Site-wide links

• Skip to content
• RIT Home
• RIT A-Z Site Index
• RIT Directories
• RIT Search

---

 

Getting Secure

Home Network Ready Safety & Security Up-to-Date On Campus

Guide to the Desktop and Portable Computers Security Standard

RIT has issued new requirements for computer use in order to safeguard both personal and RIT information. (The requirements were developed and reviewed by a team representing the RIT community.) This Plain English Guide provides explanation and illustration of the Standard and is meant as an aid to help you understand and implement the requirements of the Standard. The Standard itself is authoritative.

Who do the requirements apply to? Do I need to keep reading?

The requirements apply to:

• RIT-owned or leased personal computers
• Student-owned or leased-computers that connect to the Institute network.

Currently, the requirements do not apply to:

• Faculty or staff-owned or leased personal computers.
• Computers used only to access RIT web pages, webmail, etc. from off campus.
• Cell phones, pagers, PDAs, and other special purpose devices.

RIT reserves the right to quarantine or block compromised or vulnerable non-RIT computers from the network.

Even if the requirements do not apply to you, we recommend that you follow the requirements whenever possible.

If you use the Macintosh or Linux operating systems, you are expected to comply with the requirements below when appropriate software is available. See the list of suggested products below. An up-to-date list is maintained on the Information Security Web site (security.rit.edu).

Faculty and staff should check first with their systems administrators to see if they are providing this protection.

What do I have to do?

In order to comply with the Standard, you may need to change some practices and begin using some additional "protective" software on your computer. *

If your computer is not supported by a systems administrator, you will need to do the following:

1. Install antivirus software, keep it up to date, and scan your system at least weekly. RIT provides McAfee antivirus software free for both home and campus use at (www.rit.edu/its/services/security/). Make sure you turn on its auto-update feature.
2. Make sure the Operating System (Windows, Mac, Linux, etc.) is up to date with its patches and has auto-update turned on. The average time between the discovery of a vulnerability and the availability of instructions to exploit it is now less than seven days.‡
3. If it's available, install software that provides Buffer Overflow (memory) protection. McAfee antivirus software for Windows has built-in Buffer Overflow protection. (Buffer overflows are one of the most common attacks.)
4. Use a personal firewall. Firewalls protect you from outside intruders and also can prevent programs on your computer from inappropriately connecting to the Internet.
   1. For RIT-owned or leased computers, contact ITS to get McAfee Firewall.
   2. Apple users can use the built-in firewall in OSX.
   3. Linux users should choose an appropriate firewall.
   4. A hardware firewall can also be used to protect desktop computers.
5. Use anti-spyware (where available). Spyware sends personal information to other people without your knowledge. For Windows, Spybot Search & Destroy (www.safer-networking.org) and Ad-Aware (www.lavasoft.de) (free for personal use only) are good choices. You will find that it is best to use more than one product. You can also use products from reputable vendors such as Microsoft, McAfee, Symantec, and Javacool Software. (Be careful of downloading other anti-spyware products. Some of them actually install spyware on your computer.) Nine out of ten computers are infected with multiple spyware§, averaging about 26 spyware components each.**

Note: Ad-Aware and ZoneAlarm are NOT free for RIT owned computers.

If products are not available from reputable commercial or reliable open source communities for a specific requirement, then the specific requirement is waived until an appropriate solution is available.

This seems like a lot to do. How will these new requirements protect me and my computer?

These requirements have become necessary because of rapidly increasing Internet computer threats. An unpatched computer will be infected within minutes, if not seconds, after connecting to the Internet. It can then be used to send spam, host pornography, attack other computers or the network, etc. Almost 90% of the emails received by RIT are spam, phishing attempts, or contain viruses or worms.

Yes, it's a lot to do. But it's a reasonable response to today's ever increasing level of threats. And you don't have to do it all at once. If you're supporting your own system, run a virus scan one day, run anti-spyware another day. Check for detection updates before running the programs.

Fixing or recovering from attacks is hard work and a lot more difficult than preventing them. There is truth in the old saying, "An ounce of prevention is worth a pound of cure."

Following these requirements will provide protection from a broad spectrum of Internet threats, including viruses, worms, trojans, spyware, and adware. They will also help protect you from direct attacks on your computer.

Where do I go for more information?

Visit our website at security.rit.edu to read the standard, get the schedule for our Digital Self Defense 101 workshops, or find out more ways to protect yourself. Go to the ITS website at www.rit.edu/its/services/security/ to obtain software and installation instructions. For more information, contact RIT Information Security at infosec@rit.edu.

* According to the Code of Conduct for Computer and Network Use, computer users are required to practice "self-protection." Compliance with the Security Standard can help meet that obligation.
† MessageLabs Intelligence Annual Email Security Report 2004
‡ Symantec's Internet Threat Report, January 1, 2004 to June 30, 2004
§ National Cyber Security Alliance, June 2003
** Earthlink, 2004

Creative Commons Share Alike License

<- Back   -----   Next ->