it security essentials lesley a. bidwell, it security administrator
TRANSCRIPT
SUNY Oneonta Security Program
• Developed by a working group of faculty and staff
• Adopted by President’s Cabinet in March 2005
• Available from the campus network at www.oneonta.edu/technology/security
SUNY Oneonta Security Program
• “This program applies to all faculty, staff and students of the College, or others … who may utilize the College’s technology and related facilities.”
Why all the concern about security?
• Computer hacking has become big business
• We store vast amounts of personal data in our systems – on students and employees
• We need that data to be accurate and available in order to do our jobs
• We must comply with State and Federal regulations
What are we doing about it?
• Constantly monitoring systems and threats to keep our servers and our network secure
• Implementing policies, procedures and practices to assure only authorized users have access to data
• Educating users
What can you do?
• Security is everyone’s responsibility
• Check out the security program• Contact the IT Security
Administrator with any questions or if you suspect there has been a security breach
• Follow some basic guidelines:
Be aware
• Make information security a regular practice
• Recognize poor security practices in your own habits and in your office
• Remain vigilant where information security is concerned
Passwords
• Never share a password– If more than one person needs
access work with us to set up a network share so each can use their own password
– Even the IT Helpdesk should never ask for your password
Passwords
• Choose strong Passwords– Will be required soon– Use a phrase that’s easy to remember
but hard to guess– Must contain 3 of 4
• Upper case letters• Lower case letters• Numbers• Special Characters• See http://www.microsoft.com/athome/security/privacy/password.mspx
Passwords
• Change passwords regularly– Will be required soon– Every 180 days– Limits the length of time a hacker
can use a compromised password– ALWAYS change passwords if
you suspect your password has been stolen
Passwords
• Never post your password
– On your computer monitor
– Under your keyboard
– In the desk drawer
– Anyplace that someone might look
Passwords
• Never save passwords in applications– E-mail, Web Authoring, PPP for
dial-in– Anyone who sits at your computer
has access– Equally important at home
Physical Security
• Always lock your computer when you leave it unattended (ctrl-alt-del)
• Never leave hard copies with sensitive data in plain view
• Always log out of web applications (Banner, e-mail) and close browser
Malware
• A general term for malicious software
• Includes viruses, trojans, rootkits, spyware, etc.
• Vectors of infection include e-mail, web pages, links sent through IM sessions, hidden in other programs
Malware
• Anti-virus software– Must be up to date– Must be running– Use on-access scanner– Schedule daily scans
Malware
• Anti-spyware software– Must be up to date– Must be running– Good choices include Microsoft
Defender, Spybot Search & Destroy and Adaware
– http://helpdesk.oneonta.edu/xoops/modules/wfdownloads/viewcat.php?cid=3
Malware
• Operating system patches– Apply critical patches as soon as
possible– Use automatic updating when
possible– Important for Macs and Linux
machines as well as Windows
Malware – Signs of Infection• Computer slows down
• New homepage, toolbars, default search pages or favorites in browser
• Anti-virus and/or anti-spyware software get turned off
Malware
• Be sure to use these procedures at home
• Call the Information Technology Helpdesk about using the ASCI or Secure Desktop program for your office computer