Security Basics and Virus Information

http://www.uc.edu/infosec/

Information Security
UC’s Department of Information Security offers a wide variety of services. These include:

• Links to FREE anti-virus/anti-spyware software
• Training and Education that is free online or can be instructor-lead
• Tips and How-To pages on fighting spam & identity theft, protecting your laptop and more!
• A summarized security update that is refreshed 3-4 times per week.
• These offerings and many more can be found at http://www.uc.edu/infosec or by calling 558-ISec(4357).
• If you suspect that you have been a victim of a computer crime or abuse while at UC, please report the incident to abuse@uc.edu. Give as much detail as possible about the situation: Who, What, When and Where.

Password Security
Never disclose your password to others, either in person, by phone, or by e-mail.

• Never leave your password at the default. Change it immediately.
• Make your password eight or more characters where possible.
• Make your password from a phrase (i.e., use the first letter of every word from a simple quote).
• Use a combination of upper and lower case letters, numbers, and special characters like @ ! & * [ ].
• Never use all numbers or all letters.
• Never use personal information that someone could easily guess or discover: your pet or hometown, etc.
• Never use any word found in a dictionary or the name of a sports team.
• If you must write down your password, keep it in a locked location.
• Change your password frequently, at least every 90 days.
• See http://www.uc.edu/infosec/HowToChooseAPassword.htm for more ideas!

Desktop Security
When you leave your desk, lock your workstation with CTL/ALT/Delete.

• At the end of the day, logoff.
• Do not download or install a screen saver to your workstation, choose a pre-installed screen saver.
• Do not install software—commercial, shareware, or freeware—borrowed from or purchased by another user.
• Use of peer-to-peer applications to share copyrighted materials, such as music or movies, is a direct violation of copyright laws. Do not do it!
• See http://www.uc.edu/infosec/ListsSecureWorkstation.htm for more tips!

Laptop Security
Your laptop is a goldmine for identity thieves. Protect your laptop like you would your purse or wallet.

• When traveling, lock your laptop in the trunk of your car.
• Use a laptop security cable to secure it to a desk when in an open work space.
• Password protect or encrypt any sensitive information stored on the laptop.
• When you are away, lock it in a drawer, overhead bin, cabinet or office.
• Never leave your laptop unattended in a public place, even for “just a minute”
• Never check your laptop as luggage when you travel.
• Never leave your laptop in a car in plain view on the seat or the floor.
• Never leave your laptop in a car over night.
• Never use your business card as a luggage tag to identify your laptop case.

Spyware
Spyware is used by the advertising industry and by crackers. Spyware and Adware are software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites or monitor web sites you visit. Extremely invasive versions of spyware may track exactly what keys you type to steal username and password information.

• Fight Spyware and other malicious software by installing an anti-spyware/anti-virus package.
• McAfee anti-virus/anti-spyware is available for FREE to UC students!
• http://www.uc.edu/infosec/ > Free Anti-Virus (in the upper-right corner)
• Other tips to fight malicious software: do not click on links with pop-up windows, chose “no” when you are asked unexpected questions, be wary of free, downloadable software, and never follow email links.
• If you believe you have spyware on your system, please contact your department’s IT personnel for assistance in having it removed.
• Check out http://www.uc.edu/infosec/HowToAvoidSpyware.htm for more great tips!

Voice Mail

• The minimum password length is set to four digits.
• To create a strong voice mail password, use five or more digits.
• Do not set your password to be the same as your phone extension or employee number.

Viruses, Worms and Trojans (See: Discounted and Free Software - McAfee)

Viruses are computer programs designed to cause trouble to your computer. Worms are programs that replicate themselves and look for holes in networks or send themselves via email to infect as many other computers as they can. Trojans are programs that carry hidden, malicious programs.

