Title: Simple steps you can take to help protect your computer fro
1Welcome to Safe Computing
- Welcome to UCIs Safe Computing presentation.
This presentation is for all employees who use a
computer on any UCI network. - Computer security is everyones responsibility.
Our goal is to make safe computing easier for
everyone.
28 Steps to Secure Your Computer
- Required
- Safely Install Your Computers Operating System
- Keep Your Operating System Up To Date
- Install and Update Anti-Virus Software
- Use Strong Passwords
- Strongly Recommended
- Enable Firewall Protection
- Install and Use Spyware Removal Tools
- Back Up Important Files
- Enable Screen Saver Passwords
31. Safely Installing Windows on Campus
If you use the Windows Operating System, there
are some critical steps to take during
installation. This is to prevent your computer
from being attacked or infected as soon as it is
on the network.
- Disconnect the computer from the network.
- Run the installation and skip the network setup.
- Install and configure a personal firewall.
- Web site with instructions
- www.nacs.uci.edu/security/safe-install.html
42. Update your Operating System
Most security issues are related to
vulnerabilities in the Operating System. As these
flaws are discovered, software companies release
patches and updates to protect you from security
holes.
- Recent versions of Windows and Macintosh
computers have automatic software updates. - Configure your computer to automatically download
the latest patches and updates. - Instructions to set up automatic updates are on
the Safe Computing Website.
53. Install and Update Anti-virus Software
If your computer is connected to the Internet or
you share files with anyone, you need anti-virus
software.
- How to Get Anti-virus software
- On Campus
- Faculty and staff can contact their local
computer support. - Home Use
- Purchase commercial anti-virus software.
- Free Windows version for home use by Avast.
(www.avast.com) - Keep the virus definitions up to date.
64. Set Strong Passwords
The easiest way to break into your computer is a
weak or blank password. If your computer is
compromised it can be used to attack other
computers on campus or around the world.
- Set Your Computer Password - Do not leave it
blank - Password Tips
- Never share your password.
- Never write your password down.
- Change your password periodically.
- Creating a Strong Password
- Passwords should be 7 characters or longer. The
longer the better. - Passwords should contain at least one alpha
character (a-z). - Passwords should contain at least one non-alpha
character. - Do not choose passwords that contain personal
information, like pets or childrens names. - Do not choose a word that is in the dictionary.
These are the easiest to crack. - Try using a pass phrase. For example, Hpatp0a
Harry Potter and the Prisoner of Azkaban.
75. Personal Firewall Protection
A firewall can protect your computer against
hackers and other security attacks. The latest
versions of Windows, Linux and the Macintosh
operating systems have basic built in firewalls.
- Enable Your Firewall Protection
- Windows XP Service Pack 2, Macintosh OS X (v.
10.2 and later), and Linux have built in firewall
software. - Instructions are available on the Safe Computing
Web Site - Commercial Firewall Software
- If you have an older Operating System or want a
more robust firewall, consider purchasing a
commercial version. - Free Firewall Software for Windows
- ZoneAlarm Firewall for Windows is available for
free for individual home use on your personal
computer. - http//www.zonelabs.com/store/content/catalog/prod
ucts/sku_list_za.jsp?lidnav_za
86. Spyware and How to Avoid It.
Spyware is software that is downloaded and
installed onto your computer, often without your
knowledge. Spyware monitors and shares your
information while you browse the Internet.
- Spyware is often installed by you without
yourknowledge by piggybacking on other software
or by tricking you into installing it. - Some anti-virus software also has anti-spyware
capability. - Anti-spyware Recommendations for Windows
- Adaware (http//www.lavasoftusa.com/default.shtml.
en) - Spybot Search and Destroy (http//www.safer-networ
king.org/en/home/index.html) - Spyware is not a major problem for the Mac OS
yet. There are a few software companies that are
starting to address the issue. - MacScan (http//macscan.securemac.com/)
- NetBarrier X4 Firewall includes Spyware
protection (http//www.intego.com/netbarrier/)
97. Back Up Important Files
Since no system is completely secure, you should
regularly back up important files. This is also
your best defense against losing files to
viruses, software or hardware failure, or the
loss or theft of your computer.
- How Should I Back Up My Files?
- Backup Software Talk to your local computer
support. There may be a backup system in place. - Back up to WebFiles Faculty and staff have 1 GB
of disk space on WebFiles. It is professionally
maintained and backed up each night. - Back up to CD or DVD Writers Most computers have
a built in CD or DVD writer. Burning discs is
easy and inexpensive. - More Back Up information is available on the Safe
Computing Website.
108. Set a Screen Saver Password
When you are away from your computer, lock the
screen or set a screen saver password. This will
prevent someone from using your computer when you
are away from your desk.
- Windows XP and Vista allow you to set a screen
saver password. This will lock your screen when
you are away, requiring you to enter your system
password to access the computer. - Macintosh OS X and Linux also have screen saver
password capability. - See the Safe Computing Website for instructions.
11Email Safety Tips
- Do not open unexpected attachments.
- Use Spam Filters
- Beware of Spoof Emails or Phishing.
- Dont send sensitive data in email.
- Avoid clicking on links in the body of an email
message.While these links may not be a phishing
attempt, they may not go to the site you intend.
Unless you are completely comfortable that the
email is legitimate, it is best to copy and paste
the link or type it in directly in your browser.
125 Tips to Manage Email Attachments
Most common email viruses are spread through
email attachments. Attachments are files that are
sent along with the message. If an attachment has
a virus it is usually spread when you
double-click or open the file. You can minimize
the risk of getting a virus from an attachment by
following a few few simple rules.
