|
Getting Secure |
|
Student Guide to the Desktop and Portable Computer Standard
RIT has issued new requirements for computer use in order to safeguard personal and RIT information and RIT network resources. The requirements were developed and reviewed by a team representing the RIT community. This Plain English Guide provides explanation and illustration of the Standard and is meant as an aid to help you understand and implement the requirements of the Standard. The Standard itself is authoritative and is located on the Information Security website.
Who do the requirements apply to?
The requirements apply to:
- Any computer (physical or virtual) connecting to the RIT network. This includes both student and faculty/staff-owned machines that connect through a physical, wireless, dial-up, or VPN connection.
Currently, the requirements do not apply to:
- Computers used only to access RIT web pages, webmail, etc. from off campus.
- Cell phones, pagers, PDAs, and other special purpose devices.
Even if the requirements do not apply to you, we recommend that you follow the requirements whenever possible.
If you use the Macintosh or Linux operating systems, you are expected to comply with the requirements below when appropriate software is available. See the list of suggested products below. An up-to-date list is maintained on the Information Security essentials page.
What do I have to do?
In order to comply with the Standard, you may need to change some practices and begin using some additional "protective" software on your computer. *- Run antivirus software, keep it up to date, and scan your system at least weekly. RIT provides McAfee antivirus software free to RIT faculty, staff, and students for both home and personal use. You may use a different product instead of McAfee as long as it is up-to-date. If you decide to use McAfee, make sure any existing antivirus software on your machine has been completely uninstalled first.
- Install software that provides memory (buffer overflow) protection. This is one of the most common attacks. The RIT-provided McAfee antivirus software for Windows has built-in memory protection.
- Make sure the Operating System (Windows, Mac, Linux, etc.) is up-to-date with its patches and has auto-update turned on. Patches protect you from vulnerabilities discovered in software. Cyber criminals exploit these vulnerabilities often within days of patches being available.
- Use a personal firewall. Firewalls protect you from outside intruders and also can prevent programs on your computer from inappropriately connecting to the Internet. Windows XP and Vista have built-in firewalls that are acceptable for use; however they do not block outgoing traffic. Macintosh users can use the built-in firewall in OSX. Linux users should choose an appropriate firewall. For personally-owned or leased Windows computers, a good choice that provides more functionality than Windows built-in firewalls is ZoneAlarm (http://www.zonealarm.com). A hardware firewall can also be used to protect desktop computers.
- Run anti-spyware software, keep it up-to-date, and scan your system at least weekly. Spyware can send personal information from your machine to other people without your knowledge. For Windows, Spybot Search & Destroy (http://www.safer-networking.org) and Ad-Aware (http://www.lavasoft.com) are good choices. You will find that it is best to use more than one product to find and remove all spyware.
If products are not available from reputable commercial or reliable open source communities for a specific requirement, then the specific requirement is waived until an appropriate solution is available.
This seems like a lot to do, is this all necessary?
These requirements have become necessary because of rapidly increasing Internet computer threats. An unpatched computer will be infected within minutes, if not seconds, after connecting to the Internet. It can then be used to send spam, host pornography, attack other computers or the network, etc. Over 95% of e-mail received by RIT is spam, phishing attempts, or contain viruses or worms.
Yes, it's a lot to do, but it's a reasonable response to today's ever increasing level of threats. And you don't have to do it all at once. Antivirus, anti-spyware, and most major operating systems (including Windows and Mac) can all be configured to automatically update themselves. Antivirus and anti-spyware scans can be scheduled to run automatically during a time when you aren’t using your computer (or they can run in the background on faster machines). Firewalls typically don’t require any user input after initial configuration.
Fixing or recovering from attacks is hard work and a lot more difficult than preventing them. Not to mention the potential costs of identity theft. There is truth in the old saying, "An ounce of prevention is worth a pound of cure."
Following these requirements will provide protection from a broad spectrum of Internet threats, including viruses, worms, trojans, spyware, and adware. They will also help protect you from direct attacks on your computer.
Where do I go for more information?
Visit our website at security.rit.edu to read the standard, get the schedule for our Digital Self Defense 101 workshops, or find out more ways to protect yourself. Go to the ITS website at www.rit.edu/its/services/security/ to obtain software and installation instructions. For more information, contact RIT Information Security at infosec@rit.edu.
* According to the Code of Conduct for Computer and Network Use, computer users are required to practice "self-protection."
Compliance with the Security Standard can help meet that obligation.
† MessageLabs Intelligence Annual Email Security Report 2004
‡ Symantec's Internet Threat Report, January 1, 2004 to June 30, 2004
§ National Cyber Security Alliance, June 2003
** Earthlink, 2004
Creative Commons Share Alike License