IT support staffs do everything they can to assure that your computing environment is secure and trouble-free. But it's an ugly world, and the spammers, virus writers, and hackers seem to be both clever and relentless. This site provides information and links to resources on computing security. We strongly urge you to visit this site often for updates and alerts.
Assume that your computer is under constant attack and that eventually something will get past campus security measures. And don't forget your computers at home, especially if you connect to the Internet. Typically you have fewer safeguards there. Be prepared, be careful. There's no way to be absolutely safe, but prudence and good computing habits will do a lot to protect you and your data.
The Primary Rules for Email Security
Guard Against Computer Viruses
What is Phishing and Spoofing?
Hacking Alerts
Using Secure Passwords
Computer Security
- Have a current version of Antivirus installed on your computer (Windows or Mac). More information on recommended and approved antivirus: http://oit.ncsu.edu/antivirus
- Make sure the virus definitions are current -install the managed version on campus for automatic updates, use live updates or the downloadable update for non-managed versions.
- Never delete files on your PC as instructed in an email stating you have a virus. Did you receive an email stating that you have a virus and need to delete a file on your PC? This is a hoax and most files referenced in these hoaxes are legitimate Windows files that should not be deleted. See the Hoax section to the right for the most latest Hoaxes. If ever in doubt, contact your IT support desk.
- Never open an email attachment unless you are absolutely sure of the sender and the sender's intent. Don't assume that an attachment is legitimate and safe just because it came from someone you know and trust. Verify with the sender that the attachment was intentional, and verify the attachment name. You can help your recipients when you send attachments by specifically referring to the attachment in the body of your email by name, size, and purpose.
- Never respond to "unsubscribe" directions in a spam or UCE (unwanted commercial email) message. If you do, you will probably see a huge increase in unwanted email, because your response signals to the spammers that your email address is both legitimate and operational. They have no intention of honoring your unsubscribe request.
- Keep your system and applications patched. Some email clients-Outlook and Outlook Express especially-have required numerous security patches and updates to reduce vulnerability to email worms and viruses. If your computer is not regularly managed by IT staff, make sure that you regularly monitor for Microsoft security patches (e.g. by using the *Windows Update* feature in Internet Explorer) and that you install patches and fixes when they are available. Macintosh and Linux users should maintain their systems in an appropriate fashion as well.
|
It seems every day a new computer virus is released that could destroy your hard drive, corrupt your files, or disable the functionality of your computer. Recently these virus attacks seem to be more frequent and aggressive. Our network administrators work to provide protection for our office network systems, but your office and home personal computers are at risk if you fail to take the necessary precautions.
Below are two practical steps that will help prevent acquiring a nasty virus on your personal computer system.
- Use an anti-virus software and keep it up-to-date. Do not disable it at start-up just to make the computer load faster.
- Always be suspicious!
- Since most viruses are sent via e-mail attachments, NEVER open mail attachments that are sent to you from people you do not know. DELETE THEM!
- Even the most well meaning individual can inadvertently send virus infected files without even knowing that their computer is infected. If someone you know sends you an attachment you are not expecting, email them and ask what it is before you open it. If they didn't know they sent an attachment,delete their message and let them know their system is probably infected.
- You may think that attached text (*.txt) or image files (*.jpg, *.gif) are safe, but looking at the attachment's file extension may not really tell you what type of file it is. Some viruses use double extensions, like "filename.txt.pif." Even worse, other viruses camoflage the file extension in even more creative ways, so you cannot rely on the file extension to tell you whether an attachment is safe or not.
|
Phishing
The term "phishing" is a variant of fishing and the first recorded use of the term phishing was made in 1996. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, bank account information, or credit card information through electronic communications (Wikipedia, http://en.wikipedia.org/wiki/Phishing, 10/2/2008).
Usually email is the main vehicle but instant messenger can also be used. Emails and websites appear to be legitimate and purport to be from popular online banks, auction sites, social web sites, or even from your company IT department. Within the email will be links that direct you to sites that appear legitimate, but ask you to enter personally sensitive information, such as email addresses, passwords, or even account numbers
Never respond to these emails! No legitimate company or service will send you an email requesting you submit your password or account information for verification. In the past, phishing emails have masqueraded as NCSU Helpdesk emails asking for your email password and account information. NCSU IT will never send these types of emails and they are not legitimate.
Email Spoofing (or, "you just sent me an email virus")
From Wikipedia, "...a spoofing attack is a situation in which one person or program successfully masquerades as another..."
The Klez worm, in particular, is notorious for "spoofing" its origins. It may appear that you sent a Klez-infected email to someone, when the facts are that (1) your computer is not infected and (2) you didn't even send the email. You may even get messages from others claiming that you sent them a virus, when you're completely innocent. How that happens is explained below.
The following is an excerpt from http://www.symantec.com/security_response/writeup.jsp?docid=2002-041714-3225-99&tabid=2
This worm often uses a technique known as "spoofing." When it performs its email routine. it can use a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.
For example, Linda Anderson is using a computer that is infected with W32.Klez.H@mm. Linda is not using a antivirus program or does not have current virus definitions. When W32.Klez.H@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.
If you are using a current version of Norton AntiVirus and have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.
- There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your email address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send email and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened.
- The message may be disguised as an immunity tool which states that you have the virus and you should click on an attachment and run the cleanup tool. Don't click on the attachment or try to open it.
Here is an example of a spoof email with a virus attachment (note the grammatical and spelling errors):
"Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question, please mail to me."
|
Common Hacker Tactics
The "movie server" problem. In the past, numerous campus computers, both servers and desktops, have been "hacked" by persons unknown. The hackers then install software and many gigabytes of files that effectively turn these computers into illegal distribution devices for pirated digital versions of current-release movies. This distribution is completely illegal, and the university has been contacted many times by the movie industry with "take down" requests. In many cases the computer users were unaware that they had been hacked.
How are the hackers getting control of these machines? According to staff in the university Office of Information Technology division, the most common method of entry is through password hacking in one of two conditions:
- no password protecting administrative rights to the computer
- a "weak", easy-to-crack password
What can you, the user, do to protect your computer? Observe effective password security practices. See the Password section below...
|
Your password is your first, and sometimes your only defense against hacker attack. While the completely safe password is probably unusable, you can protect yourself by choosing passwords that can't be easily guessed or determined by "brute force" highspeed testing of letter and number combinations by an attacking computer.
Please read below for help in choosing passwords. As you read, keep in mind the following tips:
- always create a strong password for the administrator account and any user accounts on a computer connected to the Internet
- in the NCSU environment, 8-10 characters is a reasonable, effective, usable password length
- never use just numbers or just letters
- in using a combination of numbers and letters, mix upper and lower case
- never use your name, your birthdate, your address, or other numbers or phrases that can be directly connnected with you
- don't use mnemonic phrases that you're seen as suggestions on a website--the hackers have those too
From the Unity Password Change Page, some rules to creating a password:
Your password must:
- be at least 8 characters
- be no more than 127 characters
- not contain your Unity username
- not contain your Unity username backwards
- contain at least one digit (number)
- contain at least one letter
- not contain a word found in the dictionary
- not have 5 consecutive digits (e.g. phone number)
- be more than a simple case change of your old password
It is recommended that your password:
have at least one special character (not a number or letter)
- contain at least one capital letter
- contain at least one lowercase letter
- contain special characters (&,#,@...)
Change your Unity password online
Set up remote identification for password resets (UIA)
NCSU EOS/Unity password guidelines -- current guidelines and tips
Ten Windows Password Myths -- some divergence from the usual thinking but worth consideration
|
|