Protect Yourself and Others - Safe Computing

Safe computing is mostly about prudence, preparation, and prevention. NDSU has seen a large number of computers on the network become compromised(both personal and NDSU systems). The following suggestions are intended to help students, faculty, and staff become more aware of safe computing issues.

Safe computing is mostly about prudence, preparation, and prevention. NDSU has seen a large number of computers on the network become compromised (both personal and NDSU systems). The following suggestions are intended to help students, faculty, and staff become more aware of safe computing issues.

The Internet is a powerful resource, but the same features that make it powerful also provide the means for misuse. Your "network neighbors" are world-wide, and, if you are not careful, they may have complete access to your system. While there really is no "100% secure" Internet-connected computer system, it is possible to take a few simple steps to be more secure than you would be otherwise. 

Of course, you might say, "I don't have any top secret information on my computer." However, you don't want to lose what you do have, and you don't want to be responsible for illegal activity on your computer. "Infected" computers can:
  • Infect other systems 
  • Take down entire businesses or networks
  • Be used for illegal or unwanted activities against others
  • Be used as repositories for illegally obtained copyright protected media, software, and pornography
  • Have information corrupted or deleted
Hundreds of computers can be taken over in seconds. Remember that you, as an owner of an account or computer, are responsible for any and all activity using your access information. You can save yourself a lot of grief by following some basic rules for safe computing. 

If you have any questions about any of these items, please contact the IT Help Desk at 231-8685 (Option 1), via e-mail at NDSU.helpdesk@ndsu.edu, or in QBB 150. 

There are no dumb questions, and what you learn from your friends may or may not be true. With a little prudence, preparation, and prevention, you can enjoy fast, quality computing. Don't be a victim. It is better to be safe than sorry.

Create a Secure Login

The first step in safe computing begins with your login ID and password. A few simple precautions will go a long way to prevent you from being a victim of a computer break-in: 
  • Set up all accounts (user IDs or e-IDs) to require good passwords. Do NOT allow a password to be empty or blank. 
  • Use good passwords! Do NOT use words that could be looked up in a dictionary or are simple. Programs can "guess" those in seconds. When possible, use special characters, digits, mixed case, etc. Your password should be at least 14 characters long. Do not share your password. If you think someone else knows your password, change it. 
  • Remove or disable all guest and other accounts you do not need. Change all the initial passwords that might have come with your system. Many computer systems are delivered in an "insecure" state. Be secure.
  • Use your computer as a General User type of account. Many types of malware out there run with the permissions of the user that may have started the process. If you can make all kinds of changes to your computer, malware that may have inadvertently been added to your computer will be able to make those changes. and you likely will not know about it till it is too late.  

Protect Your Computer

Having antimalware software is not enough. Not only does it need to be installed, but it also should be working correctly and updating automatically. 
  • Make sure every computer that you are responsible for has antimalware software installed and configured correctly. 
  • All antimalware software should be automatically updated with the latest malware definitions at least once a week. All NDSU students, faculty, and staff can use FREE antimalware software and set up their computer to automatically update the definitions. You can even use the software on your home computer. 
  • Be suspicious of messages or e-mail, EVEN if you seem to know the sender. Malware can forge e-mail From: and To: addresses to try to trick you into doing something you would not normally do. It only takes once to be infected with malware. Critical patches or security updates are NOT sent unsolicited in e-mail! If you get mail from Microsoft or another supplier which claims to have an attached program, patch, or malware remedy, you should assume it is a hoax or malware. Most legitimate programs and patches are made available at well known web sites from which you must download them. 
  • There is personal "firewall" software that will allow you to control who can connect to your computer. However, it can be rather complicated to set up and even more difficult to interpret the alerts. You may think you are under attack when in reality the connection is a normal part of some program or protocol you have installed.

Be Selective with Features

Modern computer systems come with lots of additional features. Many of the common computer attacks use features you may not even know you have. 
  • Turn off any unneeded services or features (e.g., Web servers, remote access). 
  • Do not needlessly open "network shares" to allow others to access your system. Once a person has access, they can do just about anything. If you do require outside access, be sure it is really secure. 
  • Free software may have other software to give people direct access to your machine without you knowing it. Be careful of the software you install and read the popups that you are given before you click OK. 
  • Be selective in handling e-mail. If you get an offer that seems too good to be true, it probably is. Many scams try to entice you to participate by "only" giving them your bank information, e-mail address, or personal information, or by requesting a "small" investment of money with the expectation of getting a windfall later. 
  • Be wary of links that are sent in email - hover over any link before you click on it to check to see where you are going to be sent or what you are going to download to your computer. 
  • Email that is asking for cell phone numbers or favors because the sender is busy may be attempting to gain money or access, please do not reply directly to those messages, instead ask in a separate email to the individual that may appear to be making this request, if they are sending this.
  • Don't let strangers onto the network! Do not install wireless access points. They may allow "wardrivers" to use your network access without your knowledge and you may be held accountable for their actions. Networking equipment like wireless access points, DHCP servers, and advanced routers may also cause major network disruptions. If in doubt, be sure to contact the IT Help Desk at 231-8685, Option 1, if you have network configuration questions or before you connect something new to the network.

Don't Share

Many exploits use "social engineering" to get you to do something you normally wouldn't do. Social engineering is basically trying to talk you into doing something you would not normally do if you knew what was going on. In regards to computers, don't "give in" and don't ever share. 
  • Do not share your password or allow someone else to use your account. Never give out your password to anyone except authorized, known IT staff. IT staff try to avoid knowing user passwords but may need them to debug a problem with you. But only comply when YOU have initiated the contact and are confident of whom you are talking to. Never send the passwords in e-mail; e-mail can be passed around and "live" for a long time. Your password is personal, so keep it to yourself. 
  • Don't be enticed to open an attachment or visit a Web site from an unexpected e-mail, especially those with large attachments. Malware may even come from someone you know well, but, if you don't expect it or if it looks odd, check it out first by contacting the "sender." Remember that it is very easy to "forge" e-mail addresses. 
  • Do not allow others to use your computer. Will they be as careful as you are? Programs that are installed without your permission are notorious for exposing computers to malware and compromise.

