Security

About Us

About Us

Since 2001 the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

  • Confidentiality: ensuring only those with sufficient privileges may access certain information
  • Integrity: ensuring information is whole, complete, and uncorrupted
  • Availability:  ensuring access to information without interference or obstruction

Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

  • Awareness
  • Alerts/Advisories
  • Vulnerabilty Management
  • Private Information Management
  • Forensics/Investigations
  • Security Policies & Standards

Contact Us

Contact Us

RIT Information Security Office

Location Information Security Office Ross Building 10-A201
Mailing Address 151 Lomb Memorial Drive Ross 10-A201 Rochester Institute of Technology Rochester, NY 14623-5608
Email:infosec@rit.edu Phone: (585) 475-4122, (585) 475-4123 Fax: (585) 475-7920

Staff Directory

Employee

 

Email

Office

Contact

 

 

 

 

 

Jim Moore
Senior Information Security 

Forensic Investigator

jhmvnd@rit.edu

Ross 10-A202

(585)-475-5406
Fax: (585) 475-7920

Ben Woelk
Policy and Awareness Analyst

fbwis@rit.edu

Ross 10-A204

(585) 475-4122
Fax: (585) 475-7920

Paul Lepkowski
Information Security Engineering Manager

peliso@rit.edu

Ross 10-A200

(585) 475-6972
(585) 475-7920

General Inquiries infosec@rit.edu Ross 10-A201 (585) 475-4123

Support Contacts at RIT

The following organizations support the general community at RIT. Some colleges and departments have their own support organizations. In those cases, you should contact your local support organization first. Depending on the issue, your systems administrator may direct you to a different organization.
 

Organization

Contact

ITS Service Desk (everyone)

Gannett Building (7B), Room 7B-1113 Voice: (585) 475-HELP TTY: (585) 475-2810 Submit an online help request to servicedesk@rit.edu for more information visit http://www.rit.edu/its/

Resnet (on-campus residents only)

Nathaniel Rochester Hall (43), Room 1034 Voice: (585) 475-2600 TTY: (585) 475-4927 resnet@rit.edu for more information visit http://resnet.rit.edu/

Information Security Council Contacts

Click here for the complete list of individuals in the Information Security Council 

Online Safety

Online Safety

Everyone connected to the Internet is a potential target. Use of anti-virus and firewall software is critical in protecting your computer online; however, simply protecting your computer is not enough. 

Web Browsers

Cyber criminals often target vulnerabilities in web browsers. Because Internet Explorer is the web browser used by most people, it has become a primary target. Using a different browser can reduce your risk while on the web. The table below lists alternative browsers:

Browser

Operating System

License

Firefox

Mac, Windows, Linux

Free (open source)

Chrome

Mac, Windows, Linux

Free

Opera

Mac, Windows, Linux

Free

Safari

Mac OS X

Free

Configure Settings

Changing the default security settings can help protect you while browsing.  Learn more here.

Update Regularly

It is important to keep your browser up-to-date on security patches. This can typically be done from within the browser, or directly from the vendor’s website. Check for updates at least monthly.

Note: If you use Internet Explorer with RIT Oracle Applications, you may not be able to use the newest versions of Internet Explorer are not certified for compatibility with Oracle at this time.

Use Limited Account Privileges

Learn more here.

Be Smart With What you Do Online

View our pages on Social Networking and Online Banking/Shopping.  Also look for posts on our blog about identity theft, online banking, and scams. 

Wireless Networking

Wireless Networking

Wireless logo

Wireless networks are generally considered to be less secure than wired networks; however, with proper configuration and encryption enabled, they can provide more than adequate security for most users. Read our Accessing Wireless Networks Safely Brochure to learn more and better protect your privacy.

Wireless at RIT

RIT offers three different wireless networks across campus: an open public network, an encrypted WPA network, and an encrypted WPA2 network. We strongly recommend using the WPA2 or WPA network at all times, as they provide much better quality and security for users. WPA2 is the preferred protocol, as it offers the best security.

The WPA and WPA2 network signals are not broadcast publicly, so your computer will not automatically detect them. ITS provides instructions on How to Access RIT’s WPA Wireless Network.

More information on wireless networking at RIT can be found on the ITS Wireless Computing at RIT page.

Residential Networking

Please note that the use of wireless network routers is not permitted in residential areas on campus. Use of wired routers is acceptable; however, you should read and comply with Resnet’s guide to Using a Router on the RIT Network prior to setup.

Wireless at Home 

Without a secure configuration, your wireless network is open to anyone within range of the access point (typically anywhere from 100-1000 feet). Anyone in your area can "piggyback" on your connection and use your Internet, which can lead to a number of problems such as service violations, bandwidth shortages, abuse, activity monitoring, or direct attacks to your computer.

BEST PRACTICES FOR HOME WIRELESS NETWORKS
  • Change Your Default SSID and Administrator Password (See About.com for overview, but process varies by manufacturer)
  • Disable SSID Broadcasting 
  • Enable WPA Encryption
  • Enable MAC Address Filtering (See About.com for overview, but process varies by manufacturer)
  • Keep Your Access Point Software Up-To-Date with Patches
  • Use Your Router's Built-in Firewall
  • Use File Sharing with Caution

Public Wireless Networks

Many public access points are not secured, and the traffic they carry is not encrypted. This puts your sensitive communications and transactions at risk. Because your connection is being transmitted "in the clear," malicious users can use sniffing tools, "shoulder surfing," or other methods to obtain information including passwords, bank account numbers, unauthorized computer access, and credit card numbers quite easily.

BEST PRACTICES FOR PUBLIC WIRELESS NETWORKS
  • Avoiding Sending Sensitive Information (such as online banking, shopping, etc..) over a Wireless Network
  • Stay on Secure Websites (look for HTTPS and lock icon)
  • Encrypt Your Traffic
  • Connect Using VPN (Virtual Private Networking)
  • Disable File Sharing
  • Be Aware of Your Surroundings
 

Security Assessment Tools

Security Assessment Tools

 

The following tools should be used in combination to conduct security assessments.

Tool

Description

Rapid 7 Nexpose (RIT Enterprise Licensed by ISO)

Unified vulnerability management enterprise solution

Nessus

Network Vulnerability Scanner

CIS Score

Security Consensus Operational Readiness Evaluation provides various security checklists.

Secunia Vulnerability Scanners

Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.

Microsoft Baseline Security Analyzer (MBSA)

MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Nipper

Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.

Scrawlr

HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

Core Impact

Penetration testing software

Qualys

Provides a suite of tools for:

  • Vulnerability Management
  • Policy Compliance
  • PCI Compliance
  • Web Application Scanning

NMAP

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.

BidiBlah

The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools.

 

Pages

Subscribe to RSS - Security