C.L.E.A.R. Security
at NC State
A high-speed computer network like the one at NC State is probably the most efficient and most widely used medium for transmitting information, but it is also among the most vulnerable. That's why the University's network has a multi-faceted security system, and YOU are an integral part of it. Your first line of defense is to make all your accounts as difficult to access as possible, especially when you are using a computer lab on campus. That's where C.L.E.A.R. comes in:
Check for
wandering eyes before you type your password.
Your password gives you access to integrated online
tools that help you manage your network file space, email, academic
profile, class schedule, billing address and transcript. Make sure no one tries to watch you type it. "Shoulder surfing" is by far the most common way for someone to steal your password. If someone is looking while you type it, ask them to
look away. Making this request is perfectly
acceptable and is part of your responsibility to protect your
password. In addition, if you improve your typing
speed and agility, it will be harder for someone to see what keys you press.
Log out whenever
you step away from your workstation.
Be very careful to keep your workstation within eyesight while you are logged in. Always log out when you are finished or when you need to leave temporarily. Don't assume that your fellow lab users will notice someone approach your computer while you are away. A thief can commandeer your account in a matter of seconds, and you may not discover the consequences until much later. Once the thief has stolen your information, he/she can begin exploiting your account from another computer.
Educate yourself and others about safe computing.
New forms of electronic thievery
are being devised continually. The more you learn, the better you can control
your account and recognize security pitfalls before you get stuck in them. Here are some resources:
NC State's Computer and Network Regulations and Rules
Safe Computing at NC State
Information on antivirus, password
and other security measures.
R.U.N.S.A.F.E
A well-written guide to Administrative Security by Gary Flynn.
If you're thinking about running a server, this is the place for you.
http://www.jmu.edu/computing/runsafe/
advICE
Database that covers
a wide range of network and personal computer security advice. Provides details on specific viruses, Trojan horses, worms and similar electronic threats.
http://advice.networkice.com/Advice/default.htm
Security Focus
News about new and potential security hazards
and how to avoid them.
http://www.securityfocus.com
Data Removal
When you discard your computer, make sure that it does not contain personal or other sensitive information. You can download
data removal software from the University.
Alert others to suspicious lab or network activity.
Notify the lab assistant (operator) on duty if...
- You notice anyone who:
- leaves the lab without logging out of their account.
- uses someone else's account that has been
left open.
- You log in correctly but the computer
does something unusual, such as immediately restarting the login screen.
Notify the NC State Help Desk (515-HELP (4357) or help@ncsu.edu) if...
- Your password no longer works.
If your password changed without your resetting it, the Help Desk will need to
check your account for possible intrusion. (If you forget your
password, let them know so they can help you get back into your account
as soon as possible.)
- You can't run applications that you are
normally able to run.
College labs have different policies concerning software, so an application
that works in one lab may not be available in anothers. First, check with
the lab assistant on duty, then contact the Help Desk if the
problem seems to be within your account.
Refuse to
run unverified programs.
One of the fastest ways an intruder can break into your account is
to take a seemingly innocent and appealing program and modify it to
perform malicious tasks. Any program not verified
by a trusted source to be free of viruses and security-breaking code
is not worth the risk. Opening a malicious program just once can cause
permanent damage to your security. Here are some tips:
- Be especially careful about downloading executable files from the Internet.
- Accept software only
from legitimate vendors.
- Download games and animations only from
legitimate freeware and shareware Web sites who verify that
their materials have been checked for exploits.
- Be wary of ALL email attachments, including those from people you know.
- Don't open executable email attachments (those with
extensions such as .exe, .vbs, .js, .hta, .pif and .shs). Ask your
friends not to email you files with these extensions.
NOTE: The NC State email system will not deliver mail that has an attachment with the extension .exe, .pif, .dll, .lnk or .scr. I you need to send such an attachment, be sure to put it into an archive such as .zip beforehand. For assistance with this process contact the NC State Help Desk.
- Set your computer to show file extensions. Otherwise, if you received a malicious file named readme.txt.exe, for example, it would appear to be a safe text file, readme.txt.
- Don't open unexpected email attachments without first verifying them with the sender. Computer worms and similar threats can harvest email addresses from an
infected computer and send themselves to those addressses. Even if
a trusted friend appears to have emailed you something, a malicious program may
have actually done so.
For additional information on computing security, see:
This page is based
in part on Gary Flynn's security guide, RUNSAFE
(http://www.jmu.edu/computing/runsafe),
at James Madison University.
Last modified
August 8, 2006
by cawalker
|
Page Top | Site
Map | OIT
| Policy
Disclaimer | Site
Survey
