Security Awareness and Resources
Security Awareness and Resources
CCS provides protection such as virus scanning software, firewalls, and spam filtering; however, you are the most critical component in ensuring the security of the University’s IT systems.
Did you know?
- Over 80% of the e-mail sent to the Carleton e-mail gateway from the Internet is SPAM.
- Most simple passwords can be cracked in under 4 hours.
- Each day CCS identifies 10 – 15 viruses on computers in our network.
Tips to improving IT security
Each individual has a responsibility for information security. Here are some simple and easy steps you can take to improve security.
- Never share your passwords.
If someone does not have a password to gain access to a resource, they probably were not supposed to have it in the first place.
- Not open suspicious email.
If you receive an e-mail message from an unknown person that contains an attachment, do not open it. The e-mail may contain a virus.
- Lock your computer when you walk away.
For Windows users, be sure to use the “Ctrl-Alt-Del” function to prevent someone from using your computer when you step away from your desk.
- Protect information stored on external media.
Take steps to properly erase and dispose of external media such as CD-ROMs, diskettes, or USB flash drives.
- Protect information stored on your computer.
Store data on your network drive and not on your computer’s hard drive (e.g. C:drive).
- Check to make sure that your computer has virus-scanning software installed.
Carleton University has a campus-wide license agreement with Symantec, which provides anti-virus protection for administrative desktop computers, computers in public labs, computers owned by students living in residence, Exchange e-mail servers, as well as home use protection for faculty and staff.
Tips to protecting yourself online
The Internet is not a safe place. Web surfing and instant messaging may seem both safe and anonymous, but this is not the case. There are viruses, hackers, and a multitude of identity theft scams; yet everyday we use the Internet as a primary means of communication. By following these tips you can reduce your risk when using the Internet both at Carleton and at home:
- Ensure that your computer has the latest security patches and updates.
This should be your first step in protecting you and your computer.
- Use Instant Messaging and Peer-to-Peer file sharing mindfully.
Be aware that technologies such as Instant Messaging and Peer-to-Peer file sharing offer new venues to introduce viruses and worms into your system. If you use these services, you may be exposing your system to additional security risks. Trust your instincts. If you receive a strange message from a friend, it may not be from them. It may be that their system has been compromised.
- Avoid installing free software.
Many screen savers and games can be downloaded from the Internet. Some of this free software includes additional viruses, spyware, etc. that may be installed without you knowing it.
- Be careful of what you publish online.
If you publish information on a personal web page (e.g. a blog), note that marketers and others may collect your address, phone number, e-mail address and other information that you provide. If you are concerned about your personal privacy, be discreet in your personal web site.
- Be careful of what information you divulge.
When you visit a website where you are asked to register or provide your personal information, be sure to read privacy disclaimers and opt-out of any information sharing agreements.
- Be wary of unsolicited emails.
Phishing scams attempt to lure Internet users to a “rogue” Web site. Often, this involves unsolicited emails asking you to click on a link, go to a web page, and provide your personal information. As a rule of thumb, you should assume that any unsolicited email attempting to gain personal information, or especially trying to convince you to click on a web link to update this information, is from an untrustworthy source. Do not respond to email messages or instant messages (no matter how legitimate they appear) that direct you to visit a web site that you have no relationship with. When in doubt about the legitimacy of an email, contact the organization or individual directly by telephone to verify the legitimacy of these types of messages. Do not respond to their email.
Tips to protecting your computer against viruses
The Carleton University IT environment is not like a home network or most corporate networks in that computers are constantly joining and leaving our network. There is an ongoing risk that these computers introduce new viruses into our network. Computers on the Carleton University network need to have antivirus software installed to protect against viruses, worms and other malicious software.
With respect to viruses, it is important to be aware that:
- The impact of having your PC infected varies, depending on the virus. A virus may negatively affect your computer in various ways such as corruption or loss of your data, monitoring of your activities (including logging keystrokes) by a hacker; or use of your PC to attack another computer.
- There are new viruses released onto the Internet on daily basis. Your virus scanning solution must be updated regularly to ensure that your PC is not vulnerable to the most recent viruses.
- Once a virus enters our environment, it can spread very quickly. If your PC is not protected, it will likely be infected.
- Symantec is the official anti virus solution available on campus. It is available for use by faculty and staff as well as students who live in residence.
For more information:
- Information Systems Security Association – Ottawa Chapter
- Computer Emergency Response Team (CERT)
- SANS Institute
- Microsoft Security Homepage
- Solaris Security Toolkit
- Apple Security Patches
About Information Security at Carleton
Information Security provides vision and direction for developing and supporting IT security initiatives at Carleton. The group provides leadership in the development and operation of structures, programs and policies that address the needs of Carleton’s information assets and how they are protected.
Key areas of accountability are:
- Ensuring that appropriate and reasonable safeguards are employed to detect and protect against potential threats to IT assets
- Establishing and evolving an appropriate security posture that balances risks, investment and safeguarding of assets against the University’s ability to operate effectively and efficiently; and,
- Evaluating, planning and delivery of the security aspects of the University’s network infrastructure
As part of an ongoing program to raise the level of security awareness at Carleton University, the Information Security Division provides security awareness reminders to the campus community on a regular basis.