Simple steps you can take to help protect your computer fro

1
Welcome to Safe Computing

• Welcome to UCIs Safe Computing presentation.
  This presentation is for all employees who use a
  computer on any UCI network.
• Computer security is everyones responsibility.
  Our goal is to make safe computing easier for
  everyone.

2
8 Steps to Secure Your Computer

• Required
• Safely Install Your Computers Operating System
• Keep Your Operating System Up To Date
• Install and Update Anti-Virus Software
• Use Strong Passwords
• Strongly Recommended
• Enable Firewall Protection
• Install and Use Spyware Removal Tools
• Back Up Important Files
• Enable Screen Saver Passwords

3
1. Safely Installing Windows on Campus
If you use the Windows Operating System, there
are some critical steps to take during
installation. This is to prevent your computer
from being attacked or infected as soon as it is
on the network.

• Disconnect the computer from the network.
• Run the installation and skip the network setup.
• Install and configure a personal firewall.
• Web site with instructions
• www.nacs.uci.edu/security/safe-install.html

4
2. Update your Operating System
Most security issues are related to
vulnerabilities in the Operating System. As these
flaws are discovered, software companies release
patches and updates to protect you from security
holes.

• Recent versions of Windows and Macintosh
  computers have automatic software updates.
• Configure your computer to automatically download
  the latest patches and updates.
• Instructions to set up automatic updates are on
  the Safe Computing Website.

5
3. Install and Update Anti-virus Software
If your computer is connected to the Internet or
you share files with anyone, you need anti-virus
software.

• How to Get Anti-virus software
• On Campus
• Faculty and staff can contact their local
  computer support.
• Home Use
• Purchase commercial anti-virus software.
• Free Windows version for home use by Avast.
  (www.avast.com)
• Keep the virus definitions up to date.

6
4. Set Strong Passwords
The easiest way to break into your computer is a
weak or blank password. If your computer is
compromised it can be used to attack other
computers on campus or around the world.

• Set Your Computer Password - Do not leave it
  blank
• Password Tips
• Never share your password.
• Never write your password down.
• Change your password periodically.
• Creating a Strong Password
• Passwords should be 7 characters or longer. The
  longer the better.
• Passwords should contain at least one alpha
  character (a-z).
• Passwords should contain at least one non-alpha
  character.
• Do not choose passwords that contain personal
  information, like pets or childrens names.
• Do not choose a word that is in the dictionary.
  These are the easiest to crack.
• Try using a pass phrase. For example, Hpatp0a
  Harry Potter and the Prisoner of Azkaban.

7
5. Personal Firewall Protection
A firewall can protect your computer against
hackers and other security attacks. The latest
versions of Windows, Linux and the Macintosh
operating systems have basic built in firewalls.

• Enable Your Firewall Protection
• Windows XP Service Pack 2, Macintosh OS X (v.
  10.2 and later), and Linux have built in firewall
  software.
• Instructions are available on the Safe Computing
  Web Site
• Commercial Firewall Software
• If you have an older Operating System or want a
  more robust firewall, consider purchasing a
  commercial version.
• Free Firewall Software for Windows
• ZoneAlarm Firewall for Windows is available for
  free for individual home use on your personal
  computer.
• http//www.zonelabs.com/store/content/catalog/prod
  ucts/sku_list_za.jsp?lidnav_za

8
6. Spyware and How to Avoid It.
Spyware is software that is downloaded and
installed onto your computer, often without your
knowledge. Spyware monitors and shares your
information while you browse the Internet.

• Spyware is often installed by you without
  yourknowledge by piggybacking on other software
  or by tricking you into installing it.
• Some anti-virus software also has anti-spyware
  capability.
• Anti-spyware Recommendations for Windows
• Adaware (http//www.lavasoftusa.com/default.shtml.
  en)
• Spybot Search and Destroy (http//www.safer-networ
  king.org/en/home/index.html)
• Spyware is not a major problem for the Mac OS
  yet. There are a few software companies that are
  starting to address the issue.
• MacScan (http//macscan.securemac.com/)
• NetBarrier X4 Firewall includes Spyware
  protection (http//www.intego.com/netbarrier/)

9
7. Back Up Important Files
Since no system is completely secure, you should
regularly back up important files. This is also
your best defense against losing files to
viruses, software or hardware failure, or the
loss or theft of your computer.