- Do not open an attachment unless you are
expecting it AND you know who it is from. - If you receive an attachment from someone you
dont know, delete it immediately without opening
it. - Use anti-virus software and keep it updated.
- If you need to send an attachment, contact the
recipient and let him know you are sending it. - Use spam filters to block unsolicited email. Many
viruses are sent as spam.
13Managing Spam Email
Spam is often more of an annoyance than a
security risk. However many email viruses are
sent as spam and can be caught by spam filters.
If you use NACS MailBox Services, you can use a
simple Web tool to set up spam filters.
- Setting up spam filters on NACS MailBox Services.
- Go to My Email Options at www.nacs.uci.edu/email/o
ptions and login with your UCInetID and password. - Click on the Spam Filtering tab.
- Select the type of filtering you prefer, default
or strict. Click the Submit button. - Click the Logout tab.
- If you receive your email from another server on
campus, you may have spam filtering as well.
Check with your local computer support.
14Spoof Email (Phishing)
Phishing emails are an attempt by thieves to lure
you into divulging personal and financial
information, for their profit. They pretend to be
from well-known legitimate businesses, and
increasingly look as if they actually are. They
use clever techniques to induce a sense of
urgency on your part so that you don't stop to
think about whether they are legitimate or not.
You can learn to know what to look for and where
to report these scams when you find them.
- 6 Ways to Recognize Phishing
- Generic GreetingFor example, Dear Customer.
- Sense of urgency.May include an urgent warning
requiring immediate action. - Account status threat.May include a warning that
your account will be terminated unless you reply. - Forged email address.The senders email address
may be forged, even if it looks legitimate. - Forged links to Web sites.There is often a link
to a Website to fix the problem. These are
usually forged. - Requests for personal information.Asking for
login and password info, either in email or via
the link.
15Dont Send Sensitive Data in Email
Although it's convenient to send colleagues
sensitive data in email, it is unsafe. Not only
is email an insecure way of sending information,
you've lost control over that information once
you hit the send button.
- The Risks of Sending Sensitive Data in Email
- Sending email is insecure.
- You are storing sensitive data on your computer.
- You no longer control the sensitive data.
- The sensitive data may be sent to others without
your knowledge. - Alternatives to Sending Sensitive Data in Email
- Faculty, Staff, and Grad Students can use their
WebFiles account. You can then share the
information by using permissions or tickets.
16Instant Message (IM) Safety Tips
Virus infections are increasing by clicking on
links in IM.
- Only share your screen name with people you
trust. - Only communicate with people in your contact or
buddy list. - Never provide personal information in an IM
conversation. - Never open pictures, download files or click on
links sent via Instant Messages unless you are
expecting it and you can verify who it is from. - Do not set your IM client to automatically login
on a shared computer. This will allow others to
communicate on your behalf.
17Mobile Security
Mobile computing offers the freedom of using your
notebook computer or other mobile device in many
remote locations. With this freedom also comes
greater responsibility to keep the computer and
information secure.
- Physical Security
- Lock your notebook computer in a safe location
when not in use. - Buy and use a notebook security cable.
- Wireless Precautions
- WiFi networks are a shared network that makes it
easier for others to eavesdrop on your
communication. - Secure Web Browsing
- Use secure, encrypted sessions.
- Secure Internet Transactions
- Use UCIs VPN to encrypt your network traffic.
- Always use a Personal Firewall when on an
untrusted network (hotel, conference, etc.) - Set the firewall to deny ALL incoming
connections. - Never store Sensitive Data on mobile devices
unless absolutely necessary.
18Keeping Your Data Safe
The information on your computer is often more
valuable than the equipment itself. If sensitive
data is lost, California law requires that
consumers be notified.
- What is Sensitive Data?
- Sensitive data is personal information that is
restricted by law or University policy. - It includes an individuals first name or first
initial and last name in combination with any of
the following. - Social Security Number
- Drivers license or California ID number.
- Financial account information, such as a credit
card number. - Do you store sensitive data?
- Only store sensitive data on your computer if
absolutely necessary. - Report any sensitive data stored on your computer
to your Electronic Security Coordinator. - Use encryption to secure sensitive data stored on
your computer. - Remove the data as soon as you no longer need it.
- More information can be found on the Safe
Computing Website.
19Compromised Sensitive Data
- What to do if sensitive data has been
compromised. - If a breach of security is suspected on a
computing system that contains or has network
access to unencrypted protected data, the Data
Custodian (system administrator) will
immediately - Contact the NACS Response Center at 824-2222 to
report that a potential security breach has
occurred and request immediate notification of
the NACS security staff and the Security Breach
Lead Campus Authorities. Send additional
information via email to security_at_uci.edu with a
copy to security-lca_at_uci.edu. - Remove the computing system from the campus
network. - Conduct a local analysis of the breach to
determine the number of individuals whose
protected data may have been acquired. - Notify the Data Proprietor if there is a
reasonable belief that protected data may have
been acquired. - More information http//www.policies.uci.edu/adm/
procs/800/800-17.html
20Getting Help
- Symptoms of a compromised computer
- When you try to use the UCI network, you get a
message stating that your computer may be
compromised and is blocked from the network. - Your anti-virus software has been disabled or is
not updating. - Your hard drive light flashes continuously, even
when you are not using it. - Your computer has slowed down noticeably during
routine activities. - There is a user account that you did not create.
- Local Support
- School and Departmental Computing Help Desks
- Computer Support Coordinators
- Campus Computing Help Desks
- Administrative Computing (AdCom)
- Network Academic Computing Support (NACS)
- Commercial Solutions
- UCI Computer Store