UIS Home Search the UIS Website A-Z index
UIS Homepage

Information Technology Services University of Illinois Springfield

Security Best Practices

Security has become a crucial issue for interacting in a digital age. The following guidelines are intended to promote safe computing habits while using the UIS and other computing resources.

 

Passwords

One of the greatest problems with strong passwords is that the stronger the passwords are, the more difficult they are to remember. This becomes increasingly difficult as users acquire more passwords while setting up new accounts ranging from online banking accounts to Facebook.

Why strong passwords make sense

While strong passwords can be difficult to remember, it is important to remember that the more complex a password is, the harder it is for attackers to crack. Most attackers will start off with easily guessed passwords such as the username, the location, or even the type of operating system. The following link will rate the strength of a password:

http://www.microsoft.com/protect/yourself/password/checker.mspx

Working with strong passwords

When strong passwords were first introduced on the UIS campus, one method that helped many users was to create an acronym from an easily remembered phrase with at least eight characters and adding a little complexity. For instance, using the phrase “The rain in Spain falls mainly in the plain” would become “Tr!Sfm1tp” or “tr1$fm!tP” depending on typing preferences.

To help make password management easier for the university community, the University of Illinois recommends using either KeePass or LastPass to generate and track your passwords. This software uses a master password to protect other passwords using a double-encryption technique along with a timeout feature to close the application if you leave your machine.

return to top

Securing Your Workstation

The University of Illinois Springfield seeks to ensure that users of information technology follow best practices. One such practice would be to lock your workstation while stepping away from your machine (e.g. to get another cup of coffee or to speak with a colleague down the hallway) thereby reducing the potential risk of misuse.

Some instances of misuse could be:

  • Reading sensitive email conversations
  • Sending email on your behalf without permission
  • Deleting important documents
  • Accessing other open accounts (Facebook, Twitter, Yahoo, Gmail)

By locking your workstation, all opened documents and running applications continue to run and will be accessible once you login again with your NetID and UIS email password. There are two ways to lock your workstation: through a password-protected screensaver, or by locking it manually when you step away from your keyboard.

Lock Your Desktop With a Password-protected Screensaver

Windows 7

  1. Right-click on your desktop.
  2. Select Personalize.
  3. At the bottom of the window that opens, click Screen Saver.
  4. In the Wait box, set the amount of time your computer can be inactive before the screen saver turns on. For security reasons, a short amount of time, like 5 minutes, is best.
  5. Check the box that says On resume, display logon screen.
  6. Click OK.

Mac OS X

  1. Click the Apple menu.
  2. Click on System Preferences.
  3. Click on Desktop & Screensaver.
  4. Select Screen Saver tab, and set the amount of time your computer can be inactive before the screen saver turns on. For security reasons, a short amount of time, like 5 minutes, is best.
  5. Return to System Preferences and click Security and Privacy.
  6. In the General tab, check the box Require password to wake this computer from sleep or screen saver. For security reasons, set it to a short time, 5 seconds or less.

Lock Your Desktop Manually

Windows 7

On the keyboard, simply hold the Windows (Flag) button and hit the “L” key.

Mac OS X

  1. Set up a “Hot Corner” on your desktop by going back into the Desktop and Screensaver system preference as before and choose corner of your desktop enable Start Screen Saver.
  2. Navigate to the hot corner created above to activate the screen saver.

 

Backups

External Media Devices

Over the past decade, new technologies have made data backup solutions available to everyone. The more common media used today are the following:

  • CD-RW/DVD – This media is reasonably inexpensive and has the capacity of holding between 700MB to 8.7 GB of data depending on the type of disk and the type of burner in the host machine. Data backed up using this type of media should be static and properly handled to prevent data loss.
  • Flash Drives – These devices come in sizes ranging from a couple megabytes to several gigabytes and are best used for transporting files between systems. One drawback to this type of media is that its small size increases its potential of being misplaced.
  • External Hard Drives – These devices are best suited for large backups and can even be setup to backup the entire operating system. In many cases, software can be purchased with this type of media to help manage and schedule backups process.
  • Cloud-based storage – This type of storage is best suited for temporary backup of documents similar to that used on flash drives; however, cloud storage allows the flexibility of synchronizing documents across several devices without the name of a physical device. Currently, UIS supports eDocs (private storage) and Box (public storage)

Best practices
In an enterprise environment, backup systems consist of many methods (full, incremental, differential), media types (primary or secondary), and locations (primary or secondary). The problem is how to translate this type of model into a home environment.

