University Information Security

Information Security

Privacy on the Internet is a growing concern, especially as more and more people are using it for their professional and personal business, socializing, and entertainment.

Strong Passwords

Strong passwords are very important in keeping your system credentials safe. Below are a few suggestions that can help you create strong passwords.

  • Length: Make sure the length of your passwords are eight or more characters
  • Complexity: Include special characters such as punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. Example: Fw8!vZ#pP4*
  • Variation: To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords every three months.
  • Variety: Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and use that same password in more secure environments, such as banking websites.
  • Never write down your password and store it in a non-secure location. Have you ever wondered how strong your password is? Test the strength of your password on Microsoft's Safety and Security Center.

Social Networking and Blogs

Social networking sites (such as Facebook and Twitter), personal web pages, and blogs are notorious as public sources of personal information and uncensored opinions.

Do not reveal personal details or confidential info online. Assume that anything you post to these websites is public and could potentially be used against you.

A good rule of thumb is to only post information you would be willing to write on a banner that is displayed in a public place.

Seemingly innocent information about your interests, family, or history could be used by hackers for identity theft, or by stalkers or social engineers.

Also keep in mind that once you post something online, it can be very difficult to take it back. Even if you delete the information, copies can still exist on other computers, web sites, or in search engines.

Internet Privacy Cautions

Always remember: The Internet is not private.

Don't give private information to anyone you don't know or who doesn't have a legitimate need for it.

Don't provide personal, sensitive or confidential information to Internet sites, surveys or forms unless you are using a trusted, secure web page.

Get to these web sites by typing the web address in directly. Don't click on links in unsolicited e-mails or cut and paste links from these e-mails.

Remember that links and web sites that look legitimate, can really be bogus sites designed to steal information.

At a minimum, look for "https" in the URL and the little padlock that appears in the URL bar or in a corner of the browser windows to indicate that there is a secure connection. Also see slide 15 for special cautions about wireless.

Don't put sensitive information in locations that are accessible from the Internet. Even unlinked web pages can be found by search engines.

Internet Security

The Internet can be a hazardous place. Without up to date system and security software, any computer is vulnerable to takeover and corruption. How many attacks to computers on campus do you think take place everyday?

Thousands of attacks per minute bombard our campus network.

An unprotected computer can become infected or compromised within a few seconds after it is connected to the network.

A compromised computer is a hazard to everyone else, too - not just to you. A hacked computer can be used to:

  • Send spam and phishing emails.
  • Harvest and sell email addresses and passwords.
  • Illegally distribute music, movies and software.
  • Infect other systems.
  • Hide programs that launch attacks on other computers.
  • Record keystrokes and steal passwords.
  • Access restricted or personal information on your computer or other systems that you have access to.
  • Generate large volumes of traffic, slowing down the entire system.

"Malware" is harmful software, usually installed without your knowledge. Here is one example of what malware can do if gets on your computer:

  • The malware reads email addresses on your computer...
  • Sends its own malicious emails using those addresses...
  • And the emails look like they were sent from the people whose addresses you have on your computer.
  • "Spyware" (a type of malware) can slow computer processing down, hijack web browsers, spy on key strokes and cripple computers. It is usually downloaded via the Internet without the user's knowledge while using the web.

Internet Security Cautions

Just opening a malicious web page can infect a poorly protected computer. Make sure you know where you're going before clicking on a link.

Use only known, trusted, secure websites when you enter sensitive or personal information online.

Instead of clicking on a link, look up the company (e.g. Google it) and go there on your own. This includes "tiny URLs."

Beware of scams, even on well-known sites such as eBay and craigslist.

How about Instant Messaging?

Exercise caution when using Instant Messaging (IM), file sharing (P2P) applications or social networking sites such as Facebook, MySpace or Twitter.

This area of the Internet is not private.

Do not reveal personal details or sensitive information via IM or on social networking sites.

Use separate passwords for IM, since it is generally insecure.

Don't open files sent to you via IM or P2P rooms.Many anti-virus programs cannot detect viruses in IM/P2P/chat files, so viruses and other malicious code can be spread this way.

Wireless Networks

Information sent via standard wireless is especially easy to intercept.

Only use known, encrypted networks when working with sensitive information.

Most coffee shop/hotel/airport-type wireless is not encrypted.

UIW wireless is encrypted.

If you're not sure, assume it's not encrypted.

Do not connect to unknown wireless hot spots/access points if you're concerned about security or privacy (or your passwords).

Set devices to "ask" before joining networks so you don't unknowingly connect to insecure wireless networks.

Additional Resources