What IT Security Protects ECU Campus network and everything attached to it Information personal data patient/student records and billing payroll research e-mail IT Security Affects You We all share the same network and networked resources We all share responsibility for security If the network goes down, nobody can access e-mail, Internet, Purchase Order system, patient records and billing, secured areas, VOIP devices (telephones), etc. Security Fallacies We have antivirus software, so were secure. We have a firewall, so were secure. Most security threats come from outside. I dont care about security because I backup my data daily. Responsibility for security rests with IT Security staff. Security Assessment Open ports and mail relays Software patches Weak passwords We do not scan your personal data If we detect weaknesses, we do not exploit them We report weaknesses to you for your benefit Security Policies Continuous cooperative effort between IT Security staff and all users Develop, implement, and enforce effective security policies and procedures Provide maximal security with minimal inconvenience to users IT Security Components Firewalls Intrusion Detection Systems Antivirus software Updated OS and apps Continual education for staff and users User cooperation and compliance most critical component most difficult to achieve Security Threats Malwareviruses, worms, trojans, etc. Security patches not applied Hacking and network scanning Social engineering Chat and Instant Messaging software Weak passwords Ignorance, carelessness, and File Sharing Software Kazaa, eDonkey, Morpheus, etc. Contains trojans and spyware Advertises your computer on Internet Hogs shared network capacity Sharing copyrighted materialmusic, video, or dataviolates federal law Violators referred to appropriate authorities Hacking Steps Reconnaissance high tech: network port scans mid tech: impersonation, phone calls, phishing low tech: dumpster diving Identification Coordination Exploitation What You Can Do Use/update antivirus software Patch OS and apps Use strong passwords Use email prudently Dont use chat or IM software Dont use P2P file sharing software Dont use personal firewalls Campus Antivirus Policy All networked Windows and Macintosh computers must run AV software Site license for Symantec Antivirus free copy for every Windows or Macintosh computer on campus free copy to load on your home computer Infected computers removed from the network until cleaned Free Antivirus Software Sources for antivirus software: ITCS installs on campus computers CD-ROMs available in Austin 208 Download from ITCS website Instructions on ITCS web page: www.ecu.edu/itcs go to Software, Software Documentation get, install, configure, use, update Use Antivirus Software Always use the latest version Update definitions daily, before retrieving email Scan all files weekly Beware of virus hoaxes Campus computer infected? notify IT Support Services at 328-6866 notify your coworkers Patch Your Software Windows Update website critical updates for OS Start menu, Windows Update Microsoft Office Update website link on Windows Update web page Microsoft Baseline Security Analyzer checks for security flaws analyzes OS, IE, Office, IIS, SQL Windows Update Go to Start, Windows Update (Win2k and XP) Three update types Critical: Apply all of these. Windows: Apply those marked recommended and avoid the others. Drivers: Dont apply these. Get them from your hardware vendor. Office Update Linked from the Windows Update web page Find link at top of WU page Apply all updates for English versions of Office Avoid updates for foreign language versions Baseline Security Analyzer Free download from Microsoft Checks OS, Office, IE, IIS, SQL Direct links to missing hotfixes Updates every time you run it Additional security advice Passwords At least 8 characters long, including: at least one letter at least one number at least one special character (e.g., !, @, #, ?, >) no repeated characters Make it obscure. Keep it secret. When in doubt, change it NOW 90-day expiration Exchange E-Mail Never open attachments save the attachment to your hard drive scan the attachment with SAV Dont spam other users spam is electronic junk mail if you wouldnt want to receive it, dont send it Dont use other e-mail programs on campus: AOL, Yahoo, Hotmail, etc. Personal Firewalls Designed to work on stand-alone home computers, not complex networks No centralized management Interfere with antivirus software Interfere with network management Not supported by ITCS Use Common Sense Be suspiciousdont believe unknown visitors or phone calls Use your locksdoor and computer Going home? Turn off your computer! Dont reveal your password to anybody Dont reveal confidential information Dont install unauthorized software If youve been hacked, change all your passwords Problems and Questions? Dont call individual ITCS employees Call IT Support Services at 328-6866 single point of contact all calls forwarded to appropriate consultant Open a Service Request www.ecu.edu/itcs go to Client Services section Questions?