Security

Contact Us

RIT Information Security Office

Location
Information Security Office
Ross Building 10-A201

Mailing Address
Rochester Institute of Technology
151 Lomb Memorial Drive
Ross Building 10-A201
Rochester, NY 14623-5608

E-mail infosec@rit.edu
Phone  (585) 475-4123
Fax (585) 475-7920


Staff Directory

... ...
Name   E-mail Contact
Aldwin Maloto
Information Security Officer
abmiso@rit.edu Phone: (585) 475-6972
Office: ROS 10-A204
Jim Moore
Senior Information Security Forensic Investigator

Information Security at RIT

Since 2001, the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

Confidentiality
Ensuring only those with sufficient privileges may access certain information.

Integrity
Ensuring information is whole, complete, and uncorrupted.

Availability
Ensuring access to information without interference or obstruction.


Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

  • Security Education, Training, and Awareness
  • Alerts/Advisories
  • Forensics/Investigations
  • Security Policies & Standards
  • Risk Management Framework
  • Structure and Resources

Risk... ...

Security Assessment Tools

The following tools should be used in combination to conduct security assessments.

Unified vulnerability management enterprise solution
 
 
Network Vulnerability Scanner
 
... ...

Printer Best Practices

Printers often handle RIT Confidential information, but they can easily be overlooked when securing a network. Use the following best practices to secure any printers you support:

  • Update the firmware.
  • Assign a password for web access to the printer.
  • Change the SNMP community strings. (These are the equivalent of printer "passwords." "Public" and "private" are the defaults and are widely known.)
  • Disable any unused protocols. (Do you really need Novell IPX enabled, etc?)
  • If possible, change the default TCP port from 9100 to another port number. (Specific exploits target the default port and may cause the printers to print blank pages. However,
  • ... ...

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

... ...

Program