Software

Securing Your Computer

Securing Your Computer

This section provides information about all the software and instruction necessary to comply with the Desktop and Portable Computer Standard. The software on this page is intended for use by students, faculty, and staff at RIT. Inexperienced/non-technical users may want to check out our Digital Self Defense 101 Workshop, which explains the dangers of the Internet and RIT security requirements in greater detail.

Note: You do not have to use the specific software listed on this page. However, you should meet the requirements of the Desktop and Portable Computer Standard for your computer

Anti-Virus

RIT has licensed McAfee VirusScan software (available on the ITS Security & Virus Protection website) for use by students, faculty, and staff on  personally-owned computers. RIT-owned Windows computers will receive McAfee HIPS (Host Intrusion Prevention Software).

It is not necessary to use this particular anti-virus; if you prefer, you may use any of the following products.

Product

License
Company

ClamAV (Linux)

Free for personal use

Open Source

ClamXAV2 (Mac)

Free for personal use

Open Source

Norton Anti-Virus

One year paid subscription

Symantec

Trend Micro Anti-Virus

One year paid subscription

Trend Micro

avast! Anti-Virus

Free for personal use

ALWIL Software

AVG Anti-Virus

Free for personal use

Grisoft

Anti-Spyware

This should already be built into current anti-virus software.  A separate program is not needed.

Firewalls

Windows 7, Vista, XP, and Mac OS X all come with built-in firewalls; Resnet provides instructions on how to configure these built-in firewalls. If you do not want to use this firewall, RIT recommends the basic ZoneAlarm free firewall for Windows users Other firewall options may be provided by your Internet Service Provider. 

Patching/Updating

Regardless of what operating system you run, it should be up-to-date on all security patches; the easiest way to do this is to turn on the automatic update feature. Learn how to enable automatic updates for Windows and keep your Mac up-to-date automatically

Users of other operating systems such as Linux, Unix, etc., are also required to keep their operating systems up-to-date on security patches.

Software Applications should also be kept up-to-date. This can usually be done from within the program itself or through the vendor's website; some programs have an automatic update feature. Use the links below to find updates for Microsoft, Apple, and Adobe software.

ISO-Approved Private Information Management Software

  • Identify Finder (Windows, Mac)
  • Cornell Spider (Linux only)

Security Standard: Solutions Life Cycle Management

Security Standard: Solutions Life Cycle Management

 

Scope

The standard applies to new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:

  • host or provide access to Private or Confidential information
  • support a Critical Business Process

 

Requirements

The following security controls are required to be implemented.

1.      Engagement

1.1.   Contact the Information Security Office prior to investigating, evaluating, selecting, or developing a new solution.

2.     Planning and Preliminary Risk Assessment

2.1.   The Information Security Office will determine applicable security requirements and provide a preliminary risk assessment.

3.     Business Contract Phase

3.1.   Any proposed contract will be reviewed and revised in accordance with procurement services procedures (http://finweb.rit.edu/purchasing/) under the direction of RIT Procurement Services.

4.      Development

4.1.   The solution owner will inform the Information Security Office of any changes to the security requirements during development.

4.2.   Solutions development, testing, and production should be performed in separate environments.

4.3.   Test data should not include Private or Confidential information unless the security controls in test and development are the same as those in production.

4.4.   The solution owner should identify solution administrators.

5.      Security Review

5.1.   The Information Security Office or its authorized representative will conduct a Security Review.

5.2.   The Information Security office will perform an appropriate vulnerability assessment and penetration test before solution implementation.

6.      Maintenance

6.1.   The solution owner is responsible for ensuring that the security impact of any change is evaluated and notify the Information Security Office accordingly if there is a potential increase in risk.

7.      Solutions Retirement/Disposal

7.1.   The solution owner will ensure that the solution is evaluated at an appropriate interval and retired if appropriate.

7.2.   The solution administrator should ensure that Information is retained in accordance with the Records Management Policy, and to accommodate future technology changes that may render the retrieval method obsolete.

7.3.   The solution administrator should ensure that Information is disposed of as required by the Information Access and Protection Standard.

 

Effective Date: January 23, 2015

Standard History: November 11, 2013

Technical Resources

Technical Resources

This section of the website contains links to tools and documentation specifically for use by administrators. Scroll to the bottom of the page to access these resources.

What are my responsibilities as an administrator?

You are responsible for ensuring that all web resources, computers, servers, network devices, and any other types of computing devices that you support comply with all published standards.

You are also responsible for prompt reporting of computer incidents to the ISO in accordance with the Computer Incident Handling Standard.

Computer Incident Handling Resources

Security Checklists

Exceptions

The Information Security Office has provided a method for obtaining an exception to compliance with the published security standards.

Questions

If you have any questions or feedback about specific information security requirements, please e-mail us at infosec@rit.edu.

Virtual Private Networks

Virtual Private Networks

A Virtual Private Network (VPN) is a technology that allows for secure transmissions across the Internet between two networks by using a secure "virtual tunnel." Without using VPN, data (including passwords and confidential information) transmitted via the Internet is exposed and can be intercepted by third parties.

VPN should always be used to access RIT resources that are normally unavailable to users outside of the wired Institute network (such as department-specific services and network shares). This means that unless you are at a wired machine on campus, you must connect to the Institute network using VPN if you wish to access any private intranet resources. Your supervisor will notify you if the systems you work with require VPN.

VPN must be used when accessing RIT Confidential information on the Institute network from a remote location.

Visit the ITS VPN site to download the VPN software and find instructions and additional documentation.

 

Subscribe to RSS - Software