• Fight malicious software by installing an anti-spyware/anti-virus package.
• McAfee anti-virus/anti-spyware is available for FREE to UC students!
• http://www.uc.edu/infosec/ > Free Anti-Virus (in the upper-right corner)
• Do not open email files from anyone you do not know.
• Do not open email attachments containing executable or movie files.
• Some file extensions to avoid include: .EXE .COM .CMD .PIF .SCR .VBS .WMF .ASF

E-mails and SPAM

• Always password protect your email account.
• Do not use your personal email account to send or receive sensitive information (credit card numbers, bank account info, SSNs, etc.).
• Do not send or forward email messages such as chain letters, jokes, messages containing lewd, harassing, or offensive information.
• Hoaxes attempt to trick or defraud you. You can check the validity of an email message at McAfee Security’s Virus Hoaxes site: http://vil.mcafee.com/hoax.asp.
• Visit http://www.uc.edu/ucit/email/spam_filters.html to learn how to set up rules and filters to help manage Spam.
• Be wary of unsolicited attachments, even from people you know. Viruses travel incognito, using legitimate email addresses to trick their way into users’ machines.
• Do not click a link in an email. Even if the link says one thing, it may send you somewhere else.
• Send Spam to spam@uce.gov and then delete it.
• Report other email abuses to abuse@uc.edu. Social Engineering and Phishing Attacks

Social Engineering and Phishing Attacks
Social engineering is used by criminals to gain unauthorized access to a computer or secure building. This is a non-technical intrusion that relies people’s complacency regarding the value of the information they possess and their responsibility to protect it. Social engineers’ ploys often involve tricking people into breaking normal security procedures. Examples of social engineering behavior include the following:

• Someone calling on the phone, asking for information such as a user ID and password.
• Someone “dumpster diving” to find memos, system manuals, & printouts of sensitive information.
• Someone pretending to be an outside consultant or temporary worker.
• Someone “piggy-backing” entrance to a building by following in an authorized person, thus avoiding presenting ID. If you permit someone access, make sure you know who he or she is.
• Someone creating a persona that makes him or her appear to be a person in authority, so people ask the hacker questions, rather than vice-versa. This is “reverse social engineering.”
• Phishing uses email or web sites to solicit personal, often financial, information. Attackers send email, seemingly from a reputable credit card company or bank, that requests account information. Often, the message suggests that there is a problem that needs their attention.
• Learn more about phishing and see a few common examples on our website:
  http://www.uc.edu/infosec/HowToAvoidPhishing.htm
  http://www.uc.edu/infosec/presentations/UC_InfoSec_Phishing_and_EMail_Safety.ppt.

Phone / PDA / Mobile Device Security Tips

• Set a password or PIN on your phone to prevent unauthorized use and make it more difficult to hack if stolen or lost. Do you want to pay for the hours-long call to Asia that the thief wants to make?
• If your phone has Bluetooth functions, disable them until they’re needed, and then set visibility settings to “hidden” so that your device cannot be scanned by other Bluetooth devices.
• Limit the amount of sensitive or personal information, such as passwords and account information, stored on your mobile device.
• Consider purchasing anti-virus software for your phone, and make sure it is frequently updated.
• Download ring tones, games and other personalized content only from trusted, regulated sites.
• Treat mobile devices as you would your wallet, keys or laptop: don’t leave them in plain sight and keep them close to you at all times.

USB Drives / Thumb Drives / Jump Drives and other Mass Storage Devices

These drives are a very convenient and commonly used method to hold personal files and school work. Unfortunately, the small physical size of these devices make them easy to lose or to steal.

• If you use a mass storage device to store any important or sensitive data—class work, research data, clinical information, personal files, etc.—make sure that the data is protected.
• Many modern mass storage devices come with a security utility that can encrypt sensitive files.
• If you do not have encryption on your mass storage device, don’t keep sensitive information on it.

IT Handbook
Blackboard Learning System | Computer and Network Services
Frequently Used Numbers | Security Basics and Virus Information
Social Web Site Safety | Telephone Services
UC Mobile

UCit, Directory Services PO Box 210107 Cincinnati, OH 45221-0107 E-Mail: Directory.Services@UC.Edu