An introductory course in secure computing practices!
Whether you're a student or a staff member, life at Trinity College without a personal computer has become almost unthinkable. In student rooms, labs, offices, libraries and countless other campus locations, access to computers is a necessity.
With this increasing reliance on personal computing has also come greater risk to the electronic data, personal, business and academic, that we store and process, from computer exploits and malicious software such as viruses.
Computers in use at Trinity College come in all shapes and sizes, and use just about every operating system available, but whether you're running a desktop, tower or a laptop, Windows, or linux, or Mac OS X, there are a number of basic concepts and practices that you can - and should - adopt and use that will protect your computer and your data.
Blank passwords are the easiest way for an unauthorised individual to gain access to your data. Make sure that all accounts have secure passwords set.
Don't forget to include your local operating system accounts as well as your TCD network account and any accounts on any local information systems in your department.
Your network account and password act as your identity on the Trinity College network and restrict access to your email and other files to you. Guard your passwords and always change them if you suspect that they have become known to others.
All users should note that it is strictly against published College Policy to allow your College accounts and passwords to be used by others.
This is very important not only when using your personal computer in your office or room, but also when you are using public lab computers that are used by many other people, often in rapid succession. If you forget to log off a lab computer after finishing your session, you give the next person at the keyboard an open door into your account which they can use to read your email, personal financial information and other sensitive data. They could even change your password and lock you out of your own account.
All the major operating systems provide the ability to "lock" and password-protect the screen and system so that an unauthorised person with physical access cannot tamper with your computer. It's a good habit to get into to either log out or lock the system every time you get up.
Remember You are responsible for all actions carried out under your sign-on, so sign-off when leaving your computer.
Viruses are the most common security problem seen in College and the easiest to prevent. Check that you are running the College approved anti-virus software for your area and that it is up-to-date.
Software applications which advertise products or which send data back to a third party - without asking the user - is called adware or spyware
It is important to scan your computer for this type of software in a similar way to which you scan your computer for viruses.
All software companies are constantly releasing patches and updates to fix security issues, as well as other flaws discovered in their products. These flaws are what virus writers and hackers exploit to gain access to your data. Make sure you stay ahead of the hackers and keep you software up-to-date. A quick and easy way to do this for Microsoft Windows users is to run 'windows update' from the icon on your start menu.
You can easily make any folder on your computer available to individuals, groups or to the entire Trinity College Network. Make sure you don’t accidentally provide access to more people than you intend!
Guard against virus infection from unsolicited or spam emails that may be delivered to your account. If you do not know the sender or if you were not expecting the email then do not open the email or its attachments.
Spam is unsolicited e-mail on the Internet. It is a form of bulk mail, often sent to a list obtained by companies that specialise in creating e-mail distribution lists. Just as you would throw away junk mail you received in the post you should delete any spam email you receive immediately. Never reply to spam email as this confirms the validity of your email address and may result in you receiving more spam.
A comprehensive backup strategy is the best way to prepare for disaster. Make sure that all your data files are backed up regularly and stored in a secure location.
Users should note that only critical systems are backed up centrally by IS Services. All users are responsible making arrangements for backing up their own data.
All the major operating systems come packaged with all sorts of application and server software and a major problem is that not only do they often turn these services on by default, they also give you very little explanation about what they do and little flexibility with regard to configuration settings. In general, the more services you have running on your computer, the more potential targets you have for hackers to exploit. These services include well-known, standard things like ftp, telnet, Samba, SQL, SMTP (e-mail server), Apache (web server) and others.
When considering what services should be running on your system, here are a few easy rules of thumb:
Do not provide details of your computer or any of your College account information to other individuals. Help prevent spam email by not giving out our College email address on Internet sites.
Be careful when you are out browsing the Internet; don’t give personal details out on public web sites. Be careful when downloading files always scan for viruses.
Be conscious of software copyright and under no circumstances make unauthorised copies. Only use software that is approved and has been verified by the College as being virus free.
Unless you have a special reason to leave your computer on always remember to turn it off when you are not using it. Remember when your computer is connected to the Trinity College Network it is potentially at risk.
|Contact: ITSecurity@tcd.ie | Sitemap | Last Updated: February 15, 2007|