Computer

Securing Your Computer

This section provides information about all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. The software on this page is intended for use by students, faculty, and staff at RIT. Inexperienced/non-technical users may want to check out our Digital Self Defense 101 Workshop, which explains the dangers of the Internet and RIT security requirements in greater detail.

Note: You do not have to use the specific software listed on this page. However, you should meet the requirements of the Desktop and Portable Computer Standard for your computer

Anti-Virus

RIT has licensed McAfee VirusScan software (available on the ITS Security & Virus Protection website) for use by students, faculty, and staff on  personally-owned computers. RIT-owned Windows computers will receive McAfee HIPS (Host Intrusion Prevention Software).

It is not necessary to use this particular anti-virus; if you prefer, you may use any of the following products.

Product

License

Company

ClamAV (Linux)

Free for personal use

Open Source

ClamXAV2 (Mac)

Free for personal use

Open Source

Norton Anti-Virus

One year paid subscription

Symantec

Trend Micro Anti-Virus

One year paid subscription

Trend Micro

avast! Anti-Virus

Free for personal use

ALWIL Software

AVG Anti-Virus

Free for personal use

Grisoft

Anti-Spyware

Spyware is very difficult to detect. Unlike anti-virus software, it may be preferable to run multiple spyware programs.

The License for Spybot Search & Destroy (available on the ITS Security & Virus Protection website) is free for use by faculty, staff, and students on both Institute-owned and personal computers. Be wary of other anti-spyware products - many products advertised actually contain spyware themselves! Additional spy-ware products we recommend can be found below.

Product

License

Company

SpywareBlaster

Free for personal and educational use

Brightfort

Microsoft Security Essentials

Free for personal use on Vista and Windows 7

Microsoft

MacScan

Free (for Mac computers ONLY)

SecureMac

Firewalls

Windows 7, Vista, XP, and Mac OS X all come with built-in firewalls; Resnet provides instructions on how to configure these built-in firewalls. If you do not want to use this firewall, RIT recommends the basic ZoneAlarm free firewall for Windows users Other firewall options may be provided by your Internet Service Provider. 

Patching/Updating

Regardless of what operating system you run, it should be up-to-date on all security patches; the easiest way to do this is to turn on the automatic update feature. Learn how to enable automatic updates for Windows and keep your Mac up-to-date automatically

Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on security patches.

Software Applications should also be kept up-to-date. This can usually be done from within the program itself or through the vendor's website; some programs have an automatic update feature. Use the links below to find updates for Microsoft, Apple, and Adobe software.

ISO-Approved Private Information Management Software

  • Identify Finder (Windows, Mac)
  • Cornell Spider (Linux only)

RIT Faculty and Staff Responsibilities

Private Information Management Initiative -- Faculty and Staff Responsibilities

All RIT faculty and staff are expected to follow the Private Information Management Initiative (PIMI) remediation requirements below:

  • Review hard copy files for Private information.
  • Scan RIT computers with Identity Finder for Private information (if Identity Finder is not available, scanning with an alternative tool or reviewing the computer for Private Information is recommended). The Information Security Office will initiate scans of most computers monthly.
  • Scan or review personal/home computers, portable devices, and media for Private information.
  • Inform your manager in writing if there is a compelling business reason for retaining private information. Promptly secure the information in compliance with the RIT Information Access and Protection Standard.
  • Notify and receive approval from your PIMI Information Steward/Management Representative.
  • If you're unable to remediate the information found within Identity Finder, please redact (securely erase or securely destroy) unnecessary private information.
  • Complete the Digital Self Defense 103 (2009) Information Handling course. (Center for Professional Development, online) *Note: this requirement is waived if he or she does not handle RIT Private or Confidential information.

Additional Requirements for Department Managers

  • Ensure faculty and staff have reviewed hard copy files and scanned or reviewed electronic files.
  • Ensure faculty and staff have redacted, securely erased or securely destroyed unnecessary Private information.
  • Receive authorization to retain any Private information from the Divisional VP/Information Steward/Management Representative and the Information Security Office.
  • Secure the remaining Private Information in compliance with the RIT Information Access and Protection Standard.

 

Host Intrusion Prevention (RIT-owned/leased computers only)

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop and server intrusion prevention (Windows) (ISO-tested)

Bit9

Application whitelisting (Windows) (non ISO-tested)

Cimcor

Protects against unauthorized changes (Server and Network) (non ISO-tested)

Tripwire (commercial version)

Configuration assessment and change auditing (Desktops and Servers; VMware coming) (non ISO-tested)

Desktop

Program

Description

OSSEC

Open source intrusion detection (multiple platforms) (ISO-tested). Active protection feature must be enabled.

McAfee HIPS

Desktop intrusion prevention (Windows) (ISO-tested)

Comodo

Internet Security Suite (ISO-tested)

Online Armor - Tall - Emu

Firewall (ISO-tested)

E-mail us at infosec@rit.edu if you have any questions or suggestions.

Pages

Subscribe to RSS - Prevention