Topics Map > Services > Security > Protect Yourself and Others
Protect Yourself and Others - Safe Computing
Safe computing is mostly about prudence, preparation, and prevention. NDSU has seen a large number of computers on the network become compromised(both personal and NDSU systems). The following suggestions are intended to help students, faculty, and staff become more aware of safe computing issues.
- infect other systems,
- take down entire businesses or networks,
- be used for illegal or terrorist activities against others,
- be used as repositories for illegally obtained copyright protected media, software, and pornography, and
- have information corrupted or deleted.
Create a Secure Login
- Always set up all accounts (user IDs or e-IDs) that require good passwords. Do NOT allow a password to be empty or blank. We see many break-ins of Windows machines because the machine was installed and set up with a null (blank) administrator password. There are hacker tools that can find these and compromise them in seconds. Don't be an easy target.
- Use good passwords! Do NOT use words that could be looked up in a dictionary or are simple--programs can "guess" those in seconds. When possible, use special characters, digits, mixed case, etc. Your password should be at least 6 characters long. One recent study showed that 40% of the users surveyed used the word "password" as their password! Don't be obvious, be mysterious. Do not share your password. If you think someone else knows your password, change it.
- Remove or disable all guest and other accounts you do not need. Change all the initial passwords that might have come with your system. Many computer systems are delivered in an "insecure" state. Be secure.
Protect Your Computer
- Make sure every computer that you are responsible for has antivirus software installed and configured correctly.
- All antivirus software should be automatically updated with the latest virus definitions at least once a week. All NDSU students, faculty, and staff can use FREE antivirus software and set up their computer to automatically update the virus definitions. You can even use the software on your home computer.
- Be suspicious of messages or e-mail, EVEN if you seem to know the sender. Many modern viruses forge e-mail From: and To: addresses to try to trick you into doing something you would not normally do. It only takes once to be infected with a computer virus. Critical patches or security updates are NOT sent unsolicited in e-mail! If you get mail from Microsoft or another supplier which claims to have an attached program, patch, or virus remedy, you should assume it is a hoax or virus. Most legitimate programs and patches are made available at well known Web sites or FTP servers from which you must download them.
- There is personal "firewall" software that will allow you to control who can connect to your computer. However, it can be rather complicated to set up and even more difficult to interpret the alerts. You may think you are under attack when in reality the connection is a normal part of some program or protocol you have installed.
Be Selective with Features
- Turn off any unneeded services or features (e.g., Web servers, remote access).
- Do not needlessly open "network shares" to allow others to access your system. Once a person has access, they can do just about anything. If you do require outside access, be sure it is really secure.
- Beware of buddies who tag along. Freeware may have other software to give people direct access to your machine without you knowing it. Do not accidentally turn your machine into a server for illegal software. Be careful of the software you install and check it out BEFORE you install it. Some tag-along software such as "CommonName" may not damage your machine, but you may no longer be able to access some Web sites.
- Be selective in handling e-mail. Indiscriminately sending chain letters, jokes, etc. to everyone in your address book can not only clog the network, but you might lose the respect of the recipients. If you get an offer that seems too good to be true, it probably is. Many scams try to entice you to participate by "only" giving them your bank information, e-mail address, or personal information, or by requesting a "small" investment of money with the expectation of getting a windfall later.
- Don't let strangers onto the network! Do not install wireless access points. They may allow "wardrivers" to use your network access without your knowledge and you may be held accountable for their actions. Networking equipment like wireless access points, DHCP servers, and advanced routers may also cause major network disruptions. If in doubt, be sure to contact the IT Help Desk at 231-8685, Option 1, if you have network configuration questions or before you connect something new to the network.
- Do not share your password or allow someone else to use your account. Never give out your password to anyone except authorized, known IT staff. IT staff try to avoid having to know user passwords but may need them to debug a problem with you. But only comply when YOU have initiated the contact and are confident of whom you are talking to. Never send the passwords in e-mail; e-mail can be passed around and "live" for a long time. Your password is personal, so keep it to yourself.
- Don't be enticed to open an attachment or visit a Web site from an unexpected e-mail, especially those with large attachments. For example, the Klez virus claims to have a fix for the Klez virus, but if you run it, you will get the Klez virus. Confused yet? Klez also sends the virus as an attachment that it claims is undeliverable e-mail that you sent and asks you to open the attachment to see the original e-mail (really the virus). The viral e-mail may even come from someone you know well, but, if you don't expect it or if it looks odd, check it out first by contacting the "sender." Remember that it is very easy to "forge" e-mail addresses.
- Be very careful about others using your computer. Will they be as careful as you are? Programs like Kazaa, IRC, and even instant messaging and chat rooms are notorious for exposing computers to viruses and compromise.
Keep Your Computer Healthy
- Keep the critical patches for your system current. Many break-ins are using "vulnerabilities" which are well known and have been patched by the vendor months or years ago. While installing updates may be non-trivial, it is important to get help and check for updates. Some vendors have Web sites to simplify the process (e.g., for Microsoft Windows and using MS IE, visit http://windowsupdate.microsoft.com ). Remember to have good current backups of critical data on your computer before making any changes.
- And we can't say it enough--make sure your antivirus product is automatically updated regularly. Check it often to make sure the updates are still being received.
- Don't give away the farm! If you sell or give away your computer, you should remove all your personal data and uninstall proprietary programs licensed only to you. Most computers come with the operating system installed and perhaps some other applications, but licenses vary. The safest thing to do would be to completely "scrub" the disk(s) using special programs because deleted files can often be recovered.
- Know and respect the licenses and terms for the software you use. Violations of terms can bring big fines, especially for an institution like NDSU. This has happened to other schools. If you install software with a limited trial, be sure to remove it or pay for it when the time is up. Be aware that some software can be used for free for personal use (on your own computer), but require a full purchase if used on an NDSU system. Remember that software licensed to NDSU or the NDUS still may require payment and/or registration for EVERY copy installed.
- Respect copyright and trademarks. Trademark and copyright owners are becoming especially vigilant to violations on the Internet and use sophisticated tools to seek out offending sites. If you have any questions, contact a lawyer or the NDSU Designated Agent for the Digital Millennium Copyright Act at firstname.lastname@example.org.
- Back up all your critical data often. The safest way to recover a compromised machine is to erase (reformat) the disk and reinstall everything from scratch using program install disks and restoring backed-up data. Keeping all your data and document files in one directory (and subdirectories) and backing that up often on CD-ROM, Zip drive, or on the network will make it easier for you to get your data back. Official NDSU data should be saved on network servers which are backed up daily--hard drives on your computer are not. If you do back up data yourself, be sure you have it on your "calendar" and do it regularly.
- Know your computer and be alert to changes in its behavior, unexplained files or messages, or seemingly random activity not connected with your use. That cool music program you installed might have made your computer a server for hundreds! Computers at universities are especially targeted because of the relatively high bandwidth Internet connections and powerful computers. Be curious. Check out something that seems odd or unusual.
- If you are actually infected with a computer virus or your computer is taken over by someone else, be sure you not only restore it to use but make it more secure than it was. Try to figure out how it was compromised and close those loopholes. You don't want to be an easy target for every person with dubious motives!
- If you think your computer is compromised or is acting suspiciously, you can unplug the network connection to make sure the problem will not affect other systems or the network itself. ITS may also block access to the Internet or local network if we have had reports of suspicious activity or complaints of attacks from that machine. Access will be restored once the problem is understood, and, if necessary, the machine will be cleaned and secured.