• How Should I Back Up My Files?
• Backup Software Talk to your local computer
  support. There may be a backup system in place.
• Back up to WebFiles Faculty and staff have 1 GB
  of disk space on WebFiles. It is professionally
  maintained and backed up each night.
• Back up to CD or DVD Writers Most computers have
  a built in CD or DVD writer. Burning discs is
  easy and inexpensive.
• More Back Up information is available on the Safe
  Computing Website.

10
8. Set a Screen Saver Password
When you are away from your computer, lock the
screen or set a screen saver password. This will
prevent someone from using your computer when you
are away from your desk.

• Windows XP and Vista allow you to set a screen
  saver password. This will lock your screen when
  you are away, requiring you to enter your system
  password to access the computer.
• Macintosh OS X and Linux also have screen saver
  password capability.
• See the Safe Computing Website for instructions.

11
Email Safety Tips

• Do not open unexpected attachments.
• Use Spam Filters
• Beware of Spoof Emails or Phishing.
• Dont send sensitive data in email.
• Avoid clicking on links in the body of an email
  message.While these links may not be a phishing
  attempt, they may not go to the site you intend.
  Unless you are completely comfortable that the
  email is legitimate, it is best to copy and paste
  the link or type it in directly in your browser.

12
5 Tips to Manage Email Attachments
Most common email viruses are spread through
email attachments. Attachments are files that are
sent along with the message. If an attachment has
a virus it is usually spread when you
double-click or open the file. You can minimize
the risk of getting a virus from an attachment by
following a few few simple rules.

• Do not open an attachment unless you are
  expecting it AND you know who it is from.
• If you receive an attachment from someone you
  dont know, delete it immediately without opening
  it.
• Use anti-virus software and keep it updated.
• If you need to send an attachment, contact the
  recipient and let him know you are sending it.
• Use spam filters to block unsolicited email. Many
  viruses are sent as spam.

13
Managing Spam Email
Spam is often more of an annoyance than a
security risk. However many email viruses are
sent as spam and can be caught by spam filters.
If you use NACS MailBox Services, you can use a
simple Web tool to set up spam filters.

• Setting up spam filters on NACS MailBox Services.
• Go to My Email Options at www.nacs.uci.edu/email/o
  ptions and login with your UCInetID and password.
• Click on the Spam Filtering tab.
• Select the type of filtering you prefer, default
  or strict. Click the Submit button.
• Click the Logout tab.
• If you receive your email from another server on
  campus, you may have spam filtering as well.
  Check with your local computer support.

14
Spoof Email (Phishing)
Phishing emails are an attempt by thieves to lure
you into divulging personal and financial
information, for their profit. They pretend to be
from well-known legitimate businesses, and
increasingly look as if they actually are. They
use clever techniques to induce a sense of
urgency on your part so that you don't stop to
think about whether they are legitimate or not.
You can learn to know what to look for and where
to report these scams when you find them.

• 6 Ways to Recognize Phishing
• Generic GreetingFor example, Dear Customer.
• Sense of urgency.May include an urgent warning
  requiring immediate action.
• Account status threat.May include a warning that
  your account will be terminated unless you reply.
• Forged email address.The senders email address
  may be forged, even if it looks legitimate.
• Forged links to Web sites.There is often a link
  to a Website to fix the problem. These are
  usually forged.
• Requests for personal information.Asking for
  login and password info, either in email or via
  the link.

15
Dont Send Sensitive Data in Email
Although it's convenient to send colleagues
sensitive data in email, it is unsafe. Not only
is email an insecure way of sending information,
you've lost control over that information once
you hit the send button.