Definition of terms

  • Full backup –This is an archive copy of all files and folders on the system. Without the use of differential or incremental backups, all changes made on the system since the last full back up will be lost.
  • Differential backup – This is an archive copy of all files changed since the last full backup. For recovery purposes, only the last full backup and last differential backup is required.
  • Incremental backup – This is an archive copy of all files changed since the last full or incremental backup. For recovery purposes, the last full backup and all the increments since the last backup are required.
  • Primary media – This type of storage is easy to access for quick recovery. A secondary internal hard drive is the common type of media used for primary backups.
  • Secondary media – This type of media is used to store the data originally backed up to the primary media. It is used to provide additional storage on the primary media and allows for a longer recovery time period. External hard drives would be an example of secondary media used today.
  • Primary site – This is generally located somewhere near the machine being backed up. We recommend that while not in use, the backup media is kept in a hidden and secure location since this device has is a direct copy of your system.
  • Secondary site – This location is generally used in case something were to ever happen to the primary site. It is a nearby location that is trusted and secure.

To follow the enterprise model, full backups should be performed in regular intervals with either incremental or differential backups performed between each full backup. An example would be the following:

Sun
Mon
Tue
Wed
Thu
Fri
Sat
Full
Diff
Diff
Full
Diff
Diff
Diff
Full
Diff
Diff
Full
Diff
Diff
Diff

In this case, full backups are performed on Sundays and Wednesdays with differential backups taking place between each full backup. Differential backups where chosen on the basis of ease when needing to restore a file since only the last full backup and the most resent differential backup would be needed to restore the latest version of the file.

return to top

 

Securing Data

Why should I secure my data?

With all of the news regarding fraud, identity theft, and personal information being exposed over the web, securing information is has become a never-ending battle at keeping one’s own information and identity safe. And, even though you may feel that an attacker would never bother with you since there are others out there with way more to lose, attackers would be more than happy to use your identity or machine to further their own personal gain.

What can I do to prevent this?

Encryption technology is yet another method to prevent attackers from exploiting any information by obfuscating the data through the use of cryptographic processes.

Encryption tools

Here are some of the more popular tools that are used to help secure the data on a machine.

  • Windows Encryption File System (EFS) – Windows provides the ability to encrypt files and folders so that no other user is able to view the data. Microsoft provides a list of best practices for data encryption on the Windows platform.
  • TrueCrypt – This is a free multiplatform open-source encryption tool. TrueCrypt is able to provide “on-the-fly” encryption of files, non-system partitions, devices (USB keys) or an entire system drive.
  • BitLocker – This is available on Windows Vista Enterprise and Ultimate editions and encrypts the operating system, user files, including swap and hibernation files. Microsoft provides a step-by-step guide for configuring BitLocker.
  • FileVault2 – This feature is available on the Mac OS X Lion (10.7) operating system and later. Filevault encrypts a user’s home directory and can be used in combination with Disk Utility to provide encryption on different volumes.

return to top

 

Viruses and Spyware

Common techniques that reduce your risk of infection

Secure browsing
When browsing to a secure site, you will notice that the beginning of the URL will become “https” rather than the traditional “http”. You might also notice a lock appear on the browser to convey you have entered a secure site. These indicators help you to realize that the network traffic sent between your computer and the server with which you are communicating is trusted and is being sent securely over the Internet.

Email
Email has become an essential communication method. With it increase in popularity, people have found ways to exploit its nature to propagate viruses, spam, scams, and hoaxes. To protect yourself from falling victim to one of these attacks, caution should be used at all times by remembering the following words of caution:

  • Do not open attachments from people you don’t know or are unsure about. Many viruses are spread by scanning an infected user’s address book and emailing a message to everyone in an attempt of spreading itself further to unsuspecting victims.
  • Do not click on links within emails. Even if the link appears to be legitimate and appears to be from an authority, the email could be spoofed and the actual URL behind the link might point to a compromised or malicious site. We suggest that if the link appears to be legitimate, copy the link provided in the email into a browser window. This copies only the text of the link and strips off the URL behind the link making it a little safer.
  • Keep your anti-virus up to date. Antivirus programs are only able to catch viruses that have been defined in a definition file.