Lock up Your Valuables

Windows computers have multiple options to lock up or encrypt your data.  Encrypting your data means that you put your data in a vault and only you have the key. Windows has by default on most computers the ability to encrypt your entire hard drive with BitLocker (think deadbolt on all exterior doors), alternatively there are applications such as 7-zip that will allow you to encrypt data and transport that data to other computers and operating systems (think portable vault).

  • Enable BitLocker for non-ITS-supported computers - Bitlocker is enabled by default for ITS-supported computers - BitLocker will prevent someone from stealing your hard drive and putting it in to a different computer to bypass user logins. If the computer does not match the configuration that is defined in the setup of BitLocker the drive will not decrypt and the data will not be available to be accessed unless the key is presented.
  1. Click the start button
  2. Type BitLocker
  3. Click Manage BitLocker
  4. Click Turn on BitLocker
  5. Select one of the options to save the recovery key or print recovery key - DO NOT LOSE THIS KEY 
  6. Click Next
  7. Select Encrypt entire drive
  8. Click Next
  9. Select New encryption mode
  10. Click Next
  11. Check Run BitLocker system check
  12. Click Continue
  13. Restart computer and the encryption will start.
  • Use 7-zip to encrypt folders and files - 7zip will allow you to lock up just those items 
  1. 7-zip is a third party application that needs to be installed
  2. Go to 7-zip.org and download the version of 7-zip that corresponds to your computer (most likely 64-bit Windows)
  3. Download and run the .exe 
  4. Follow the directions to install the application
  5. To Encrypt a folder:
    1. Open Windows File Explorer
    2. Browse to the location where the folder is stored
    3. Right click on the folder 
    4. Select 7-Zip > Add to archive...
    5. Enter and Reenter a password
    6. Ensure that AES-256 is selected
    7. Name the file what you would like (make sure the .zip stays)
    8. Click OK
    9. This will create a single file that is encrypted and password protected who ever has that password can unzip and unencrypt that file and have access to that folders content
  6. To Encrypt file(s):
    1. Open Windows File Explorer
    2. Browse to the location where the folder is stored
    3. Right click on the file (to select multiple files hold down the CTRL button and select files)
    4. Select 7-Zip > Add to archive...
    5. Enter and Reenter a password
    6. Ensure that AES-256 is selected
    7. Name the file what you would like (make sure the .zip stays)
    8. Click OK
    9. This will create a single file that is encrypted and password protected who ever has that password can unzip and unencrypt that file and have access to that folders content

Keep Your Computer Healthy


Good hygiene and good health are also important for computers and require continuous effort. 
  • Keep the critical patches for your system current. Many break-ins are using "vulnerabilities" which are well known and may have been patched by the vendor months or years ago. While installing updates may be non-trivial, it is important to get help and check for updates. Some vendors have Web sites to simplify the process (e.g., for Microsoft Windows and using MS IE, visit http://windowsupdate.microsoft.com ). Remember to have good current backups of critical data on your computer before making any changes. 
  • Make sure your antimalware product is automatically updated regularly. Check it often to make sure the updates are still being received. 
  • Don't give away the farm! If you sell or give away your computer, you should remove all your personal data and uninstall proprietary programs licensed only to you. Most computers come with the operating system installed and perhaps some other applications, but licenses vary. The safest thing to do would be to completely "scrub" the disk(s) using special programs because deleted files can often be recovered.

Stay Legal

Following the rules and being responsible is also a part of safe computing. 
  • Know and respect the licenses and terms for the software you use. Violations of terms can bring big fines, especially for an institution like NDSU.  If you install software with a limited trial, be sure to remove it or pay for it when the time is up. Be aware that some software can be used for free for personal use (on your own computer), but require a full purchase if used on an NDSU system. Remember that software licensed to NDSU or the NDUS still may require payment and/or registration for EVERY copy installed. 
  • Respect copyright and trademarks. Trademark and copyright owners are becoming especially vigilant to violations on the Internet and use sophisticated tools to seek out offending sites. If you have any questions, contact a lawyer or the NDSU Designated Agent for the Digital Millennium Copyright Act at copyright.abuse@ndus.nodak.edu.

Accidents Happen

Just as in life, there is no 100% safe computer. Computer security is relative. Taking a few simple steps can greatly enhance your security. You must be on the watch for bad things that might happen no matter how careful you are. 
  • Back up all your critical data often. The safest way to recover a compromised machine is to erase (reformat) the disk and reinstall everything from scratch using program install disks and restoring backed-up data. Keeping all your data and document files in one directory (and subdirectories) and backing that data up will make it easier for you to get your data back. Official NDSU data should be saved on network servers which are backed up daily--hard drives on your computer are not. Make sure that your critical data is backed up somewhere. 
  • Know your computer and be alert to changes in its behavior, unexplained files or messages, or seemingly random activity not connected with your use. 
  • If you are actually infected with malware or your computer is taken over by someone else, be sure you not only restore it to use but make it more secure than it was. 
  • If you think your computer is compromised or is acting suspiciously, you can unplug the network connection to make sure the problem will not affect other systems or the network itself. The division of IT may also block access to the Internet and local network if we have had reports of suspicious activity or complaints of attacks from that machine. Access will be restored once the problem is understood, and, if necessary, the machine will be cleaned and secured.