|
UD
IT Security Home
IT Help Center
UD Security Tool Chest
News & Alerts
Accessing UD Systems
Reporting Incidents
UD Home
|
|
- Set up your computer
securely.
This requires an active firewall, up-to-date Anti-virus and Anti-spyware tools and automatic updating for
operating system patches.
-
Use STRONG passwords to protect your computer and UDelNet account.
Passwords are like toothbrushes; don't share them with others and change them often!
Do NOT re-use your UDelNet password as a password for any other web account.
Do NOT allow your browser or e-mail program to "remember" your username/password. If you do, anyone can use your computer to access your
information.
Do NOT store your password on your computer. Commit it to memory or store it in a secured spot.
- Connect securely to other systems.
When logging into an e-mail account or other application requiring
username and password be sure to use encrypted protocols - https, SSL/TLS
or VPN to protect your access credentials from being disclosed to others.
If it is transmitted in the clear, it can be stolen - resulting in
identity theft. Wireless connections are especially vulnerable to this
risk. What you do over a wireless connection is often transmitted "in the
clear" and can be anonymously viewed by others with freely available tools.
Terminal Sessions and File Transfers
- Use Secure Shell (SSH) and Secure File Transfer (SFT) software to securely connect or transfer files to/from UD central systems. These protocols will encrypt all session traffic - logon, password and all traffic moving between the systems.
Windows File Sharing
- Do not share your full drive or Windows directory.
- Block access of shared resources to everyone without a valid username/password.
- If you give "everyone" or "Guest" access to your shared files, then all Internet users will be able to share your files when you are connected to the Internet.
Peer-to-Peer File-Sharing can be illegally sharing files you legally own when you think it's not running.
Connecting to Campus Systems from Off-Campus
- Use VPN encryption software if you need to transmit confidential data while working off-campus. Using VPN will secure wireless and wireline connections to campus-based systems.
Web Browsing
- If you are logging into a web page with a username and password, or confidential information is contained on a web page, be sure the connection is encrypted using "https" in the URL - secure http. (See example.)
E-Mail Clients
- If you use POP or IMAP clients to read your e-mail - e.g., Mozilla, Outlook Express - be sure to use encrypted protocols.
Also, do not keep computers online when not in use and be sure to Log Out of secure sites by clicking a "Log out" button/link to end your online session, instead of closing or minimizing your browser or typing in a new address.
- Do not click on web links or follow instructions in unsolicited e-mail or Pop-Up Messages.
Immediately delete e-mails with instructions to activate or confirm your account information,
open or download attachments, delete system files or execute system patches.
Malware can easily forge e-mail "From" addresses to make it appear to come from someone you know.
If the Subject line or text is suspicious or unexpected, check with the sender by separate e-mail or phone first.
Close Pop-Up Messages by clicking the outermost
 in the upper right corner, or by pressing ALT+F4 on your keyboard. Ignore Pop-up warnings offering solutions to what they say are your computer problems.
| Notice: |
You will
NEVER be asked to confirm account information on-line to keep your
account active - by the University of Delaware or any other legitimate
entity.
As a rule, don't give out personal or financial information
over the Internet, on the phone, or through the mail unless you've
initiated the contact.
|
| Links: |
Identity Theft
Microsoft's How can I tell if an e-mail message is fraudulent? |
Be wary of files sent through IM; they could be viruses.
Never open, accept or download files from people you don't know. If the file comes from someone on your "buddy list", check with them first by e-mail or phone to confirm that the file is not a virus.
- Secure your personal wireless access point (WAP).
You should restrict access to your WAP so that others cannot use your internet connection and potentially commit illegal acts that could be attributed to your network connection. You are responsible for the network traffic traced back to you WAP's IP number.
- Internet File Sharing has associated dangers.
Sharing copyrighted material is
against the law and UD's
Code of the Web.
Internet "freebies" may have trojan software attached.
- Regularly backup important data and verify that the backups are readable.
You know this is important. Do you do it?
- Know what to do if you suspect your computer is compromised.
Address the problem immediately. Record any unusual or error messages you receive, the date/time and what you were doing when they occurred.
If your computer is NOT setup according to the The Protect & Clean checklists, do so know.
Use an uninfected computer to download the recommended tools to removable media and print out the complete instructions.
Take them back to run on your computer
If you HAVE set up your computer according to the checklist, try
using the links below to clean your computer. Some infections are so
embedded that additional expertise may be needed to remove them manually.
If you need additional help, you may call the IT Help Center at 831-6000
to schedule an appointment to have User Services clean your computer for a
fee.
|
