|
UD
IT Security Home
IT Help Center
UD Security Tool Chest
News & Alerts
Accessing UD Systems
Reporting Incidents
UD Home
|
|
- Set up your
computer
securely.
This requires an active firewall, up-to-date Anti-virus and Anti-spyware tools and automatic updating for
operating system patches.
-
Use STRONG passwords to protect your
computer and UDelNet account.
Passwords are like toothbrushes; don't share them with others and change them often!
Do NOT re-use your UDelNet password as a password for any other web account.
Do NOT allow your browser or e-mail program to "remember" your username/password. If you do, anyone can use your computer to access your
information.
Do NOT store your password on your computer. Commit it to memory or store
it in a secured spot.
- Connect securely to
other systems.
When logging into an e-mail account or other application requiring
username and password be sure to use encrypted protocols - https, SSL/TLS
or VPN to protect your access credentials from being disclosed to others.
If it is transmitted in the clear, it can be stolen - resulting in
identity theft. Wireless connections are especially vulnerable to this
risk. What you do over a wireless connection is often transmitted "in the
clear" and can be anonymously viewed by others with freely available
tools.
Terminal Sessions and File Transfers
- Use Secure Shell (SSH) and Secure
File Transfer (SFT) software to securely connect or transfer files to/from
UD central systems. These protocols will encrypt all session traffic -
logon, password and all traffic moving between the
systems.
Windows File Sharing
- Do not share your full drive or
Windows directory.
- Block access of shared resources
to everyone without a valid username/password.
- If you give "everyone" or "Guest"
access to your shared files, then all Internet users will be able to share
your files when you are connected to the Internet.
Peer-to-Peer File-Sharing can be illegally
sharing files you legally own when you think it's not running.
Connecting to Campus Systems from
Off-Campus
- Use VPN encryption software if
you need to transmit confidential data while working off-campus. Using VPN
will secure wireless and wireline connections to campus-based
systems.
Web Browsing
- If you are logging into a web
page with a username and password, or confidential information is
contained on a web page, be sure the connection is encrypted using "https"
in the URL - secure http. (See
example.)
E-Mail Clients
- If you use POP or IMAP clients to
read your e-mail - e.g., Mozilla, Outlook Express - be sure to use
encrypted protocols.
Also, do not keep computers online when not
in use and be sure to Log Out of secure sites by clicking a "Log out"
button/link to end your online session, instead of closing or minimizing
your browser or typing in a new address.
- Do not click on web
links or follow instructions in unsolicited e-mail or Pop-Up Messages.
Immediately delete e-mails with instructions to activate or confirm your account information,
open or download attachments, delete system files or execute system patches.
Malware can easily forge e-mail "From" addresses to make it appear to come from someone you know.
If the Subject line or text is suspicious or unexpected, check with the sender by separate e-mail or phone first.
Close Pop-Up Messages by clicking the outermost
 in the upper right corner,
or by pressing ALT+F4 on your keyboard. Ignore Pop-up warnings offering
solutions to what they say are your computer problems.
| Notice: |
You will
NEVER be asked to confirm account information on-line to keep your
account active - by the University of Delaware or any other legitimate
entity.
As a rule, don't give
out personal or financial information over the Internet, on the phone, or
through the mail unless you've initiated the contact.
|
| Links: |
Identity
Theft
Microsoft's How can I tell if an e-mail message is fraudulent? |
Be wary of files sent through
IM; they could be
viruses.
Never open, accept or download files
from people you don't know. If the file comes from someone on your "buddy
list", check with them first by e-mail or phone to confirm that the file
is not a virus.
- Secure your personal wireless access point (WAP).
You should restrict access to your WAP so that others cannot use your internet connection and potentially commit illegal acts that could be attributed to your network connection. You are responsible for the network traffic traced back to you WAP's IP number.
- Internet File
Sharing has associated dangers.
Sharing copyrighted material is
against the law and UD's
Code of the
Web.
Internet "freebies" may have trojan software
attached.
- Regularly backup
important data and verify that the backups are readable.
You know this is important. Do you do
it?
- Know what to do if
you suspect your computer is compromised.
Address the problem
immediately. Record any unusual or error
messages you receive, the date/time and what you were doing when they
occurred.
If your computer is NOT setup
according to the The
Protect & Clean checklists, do so know. Use an
uninfected computer to download the recommended tools to removable media
and print out the complete instructions. Take them back to run on your
computer
If you HAVE set up your computer according
to the checklist, try using the links below to clean your computer. Some
infections are so embedded that additional expertise may be needed to
remove them manually. If you need additional help, you may call the IT
Help Center at 831-6000 to schedule an appointment to have User Services
clean your computer for a fee.
|
