RIT

Securing Your Computer

Securing Your Computer

This section provides information about all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. The software on this page is intended for use by students, faculty, and staff at RIT. Inexperienced/non-technical users may want to check out our Digital Self Defense 101 Workshop, which explains the dangers of the Internet and RIT security requirements in greater detail.

Note: You do not have to use the specific software listed on this page. However, you should meet the requirements of the Desktop and Portable Computer Standard for your computer

Anti-Virus

RIT has licensed McAfee VirusScan software (available on the ITS Security & Virus Protection website) for use by students, faculty, and staff on  personally-owned computers. RIT-owned Windows computers will receive McAfee HIPS (Host Intrusion Prevention Software).

It is not necessary to use this particular anti-virus; if you prefer, you may use any of the following products.








Product

License

Company

ClamAV (Linux)

Free for personal use

Open Source

ClamXAV2 (Mac)

Free for personal use

Open Source

Norton Anti-Virus

One year paid subscription

Symantec

Trend Micro Anti-Virus

One year paid subscription

Trend Micro

avast! Anti-Virus

Free for personal use

ALWIL Software

AVG Anti-Virus

Free for personal use

Grisoft

Anti-Spyware

This should already be built into current anti-virus software.  A separate program is not needed.

Firewalls

Windows 7, Vista, XP, and Mac OS X all come with built-in firewalls; Resnet provides instructions on how to configure these built-in firewalls. If you do not want to use this firewall, RIT recommends the basic ZoneAlarm free firewall for Windows users Other firewall options may be provided by your Internet Service Provider. 

Patching/Updating

Regardless of what operating system you run, it should be up-to-date on all security patches; the easiest way to do this is to turn on the automatic update feature. Learn how to enable automatic updates for Windows and keep your Mac up-to-date automatically

Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on security patches.

Software Applications should also be kept up-to-date. This can usually be done from within the program itself or through the vendor's website; some programs have an automatic update feature. Use the links below to find updates for Microsoft, Apple, and Adobe software.

ISO-Approved Private Information Management Software

  • Identify Finder (Windows, Mac)
  • Cornell Spider (Linux only)

Plain English Guide to the Information Security Policy

Plain English Guide to the Information Security Policy 

RIT has issued an Information Security Policy. The Policy provides the strategic direction needed to implement appropriate information safeguards for RIT information and the Institute network. This Plain English Guide provides explanation and illustration of the Policy and is provided as an aid to help you understand and implement the requirements of the Policy. The Policy itself is authoritative. The policy is effective immediately.

Why did RIT issue the policy?

The Policy authorizes RIT to take reasonable measures to protect RIT information and computing assets in an age that is both reliant on electronic media and characterized by increasing Internet-borne threats. These measures apply to RIT information and the technology infrastructure.

In recent years, state and federal legislation have mandated specific protections for different types of information, including educational records (FERPA), financial customer information (Gramm-Leach-Bliley Act), health information (HIPAA), and private information (NYS Information Security Breach and Notification Act).

Why is the information lifecycle important?

The information lifecycle concept and its associated stages (creation, storage, transfer, and destruction) provide a useful framework for information handling. For example, during the creation stage, the creator of the information determines who should have access to the information and how that access is to be granted. During the destruction stage, "out-of-date" information or information used only occasionally may be without appropriate protection and be at greater risk.

What are the roles of Safeguards and Controls?

Most of the legislation above requires affected organizations to explain how they know people don’t have unauthorized access to information. Controls provide the best way of ensuring information protection. Controls can be process based (administrative controls), or technology based (technical controls). Controls focus on one or more of the following: problem prevention, problem detection, or problem correction.

How has RIT implemented this policy?

RIT has implemented the Information Security Policy by conducting risk assessments, issuing and enforcing standards, raising awareness of threats, recognizing best practices, and maintaining relationships with a number of security-focused external entities for benchmarking and sharing of resources.

More specifically,

  • RIT has designated specific individuals, including the RIT Information Security Officer, to identify and assess the risks to non-public or business-critical information within the Institute and establish an Institute-wide information security plan
  • The RIT Information Security Office creates and maintains standards to protect RIT information systems and its supporting infrastructure, ensure workforce information security, and guide RIT business associates and outsource partners. The creation of these standards is mandated by policy and is in response to the risks that the Institute faces. They are Institute-wide standards, created with representation from across RIT. See our Policies and Standards page for the list of current standards and information about how standards are developed.
  • The RIT Information Security Office provides awareness and training workshops, including its Digital Self Defense classes to help RIT users in the responsible use of information, applications, information systems, networks, and computing devices.
  • The RIT Information Security Office encourages the exchange of information security knowledge through ongoing engagements with security-focused groups, such as Educause, the New York State Cyber-Security Critical Infrastructure Coordination group, InfraGard, and others.
  • RIT periodically evaluates the effectiveness of information security controls in technology and process through risk assessments.

 

To whom does the policy apply?

The policy applies to the entire RIT community, including RIT employees, student employees, volunteers, and external business associates. Standards articulate how you follow the policy. Each standard has a different scope and may apply to different parts of or activities engaged in by the RIT population.

