UC InfoSec

UC Home

Maps

A-Z Index

Web Search

People Search

Blackboard OneStop Libraries BOL E-mail UCMail

UC Tools

From the Director
Events
How To...
Top 10...
Threat/Countermeasure
Software Guide
Training & Education
Media - RSS Feeds

Applicable Laws
InfoSec Policies
Projects
Risk Management
Standards & Guidelines
Services
Meet the Team

InfoSec Home
UCit Home

Security Basics - A quick overview

Much more information on each of these topics is available by following the "More..." links.

If you believe you have a security incident report it!

Password Security

Make it a minimum of eight characters where possible.
Develop a mnemonic (i.e., use the first letter of every word from a simple phrase or sentence).
Add numbers and special characters such as @, !, &,*.
Alternate between upper and lower case letters.
Use a combination of letters, numbers, and special characters.
Make your password something not found in a dictionary.
Do not use all numbers or letters.
Do not use personal information that someone could easily guess or discover.
Do not use the name of a sports team.
If you must write down your password, do not leave it unsecured.
More...

Desktop Security

When you leave your desk, lock your workstation with CTL / ALT /Delete.
At the end of the day, click Start / Shutdown / Restart the computer? to logoff. Turn off the monitor.
Do not download or install a screen saver to your workstation. Choose a pre-installed screen saver.
Do not use diskettes, CD-ROMs or other external devices to copy or store any sensitive information, unless doing so is approved by your unit's management. Password protect or encrypt any sensitive information stored on the desktop.
If your workstation has a modem, make sure the modem is turned off when it is not in use.
Do not install software - commercial, shareware, or freeware - borrowed from or purchased by another user.
Have only authorized software installed on your workstation. Check with your department's IT personnel if you have questions.
Use of peer-to-peer applications to share copyrighted materials, such as music or movies, is a direct violation of copyright laws. Do not do it!
More...

Laptop Security

When traveling, lock your laptop in the trunk of your car.
Use a laptop security cable to secure it to a desk when in an open work space.
Password protect or encrypt any sensitive information stored on the laptop.
Physically secure the laptop when you are away from the office to protect against theft or abuse. Lock it in a drawer or overhead bin, cabinet or office.
Do not leave your laptop in a public place even "just a minute."
Do not check your laptop as luggage when you travel.
Do not leave your laptop in a car in plain view on the seat or the floor.
Do not leave your laptop in a car over night.
Do not use your business card as a luggage tag to identify your laptop case.
More...

Spyware

Spyware is used, not by undercover operatives, but by the advertising industry. Also known as adware, spyware is software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain Web sites, or monitor Web sites you visit. Extremely invasive versions of spyware may track exactly what keys you type to steal username and password information.
To prevent spyware from installing on your computer, do not click on links with pop-up windows, choose "no" when you are asked unexpected questions, be wary of free, downloadable software, and do not follow e-mail links to purported anti-spyware software.
If you believe you have spyware on your system, please contact your department's IT personnel for assistance in having it removed.
More...

Home PC Privacy Tips

Ensure that your home operating system has the latest security patches.
Install and use anti-virus software. Configure the software to automatically retrieve the latest virus update files and periodically scan the system.
Do not share your user ID or password with co-workers, friends or family members.
Do business with credible companies.
Do not use your primary e-mail address in online submissions, as this could result in SPAM.
Make sure that any personal or financial information you submit online is encrypted. A site has encryption if the URL begins with "https:" instead of "http:" and a lock icon appears in the bottom right corner of the window.
Devote a single credit card to online purchases.
Avoid using debit cards for online purchases.
If you believe that your financial or personal identity information may have been compromised, contact the appropriate entities to close the accounts. Watch for any unexplainable charges.

Social Engineering and Phishing Attacks

Social engineering is used by hackers to gain unauthorized access to a computer. This non-technical intrusion relies heavily on human interaction. Social engineers' ploys often involve tricking other people into breaking normal security procedures. Social engineers rely on people's complacency regarding the value of the information they possess and their responsibility to protect it. Examples of social engineering behavior include the following:

someone calling on the phone, asking for certain information such as a user ID and password.
someone "dumpster diving" to find memos, system manuals, and printouts of sensitive information.
someone pretending to be an outside consultant or temporary worker.
someone "piggy-backing" entrance to a building or facility by following in an authorized person, thus avoiding presenting identification (Be aware of who you let in. If you permit someone access, make sure you know who he or she is).
someone creating a persona that makes him or her appear to be a person in authority, so people ask the hacker questions, rather than vice-versa (This is "reverse social engineering."); someone perpetrating phishing attacks. Phishing attacks use e-mail or malicious Web sites to solicit personal, often financial, information. Attackers may send e-mail, seemingly from a reputable credit card company or financial institution that requests account information. Often, the message suggests that there is a problem.
More...

Voice Mail

(The minimum password length is set to four digits. To create a strong voice mail password, use five or more digits.
Do not set your password to be the same as your phone extension or employee number.

Viruses, Worms and Trojans

Viruses are computer programs designed to cause trouble to your computer. Worms are programs that replicate themselves and look for holes in networks or send themselves via e-mail to cause trouble. Trojans are programs that carry hidden, malicious programs.

Do not open e-mail files from anyone you do not know.
Use extreme caution opening e-mail attachments containing executable files. Some file extensions to avoid include: EXE, .COM, .CMD, .PIF, .SCR, or .VBS.

E-mails and SPAM

Always password protect your e-mail account.
Do not send or forward inappropriate e-mail messages such as chain letters, jokes, and messages containing lewd, harassing, or offensive information.
Hoaxes attempt to trick or defraud you. You can check the validity of an e-mail message at http://vil.mcafee.com/hoax.asp, McAfee Security's Virus Hoaxes site. Visit www.ucit.uc.edu/emailspam_filter.asp to learn how to set up rules and filters to help manage SPAM in your desktop E-mail client for the UCMail (Exchange) and Bearcat Online systems. You may call the UCit Help Desk (556-HELP) for assistance.
Be wary of unsolicited attachments, even from people you know. Many viruses travel incognito, using legitimate e-mail addresses to spoof their way into users' machines. If you are unsure, scan the file with anti-virus software, or contact the purported sender for confirmation.
Limit message forwarding to those who need to know.
Do not use your personal Internet e-mail account to send or receive sensitive information.
Report e-mail abuses to EmailAbuse@uc.edu.
For Information on managing spam, see What UC is doing about spam
More...