Site-wide links

Rochester Institute of Technology logo
Get Safe

Getting Secure

Home
Network Ready
Safety & Security
Up-to-Date
On Campus

Linux: Security

All desktop and portable computers connected to the RIT network must adhere to RIT's Desktop and Portable Computer Security Standard.
A more in-depth version of this standard can be found at security.rit.edu/desktop.html.

While RIT does not provide a commercial virus scanner for Linux, it is still required to meet this standard if possible.
If products are not available from reputable commercial or reliable open source communities for a specific requirement, then the specific requirement is waived until an appropriate solution is available.

Aside from adhering to the requirements of the standard, here are some general security guidlines for all operating systems:

  1. Use a password on all accounts; don't ever leave a password blank.

    2.
  2. Set a strong password on all accounts. Use strong passwords for all accounts on your computer. Any compromised account can be exploited. This is especially true for administrative accounts. The more privileges an account has, the more important it is to protect that account with strong passwords.

    3. We consider a "strong" password to be one which meets the following criteria:

    • Is not a word found in a common English dictionary.
    • Is not easy to guess based on publicly-available personal characteristics, like your birthday or on-campus phone extension.
    • Is not obvious (for example the word "password", or a user name, or the letters "qwerty" or any other simple and obvious combination of keystrokes is a poor choice.
    • Contains at least one digit.
    • Contains a mixture of upper and lowercase characters.
  3. Turn off the computer when it's not in use, especially overnight. Turn your machine off when you are done using it for a period of time. Many computer intrusions are performed at night, when the operator of the machine is not present and not able to determine that anything is happening. Machines that are left running and connected to the network continuously are therefore more vulnerable to intrusion than machines, which are turned off when they are not in use. Contrary to what you may have heard, it will not hurt a computer to turn it on and off daily, as long as you shut it down properly. Even several on/off cycles per day are well within the operational tolerance of most desktop computers or low-end servers. As an added bonus, you will be saving energy.

    4.
  4. Use a locking, password-protected screen saver or log out of the computer when you're away from your desk. You can use gnome-screensaver, or xscreensaver.

  5. Keep the operating system up to date, especially for security patches and critical updates.
  6. Do not share files that are on your local hard disk, especially to guests. Be particularly wary of providing write access or "drop box" functions on your computer if you need turn file sharing on. If you need to share files, contact the ITS HelpDesk about using SAMBA or another server-based method.

    7.
  7. Use RIT's Virtual Private Network (VPN) service to secure your communications whenever you are using the RIT wireless network or any non-RIT network:
    • any and all wireless networks (assume you cannot trust them)
    • an always-on broadband connection at home, such as Time Warner Road Runner or Frontier LightningLink
    • a conference or hotel network.
  8. Audit the security of your computer (or have a knowledgeable person or system administrator help you), so you are familiar with other steps you can take to protect it.