What do I have to do?

You need to follow all Information Security Policy requirements as articulated in the standards. See our Policies and Standards page for a current list of standards.

Where do I go for more information?

Read the policy and its associated standards. Contact the RIT Information Security at infosec@rit.edu if you have more questions.

 

About Us

About Us

Since 2001 the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

  • Confidentiality: ensuring only those with sufficient privileges may access certain information
  • Integrity: ensuring information is whole, complete, and uncorrupted
  • Availability:  ensuring access to information without interference or obstruction

Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

  • Awareness
  • Alerts/Advisories
  • Vulnerabilty Management
  • Private Information Management
  • Forensics/Investigations
  • Security Policies & Standards

Contact Us

Contact Us

RIT Information Security Office

Location Information Security Office Ross Building 10-A201
Mailing Address 151 Lomb Memorial Drive Ross 10-A201 Rochester Institute of Technology Rochester, NY 14623-5608
Email:infosec@rit.edu Phone: (585) 475-4122, (585) 475-4123 Fax: (585) 475-7920

Staff Directory

Employee

 

Email

Office

Contact

Jonathan Maurer
Information Security Officer

jdmrmss@rit.edu

Eastman 01-4000

(585) 475-6379
Fax: (585) 475-7950

Jim Moore
Senior Information Security Forensic Investigator

jhmvnd@rit.edu

Ross 10-A202

(585)-475-5406
Fax: (585) 475-7920

Ben Woelk
Policy and Awareness Analyst

fbwis@rit.edu

Ross 10-A204

(585) 475-4122
Fax: (585) 475-7920

Paul Lepkowski
Enterprise Information Security Lead Engineer

paul.lepkowski@rit.edu

Ross 10-A200

(585) 475-6972
(585) 475-7920

General Inquiries infosec@rit.edu Ross 10-A201 (585) 475-4123

Support Contacts at RIT

The following organizations support the general community at RIT. Some colleges and departments have their own support organizations. In those cases, you should contact your local support organization first. Depending on the issue, your systems administrator may direct you to a different organization.
 

Organization

Contact

ITS Service Desk (everyone)

Gannett Building (7B), Room 7B-1113 Voice: (585) 475-HELP TTY: (585) 475-2810 Submit an online help request to servicedesk@rit.edu for more information visit http://www.rit.edu/its/

Resnet (on-campus residents only)

Nathaniel Rochester Hall (43), Room 1034 Voice: (585) 475-2600 TTY: (585) 475-4927 resnet@rit.edu for more information visit http://resnet.rit.edu/

Information Security Council Contacts

Click here for the complete list of individuals in the Information Security Council 

Wireless Networking

Wireless Networking

Wireless logo

Wireless networks are generally considered to be less secure than wired networks; however, with proper configuration and encryption enabled, they can provide more than adequate security for most users. Read our Accessing Wireless Networks Safely Brochure to learn more and better protect your privacy.

Wireless at RIT

RIT offers three different wireless networks across campus: an open public network, an encrypted WPA network, and an encrypted WPA2 network. We strongly recommend using the WPA2 or WPA network at all times, as they provide much better quality and security for users. WPA2 is the preferred protocol, as it offers the best security.

The WPA and WPA2 network signals are not broadcast publicly, so your computer will not automatically detect them. ITS provides instructions on How to Access RIT’s WPA Wireless Network.

More information on wireless networking at RIT can be found on the ITS Wireless Computing at RIT page.

Residential Networking

Please note that the use of wireless network routers is not permitted in residential areas on campus. Use of wired routers is acceptable; however, you should read and comply with Resnet’s guide to Using a Router on the RIT Network prior to setup.

Wireless at Home 

Without a secure configuration, your wireless network is open to anyone within range of the access point (typically anywhere from 100-1000 feet). Anyone in your area can "piggyback" on your connection and use your Internet, which can lead to a number of problems such as service violations, bandwidth shortages, abuse, activity monitoring, or direct attacks to your computer.

Best Practices for Home Wireless Networks

  • Change Your Default SSID and Administrator Password (See About.com for overview, but process varies by manufacturer)
  • Disable SSID Broadcasting 
  • Enable WPA Encryption
  • Enable MAC Address Filtering (See About.com for overview, but process varies by manufacturer)
  • Keep Your Access Point Software Up-To-Date with Patches
  • Use Your Router's Built-in Firewall
  • Use File Sharing with Caution

Public Wireless Networks

Many public access points are not secured, and the traffic they carry is not encrypted. This puts your sensitive communications and transactions at risk. Because your connection is being transmitted "in the clear," malicious users can use sniffing tools, "shoulder surfing," or other methods to obtain information including passwords, bank account numbers, unauthorized computer access, and credit card numbers quite easily.

Best Practices for Public Wireless Networks

  • Avoiding Sending Sensitive Information (such as online banking, shopping, etc..) over a Wireless Network
  • Stay on Secure Websites (look for HTTPS and lock icon)
  • Encrypt Your Traffic
  • Connect Using VPN (Virtual Private Networking)
  • Disable File Sharing
  • Be Aware of Your Surroundings
 

 

Pages

Subscribe to RSS - RIT