Removal tools

Virus Protection
In an effort to protect the university’s network, the University of Illinois freely provides McAfee anti-virus protection to students, faculty, and staff. In addition to the work environment, Faculty and staff members are also able to obtain a copy of this software to be installed on home computers. This software can be downloaded from the Software WebStore.

Spyware/Malware
Spyware tracks your web browsing behavior and reports it to advertising companies. While virus scanners are able to prevent malicious programs from running on your machine, they don’t typically scan for spyware. Currently, MalwareBytes is the recommended free tool used to help eliminate spyware from a machine.

return to top

 

Home Routers and Firewalls

A home router is a device that is commonly used to create an internal network within one’s own home while having the main Internet connection provided by DSL or broadband service. Setting up a router at home can be a daunting enough task without thinking about the security aspects that could keep you secure. Most of us want to be able to plug in the router and continue browsing the Internet without skipping a beat. However a quick search on the Internet and anyone can find the information about your router and how to access your home network. Here are a few recommendations for setting up a home router:

  • Change the default admin password. Every router comes with a default admin password to help users configure their newly purchased router. Problem being, many times after configuring the router the password goes unchanged leaving your new network open for anyone to easily guessed password or, worse yet, to easily google the model for the password!

Try going to http://www.routerpasswords.com/ and test your own router!

  • Allow only the computers you want on your network. This is done by designating which network cards are able to communicate on your network through the use of MAC filters. Each network card has a unique series of characters associated with it allowing you to only denote which computers.
  • Make sure that you have encryption turned on. When wireless routers were first introduced, WEP (Wired Equivalent Privacy) was thought of as being effective in providing secure communication between a laptop and a wireless router. However, the WEP algorithm has several flaws and has been hacked in less than 60 seconds. Today, it is advised that home networks use WPA (Wi-Fi Protected Access) for encryption.
  • Stop telling everyone the name of your network. It becomes a whole lot easier to break into a network if you know that it exists. By turning off the “broadcasting” feature of wireless routers, you are still able to connect to the router but it just doesn’t announce it to the world.
  • Enable the firewall. Many wireless routers come with a built in firewall, which is used to block traffic based on a set of rules. By enabling a firewall on your local machines, attackers who have managed to access your wireless network might be prevented from accessing the files on your machine.
  • Turn off the wireless devices if you are gone for an extended period. Remember your parents telling you this as a kid to turn off the ligthts? Well, when you’re away from the network for an extended period of time, like a vacation, turn off the wireless router. This prevents attackers from having there way with your network or data while you aren’t around to protect them.

return to top

 

Wireless Security

Hotspots

Connecting to the Internet using a wireless hotspot is a wonderful service “if” you heed the warnings signs.

  • Public workstations may be compromised. Using a public computer for more than browsing can put your finances, identity, and accounts at risk since you may have now way of knowing just what software is installed on the computer.
  • Verify that the wireless network is authentic. Ask to speak with the manager to verify the Service Set IDentifier (SSID). Many attackers will connect to hotspots and then share out a network to closely match the hotspot network. It would be tragic if you inadvertently connected to another machine that was logging all the traffic going between your machine and the actual network.
  • Turned off all file sharing. If you allow people to connect to your computer while at home or in the office, make sure that this feature is turned off while using a hotspot since it provides another way for attackers to “read” files on your computer.
  • Turn on your firewall. By turning on the firewall and preventing any incoming traffic that you don’t initiate, you are making it harder for attacker to access your computer without your knowledge.
  • Use a Virtual Private Network (VPN). Information Technology Services provides the Cisco VPN Client to the UIS users free of charge through Software WebStore. This software encrypts communications and enables you to securely connect to the UIS network and Internet gateway.
  • Make sure that your machine is up-to-date before you connect. All major operating system vendors (Windows, *NIX, and Mac) release updates of their software as a response to a flaw that could put your information at risk. Contact your support center if you need help.
  • Keep your antivirus up-to-date. Information Technology Services provides free copies of McAfee antivirus software to UIS users through the Software WebStore.

return to top

Contact ITS

  • 217.206.TECH
    217.206.6000
    Toll Free: (877) 847-0443
    Email: techsupport@uis.edu
  • Media Lab
    217.206.6550
  • UHB Computer Lab
    217.206.7100
  • UIS Information Security
    Email: InfoSec@uis.edu


Bookmark and Share