ITS has a four part series with information on how you can keep your computer secure.
Security Series Part I - Password
Your Password - Key to Data Security : Have you changed your network password lately? If you are a student, your password provides access to your email and web space. For faculty or staff members, your network password provides access to your email, web space, your computer, and any data stored on the data center's servers. This data may include private information about you or your students. A strong, secret password is the first line of defense against hackers and data thieves. Regardless of how carefully the University secures its computer servers - your password authorizes you (and your computer) to access the data on those servers. A weak or infrequently changed password puts that data at increased risk of being accessed illegally.
A Disturbing Trend: The trend in viruses and hacker tactics has been toward password guessing and stealing. Programs that simply guess every possible combination of passwords, or use a dictionary of common words, can quickly "crack" a password on a computer in a matter of hours. There has also been an increase in the number of "keystroke logger" viruses which attempt to steal your password by logging everything you type and transmitting that data to the hacker, or storing it in a hidden file on your PC for the hacker to retrieve through another virus called a "back door" or "trojan" program. Once the attacker has your password, they may use it to exploit your computer, and everything it has access to (including private data on its hard disk, or on servers you are authorized to access), or they may give or sell it to someone else. Your best defense is to change your password from time to time (the University's external auditor recommends every 45-90 days) so that it is less likely to be exploited.
Changing Your Password : Changing your password only takes a moment. You may also need to update the password stored in your email program. Change your password at one of the following links:
A strong security, a password must:
- be 8 to 14 characters long
- contain letters, numbers, and even punctuation
- not be something you've used before
- not be your Social Security number
- not be your University ID number
- not be a common word or name
- not be written down (ITS can reset your password if you forget it
If you use an email program like Microsoft Outlook, Apple Mail, Windows Live Mail, or Mozilla Thunderbird, at some point (there may be a delay before the new password is updated on your email account), the program will fail to access your email and may prompt you to update your password. Most programs will automatically remember the new password going forward; some may require you to go into the configuration settings for your account to make the change.
Security Series Part II - Updates
Software Updates Fix Security Flaws : All computer operating systems have flaws that hackers can exploit to gain unauthorized access to your computer. Once your computer is "hacked" by a hacker, computer virus, or worm, an attacker can take complete control of the computer and all of the data on it, as well as any data on servers to which the computer is connected. The vendors of the operating system running on your computer frequently make updates available to fix known security flaws in the software. New flaws are detected all of the time, and new updates are made available. Does keeping your computer up to date guarantee that it will never fall victim to a hacker? No, however, it dramatically improves the odds. It is important to stay vigilant by keeping your system up to date.
Software Update Requirement : An out-of-date computer on the network is more likely to be targeted by hackers, worms, and viruses and used to access your private information, or information on other systems to which your computer has access, attack other computers on the network, or attack the network itself, than a computer that is up-to-date. A condition of connecting your computer to the network is that you must keep your computer up-to-date with all of the operating system vendor's security updates. Should your computer be found to be infected with a virus, or to be exhibiting virus-like or hacker-like activity, it will be disconnected from the network immediately upon detection to prevent damage to other computers, and to deny further access to your computer and its data by its attacker.
Myth -- "My Computer Isn't Susceptible to Hackers..." : Many people are under the impression that their Macintosh, Linux or BSD computers are not vulnerable to attack, this isn't true. With Macintosh OS X, Apple completely rewrote the system to run on a variant of Unix called "Darwin". While this provides a stable, high quality platform for the operating system, it has the same security flaws found in numerous other variants of Unix. The same goes for Linux, BSD, and other Unix or Unix-like variant. While it is true that the much smaller installed base of systems running this software makes them less attractive to hackers and virus writers, it is just as important to keep these systems up-to-date.
Keeping a Computer Up-to-Date
Windows 8: Open Windows Update by swiping in from the right edge of the screen, tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery. Tap or click Check Now, and then wait while Windows looks for the latest updates for your PC. If updates are found, tap or click Install Updates.
Windows 7/Vista: Click the Start button (lower left corner), click All Programs, and then click Windows Update. Click Check Now and then wait while Windows looks for the latest updates for your PC. If updates are found, tap or click Install Updates. Windows XP/2000 On WindowsXP/2000 computers, you can point your web browser to http://windowsupdate.microsoft.com to download and install "critical" updates.
Keeping Macintosh OS X Up-to-Date: On Macintosh OS X computers, click the Apple menu and choose "Software Update..." Newer computers will open the AppStore. Wait for it to find the updates and then click Update to download and install.
Security Series Part III - Turn It Off!
Reduce your exposure - turn off your computer when you're away : This tip is simple: Shut down your computer when you're away, whether going home for the night or the weekend. If you're a student, consider shutting your computer down any time you're away from your dorm room. Unless you need to access your computer remotely from another location, there is no need for it to be on when you're not around. The logic is simple -- when your computer is turned off, viruses and attackers on the Internet cannot attempt to break into it.
Reducing the "attack surface" : Shutting down your computer when you're not using it is just one way to "reduce the attack surface." That is, regardless of how up-to-date your operating system or antivirus software is, your computer is continually being probed by worms and hackers on the Internet looking for some way to break into it. Most of us use our computers less than 1/3rd of the time, so why make it available to the "bad guys" all of the time? By shutting your computer down when not in use, you can significantly reduce the amount of time that the bad guys have to attack it -- you are making yourself a smaller target -- you are reducing the attack surface.
But isn't it better for the computer to leave it on?: Time was (before the Internet existed), many would recommend leaving a computer and its monitor turned on 24 hours per day in order to avoid "stressing" the computer by turning it off and on. There were many theories as to why it was better leave the machine on (and some were not without merit), including that it was better to leave it going than to hit it with a power surge when turning it on every day. It was also said to be better to leave the monitor on and warmed-up than to keep turning it on and off, warming it up and cooling it off, which could cause internal stresses that could shorten the monitor's life. This is no longer the case. Today's computers are far less susceptible to either of these predicaments due to newer technology. For example, most of today's computers no longer have that loud "snappy" mechanical power switch that "shocks" the computer into action. Most computers now continuously sip a tiny amount of power (even when they're off), and have a small pushbutton switch that instructs the power supply to "gently" bring on "full" power when you press it. Most monitors are now the flat LCD type that no longer uses a hot filament to produce a picture -- they use a much cooler fluorescent light. Indeed, that light has a limited lifespan in terms of run-hours, and turning it off whenever possible makes the monitor last longer. That is, a monitor that is turned off 2/3rds of the time will last 3 times longer! (Note: Using a "screensaver" does NOT extend the life of the newer flat LCD monitors!)