What's the Big Deal About Computer Security

What's the Big Deal About Computer Security?


	The protection of our University's IT resources depends heavily on each user's careful handling of "keys" to these resources... - paraphrased from Guidelines for Appropriate Use of University of Wisconsin-Madison Information Technology Resources		With their huge databases, universities may rival financial institutions as attractive targets for the crime, estimated to affect over 9 million Americans a year at the total cost of more than $50 billion, experts said.

			- from ZD Net News article Universities Grapple with ID Theft, August 18th, 2005

In computer security, sometimes actions, or failure to take precautions, results in unexpected consequences.

Read the following scenarios:

Scenario 1:

The anti-virus software on your computer expired. You mean to walk to DoIT to pick up the free Symantec disk, but you just haven’t made the time. A nasty virus hits your computer and silently begins sending email, leaving no record behind. The virus rifles through your email address book, which includes your faculty advisor, your parents, and the department program assistant. It sends emails out to all these people with the virus attached. One of the University recipients opens it and gets infected. The virus opens that address book and finds the email addresses of Civil Engineering scholarship donors. One of the scholarship donors opens the email, gets his office computer infected, and spreads the virus throughout his company. He is incensed – “What kind of operation are they running over there?!?” As a result, his company withdraws all future scholarship funding to Civil Engineering.

Scenario 2:

You share an office with several other grad students. One of your officemates is at his desk. You leave to go to class; your desktop computer is running and logged in. The remaining officemate leaves the room and leaves the door open, thinking he’d be back in just a minute. He runs into a friend in the hallway and stops to chat, so he’s gone a while.

A former disgruntled student walks into the office and looks for computers to access. He quickly finds that you didn’t lock yours. He sits down at your computer and brings up email. Score – no password required (you set your email password to “remember me.”) He starts sending out scathing emails to Civil Engineering professors, critical of the curriculum and the school. He closes your email software and walks out the door. Later that day, you are called to your advisor’s office and asked to explain your actions. You wonder what the advisor is talking about – you didn’t send any such email. The advisor shows you a copy of the email, clearly showing your name in the “from” line.

Scenario 3:

You share out your hard drive so a fellow student can access files for a project you’re working on together. You forget to remove the share drive. A hacker scans the university networks, looking for vulnerabilities. He finds your shared drive, and uses it to take over your computer. With your computer, he then attacks one of the Civil Engineering faculty research servers. That server contains a grant proposal that is due tomorrow – funding that affects your job. The server is wiped out, and the proposal deadline is missed – no grant this year.

How to Keep Your Computer Secure

1. Lock the computer...

Log off the computer when you are done using it.
Lock your Windows computer when you walk away from it – press the Ctrl – Alt – Del keys then click Lock Workstation. This locks your computer so only you or an Administrator can log back in.
Use the firewall if you have Windows XP – visit this web page for more information:
- http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx

2. Maintain the software...

Keep your Windows Updates current. Check weekly for new updates – not all updates may be downloaded with automatic update.
Keep your anti-virus software up-to-date. Check weekly to ensure the virus definition files are current

3. Don't install download/install dangerous files...

The following types of software compromise the security of your computer and should NOT be installed - they open holes in your computer's security and let viruses in.

Internet filesharing programs such as Kazaa
Screensavers, Webshots, Weatherbug, programs to alter cursors, etc. They often come with spyware to track your actions and passwords.
Chat/Instant Messaging software (e.g. MSN Messenger, IRC (Internet Relay Chat), or Yahoo Messenger). A quick search of Symantec AntiVirus’ website in their virus encyclopedia returned over 796 references to viruses that targeted chat software. DoIT offers a service called WiscChat that is safe to use – for more information see this webpage: http://www.doit.wisc.edu/wiscchat/
Any software labelled "free - download now!"

Remember grad students, you get one UW-owned computer for your entire stay here. Every time you install software, you shorten the life of your computer.

4. Protect your passwords...

Don’t use features in software that save usernames and passwords – it makes the information easy prey for data thieves.
Don’t share your passwords with others
Don’t write your passwords down and post it at your desk where others can see it.

5. Scan regularly and remove spyware and malware...

Scan for spyware at least once per week – download and install Ad Aware ( aawsepro.exe ):
- http://shelf.doit.wisc.edu/PC/Ad-aware_SE_Professional/1.0/
- (Note: the above link is not available off campus)

6. Browse carefully...

Be careful of the webpages you visit. Often visiting free pages or pages heavy with advertising results in spyware being loaded on your computer. This is often the source of those annoying pop-up windows.

7. Examine email attachments with caution...

Beware of email attachments from strangers or from friends – many viruses spread this way. Be particularly careful of any files ending in .exe, .vbs, .com, or .zip.
Do not send “chain letter” messages that ask the recipient to mail additional copies onto to others. This includes forwarding jokes, pictures, etc. to groups of people. This is how computer viruses spread.

Especially for Laptops...

The FBI estimated that in 2003 laptop theft cost U.S. companies $6.8 million, not including the value of the data stored on the hard drive. Consider a security device to lock down your laptop. DoIT’s Tech store offers several products.
Record the serial number of your laptop and keep it in a safe place. Most stolen laptops are never recovered because no one recorded the serial number.

Remember: when you access the Internet through our Engineering network, you open an electronic door to the world, risking the security of not only your computer but our entire network.