1 POST NO BILLS RIT Information Security RIT Information Security Office

2 Copyright and Reuse The Digital Self Defense logo is the property of the Rochester Institute of Technology and is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs License. To view a copy of this license, visit or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact The course materials are the property of the Rochester Institute of Technology and are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To view a copy of this license, visit or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. To request permission for other purposes, contact

3 Welcome to RIT You’re not at home anymore. With freedom comes responsibility. RIT has requirements: –Code of Conduct for Computer and Network Use (C8.2) –Desktop & Portable Computer Standard –Password Standard

4 RIT Information Security We’re here to protect you and RIT We can’t do it alone; We need your help: –Practice ethical computing –Watch out for each other –Keep your computer protected

5 Computer Support –All RIT users must comply with the RIT Code of Conduct for Computer and Network Use. –Resnet provides computer support for students residing at RIT. ( Resnet users must also comply with the Residential Network Appropriate Use Policy. –The ITS HelpDesk provides support for YOU.

6 Not your Father’s Network Life on a university network –The Good, the Bad, and the Ugly The Good –Power you’ll find nowhere else Internet2 Very High Speed Internet Connection Wireless access One of the most wired universities

7 Threats on the Network The Bad –College campuses make big targets –RIT faces the same challenges as other large technology universities. –Threats on our campus: Password Crackers Key Loggers Harassment Sniffing/Network Monitoring Network Worms Hacking Attempts & Rootkits Physical Theft

8 Threats Beyond the Network The Ugly External threats Phishing & Identity Theft Spyware & Adware External Hacking Attempts Botnets/Zombie PCs 2004 was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs…over $105 billion. -Valerie McNiven, US Treasury - Cybercrime Advisor

9 Phishing Common Phishing Methods – s that look like they come from banks, PayPal, or other official sources appealing to greed, fear, etc. RIT’s Brightmail anti-spam filters out more than 90% of the received at RIT. –Spoofed sites that look real –Even inside RIT isn’t the only technique! –Phones, IM, in person…

10 What if it happens to me? If you believe you’ve been the victim of some form of computer security incident… –Call the ITS HelpDesk at 475-HELP –Call Resnet at –Contact before you delete anything If you believe you’ve been the victim of identity theft… –Call Campus Safety at

11 Your Role Digital Self Defense is all about protecting yourself and others. –RIT Desktop & Portable Computer Security Standard –RIT Password Standard –Paranoia & Common Sense –Ethical Computing

12 Protect Your Computer There are many types of malware circulating on the Internet. The Desktop Standard requires you to protect your computer: –Patching –Firewalls –Anti-Virus –Anti-Spyware

13 Patching –Fixes “holes” in existing software –Provides a temporary fix until next major release –May add features –Protects you against security vulnerabilities –Prevents you from infecting others You need to –Turn on auto-updating

14 Firewalls –Monitor and protect your network connections to prevent unauthorized connections from being made. You must –Enable the Windows XP Firewall for minimum protection; for better protection download and install Zone Alarm (

15 Antivirus Antivirus programs –Are an absolute “must have” before going on the Internet One in 10 s may contain viruses (as high as 7 in 10 last year) –RIT provides free McAfee AntiVirus for Windows and Virex for Macs (start.rit.edu) You must –Install an antivirus product –Update daily, scan weekly!

16 Spyware and Adware Spyware is a huge problem. –Spyware is “tracking software deployed without adequate notice, consent or control for the user.” –Adware is “software that delivers advertising content in a manner… unexpected and unwanted by users.” You must –Install anti-spyware Spybot Search & Destroy ( and Lavasoft Ad-Aware ( You should –Use more than one program

17 How do you get Spyware? You can get spyware from Browser Vulnerabilities –Instant messenger links to exploit sites –Enticing web pages/common terms –Links in spam mail File Sharing Networks –Bundled with client software Trojans –Disguised as anti-spyware programs or other popular software

18 Passwords The RIT Password Standard requires you use a complex password and change it often. MINIMUM of 8 characters UPPER and lower case Anatomy of a Secure Password Mixed numbers and letters…* *or other characters allowed by your systems administrator

19 Paranoia or Common Sense? Guard your personal information! –Even less sensitive information can be used by an attacker! –Don’t post it in public places. –Make sure you know who you’re giving it to. Be suspicious of –Never click on a link in an . –Instead, open your web browser and navigate manually. –Contact the senders and make sure they sent the .

20 Paranoia or Common Sense? Physically protect your computer –Keep your computer and mobile devices secure at all times –Lock or log out of your computers when you leave the room –Don’t allow other people to use your computer unattended Know your computer! –YOU are the first line of defense—if something goes wrong, you’ll probably be the first to know –Know what devices are registered to you—YOU are held responsible

21 Ethical Computing According to a recent study on computer use & ethics at RIT: –32% of computer crime victims on campus knew their attackers –Of that 32%, over half said their attacker was either a friend or acquaintance. RIT Computer Use and Ethics Survey, 2003

22 But everyone does it! Unauthorized File Sharing –“More RIT students face piracy lawsuits…” - Rochester Democrat & Chronicle May 28, 2005 RIT is a high profile target. 35 RIT students were subpoenaed in a six-month period last year. Hundreds received “take-down” notices. Students have gone to jail for illegal downloading of music, movies, images, etc. The MPAA will sue you for hundreds of thousands of dollars. –The average out-of-court settlement is $4000. Check out the free RIT Ctrax music download service instead.

23 Cyberbullying Harassment –13-15% of RIT students report being harassed online from within and outside of RIT. –RIT prohibits online harassment. –YOU are LEGAL ADULTS. This isn’t high school. Consequences are severe. They include fines and jail time. Law enforcement will get involved when needed. –You don’t have to take it. Report it to Campus Safety and

24 Online Blogs Use them carefully –Guard your private information –Carelessness can lead to cyberstalking –Student Judicial and Campus Safety monitor blogs –Potential employers will check you out –The information NEVER goes away Even when you delete the blog, it is cached elsewhere on the Internet. "The biggest concern I have is that students are naive about ways in which that data can be harvested and used against them in the short, medium and long term, for a variety of malicious ways.“ - Sam McQuade, RIT Professor MSNBC, June 25, 2006

25 Will I be a Victim? 2 out of 3 students at RIT will be a victim of at least one form of computer abuse or crime. 1 out of 3 students at RIT will be a victim of multiple forms of computer abuse or crime. RIT Computer Use and Ethics Survey, 2003

26 Consequences Network Quarantine –You will be denied access to the network and may not be able to complete your assignments. Student Judicial Federal, State and Local law enforcement Yes, we ARE trying to scare you.

27 Questions & Comments Send questions to View this presentation at security.rit.edu