• The Risks of Sending Sensitive Data in Email
• Sending email is insecure.
• You are storing sensitive data on your computer.
• You no longer control the sensitive data.
• The sensitive data may be sent to others without
  your knowledge.
• Alternatives to Sending Sensitive Data in Email
• Faculty, Staff, and Grad Students can use their
  WebFiles account. You can then share the
  information by using permissions or tickets.

16
Instant Message (IM) Safety Tips
Virus infections are increasing by clicking on
links in IM.

• Only share your screen name with people you
  trust.
• Only communicate with people in your contact or
  buddy list.
• Never provide personal information in an IM
  conversation.
• Never open pictures, download files or click on
  links sent via Instant Messages unless you are
  expecting it and you can verify who it is from.
• Do not set your IM client to automatically login
  on a shared computer. This will allow others to
  communicate on your behalf.

17
Mobile Security
Mobile computing offers the freedom of using your
notebook computer or other mobile device in many
remote locations. With this freedom also comes
greater responsibility to keep the computer and
information secure.

• Physical Security
• Lock your notebook computer in a safe location
  when not in use.
• Buy and use a notebook security cable.
• Wireless Precautions
• WiFi networks are a shared network that makes it
  easier for others to eavesdrop on your
  communication.
• Secure Web Browsing
• Use secure, encrypted sessions.
• Secure Internet Transactions
• Use UCIs VPN to encrypt your network traffic.
• Always use a Personal Firewall when on an
  untrusted network (hotel, conference, etc.)
• Set the firewall to deny ALL incoming
  connections.
• Never store Sensitive Data on mobile devices
  unless absolutely necessary.

18
Keeping Your Data Safe
The information on your computer is often more
valuable than the equipment itself. If sensitive
data is lost, California law requires that
consumers be notified.

• What is Sensitive Data?
• Sensitive data is personal information that is
  restricted by law or University policy.
• It includes an individuals first name or first
  initial and last name in combination with any of
  the following.
• Social Security Number
• Drivers license or California ID number.
• Financial account information, such as a credit
  card number.
• Do you store sensitive data?
• Only store sensitive data on your computer if
  absolutely necessary.
• Report any sensitive data stored on your computer
  to your Electronic Security Coordinator.
• Use encryption to secure sensitive data stored on
  your computer.
• Remove the data as soon as you no longer need it.
• More information can be found on the Safe
  Computing Website.

19
Compromised Sensitive Data

• What to do if sensitive data has been
  compromised.
• If a breach of security is suspected on a
  computing system that contains or has network
  access to unencrypted protected data, the Data
  Custodian (system administrator) will
  immediately
• Contact the NACS Response Center at 824-2222 to
  report that a potential security breach has
  occurred and request immediate notification of
  the NACS security staff and the Security Breach
  Lead Campus Authorities. Send additional
  information via email to security_at_uci.edu with a
  copy to security-lca_at_uci.edu.
• Remove the computing system from the campus
  network.
• Conduct a local analysis of the breach to
  determine the number of individuals whose
  protected data may have been acquired.
• Notify the Data Proprietor if there is a
  reasonable belief that protected data may have
  been acquired.
• More information http//www.policies.uci.edu/adm/
  procs/800/800-17.html

20
Getting Help

• Symptoms of a compromised computer
• When you try to use the UCI network, you get a
  message stating that your computer may be
  compromised and is blocked from the network.
• Your anti-virus software has been disabled or is
  not updating.
• Your hard drive light flashes continuously, even
  when you are not using it.
• Your computer has slowed down noticeably during
  routine activities.
• There is a user account that you did not create.
• Local Support
• School and Departmental Computing Help Desks
• Computer Support Coordinators
• Campus Computing Help Desks
• Administrative Computing (AdCom)
• Network Academic Computing Support (NACS)
• Commercial Solutions
• UCI Computer Store