IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

IT Security Essentials

Lesley A. Bidwell, IT Security Administrator

The Security Mantra

• Confidentiality

• Integrity

• Availability

SUNY Oneonta Security Program

• Developed by a working group of faculty and staff

• Adopted by President’s Cabinet in March 2005

• Available from the campus network at www.oneonta.edu/technology/security

SUNY Oneonta Security Program

• “This program applies to all faculty, staff and students of the College, or others … who may utilize the College’s technology and related facilities.”

Why all the concern about security?

• Computer hacking has become big business

• We store vast amounts of personal data in our systems – on students and employees

• We need that data to be accurate and available in order to do our jobs

• We must comply with State and Federal regulations

What are we doing about it?

• Constantly monitoring systems and threats to keep our servers and our network secure

• Implementing policies, procedures and practices to assure only authorized users have access to data

• Educating users

What can you do?

• Security is everyone’s responsibility

• Check out the security program• Contact the IT Security

Administrator with any questions or if you suspect there has been a security breach

• Follow some basic guidelines:

Be aware

• Make information security a regular practice

• Recognize poor security practices in your own habits and in your office

• Remain vigilant where information security is concerned

Passwords

• Never share a password– If more than one person needs

access work with us to set up a network share so each can use their own password

– Even the IT Helpdesk should never ask for your password

Passwords

• Choose strong Passwords– Will be required soon– Use a phrase that’s easy to remember

but hard to guess– Must contain 3 of 4

• Upper case letters• Lower case letters• Numbers• Special Characters• See http://www.microsoft.com/athome/security/privacy/password.mspx

Passwords

Examples:

Weak

fluffy

password2

bidwella

Strong

str0ngPa55

2&2=Four

myc4tisf!uffy

Passwords

• Change passwords regularly– Will be required soon– Every 180 days– Limits the length of time a hacker

can use a compromised password– ALWAYS change passwords if

you suspect your password has been stolen

Passwords

• Never post your password

– On your computer monitor

– Under your keyboard

– In the desk drawer

– Anyplace that someone might look

Passwords

• Never save passwords in applications– E-mail, Web Authoring, PPP for

dial-in– Anyone who sits at your computer

has access– Equally important at home

Physical Security

• Always lock your computer when you leave it unattended (ctrl-alt-del)

• Never leave hard copies with sensitive data in plain view

• Always log out of web applications (Banner, e-mail) and close browser

Laptops and Mobile Devices• Theft

• Access on insecure networks

• Strong passwords

• Encryption

Malware

• A general term for malicious software

• Includes viruses, trojans, rootkits, spyware, etc.

• Vectors of infection include e-mail, web pages, links sent through IM sessions, hidden in other programs

Malware

• Anti-virus software– Must be up to date– Must be running– Use on-access scanner– Schedule daily scans

Malware

• Anti-spyware software– Must be up to date– Must be running– Good choices include Microsoft

Defender, Spybot Search & Destroy and Adaware

– http://helpdesk.oneonta.edu/xoops/modules/wfdownloads/viewcat.php?cid=3

Malware

• Operating system patches– Apply critical patches as soon as

possible– Use automatic updating when

possible– Important for Macs and Linux

machines as well as Windows

Malware – Signs of Infection• Computer slows down

• New homepage, toolbars, default search pages or favorites in browser

• Anti-virus and/or anti-spyware software get turned off

Malware

• Be sure to use these procedures at home

• Call the Information Technology Helpdesk about using the ASCI or Secure Desktop program for your office computer

Business Continuity Planning• Remember “Availability?”

• All departments need one

• Test it!

Questions?

Lesley Bidwell x2628

[email protected]

Information Technology Helpdesk x4567