How Not to Have Your Research Stolen or Corrupted Security Best Practices and Resources at Brandeis Melanie Radik and Raphael Fennimore Library & Technology Services Workshops Brandeis University September 29, 2015

Best Practice Overview Everyone strong passwords password protect all devices secure wireless update software and OS antivirus manage permissions for networked files physically secure all devices Advanced encryption electronic signatures watermarking firewalls intrusion detection software

Creating Passphrases Passphrase requirements o length o variety of characters o change it regularly Protect all devices o laptop or desktop o tablet o phone o USB drive

Managing Passphrases Use different ones for each account o banking vs. social media vs. , etc. o isolates hacking breach o allows for easier site-based creation Secure your passphrase list o don’t write it down unless kept locked up o don’t use browser auto-fill o Lastpass or KeePass More on passphrases in Brandeis Knowledge Base (KB)

Secure Wireless Wireless on campus o secure = eduroam o not secure = brandeis_guest, brandeis_open Wireless off campus o password protect home wireless o Junos Pulse VPN: more details in KBmore details in KB o Wormhole, wormhole.brandeis.edu: more details in KBmore details in KB  Remote Desktop setup details available in KBavailable in KB

Keep Things Up-To-Date Things to update o Operating systems on all devices o Installed software and plug-ins o home wireless router Routines to implement o when a program asks to update, let it o shut down your computer and programs on a regular basis o uninstall programs you no longer use Tech Help Desk is available to help troubleshoot

Malware Protection Antivirus software o Symantec Endpoint Protection (SEP) More info in KB More info in KB  Download from: brandeis.onthehub.com o Malwarebytes More info in KB More info in KB  Premium licensed for university-owned computers  personal computers eligible for discounted Premium or download free version at o AdBlock Plus  available free, o More on malware and anti-virus tools in KB More on malware and anti-virus tools in KB

Who Has Access? Manage permissions o Google Apps (Drive, Sites, etc.) o Brandeis networked drives o User accounts on devices Physical security o Who has the key? o Rooms locked or devices cable locked? (Both!) o Mobile devices require extra care

Mandated Security for Data Official policies dictate the security you must provide for: Personally Identifiable Information (PII) o Brandeis policy on PII Brandeis policy on PII o Massachusetts regulations Massachusetts regulations o HIPPAA (federal) HIPPAA (federal) data concerning National Security (DOD research) Trade Secrets, Patents, Copyright, Licensing The IRB board oversees research compliance with security as part of its approval process.

High-Security Storage Network Shares o data encryption while data is at rest or in transit o access allowed only on Brandeis secure network or through approved VPN o robust permissions management Brandeis Box o data encryption while data is at rest or in transit o support for WebDAV and FTPS o robust permissions management o apps for mobile devices

Encryption Protects information by encoding the data in an unreadable format, which can be decoded with a key. Full Disk Encryption o Bitlocker - Windows Bitlocker o TruCrypt - Windows, Mac, or Linux TruCrypt Folder-Specific Encryption o FileVault - Mac FileVault o Encrypted File System (EFS) - Windows Encrypted File System (EFS) o WinZip WinZip

Electronic Signatures A digital signature typically consists of three algorithms; ●A key generation algorithm outputs the private key and a corresponding public key. ●A signing algorithm that, given a message and a private key, produces a signature. ●A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity. Public Key Encryption can be used on , PDFs, Word docs, any electronically generated document.

Watermarking Embeds a digital marker for authorship in ‘noisy’ files; audio, video, graphic images (usually not text files) Only perceptible under certain conditions, i.e. after using some algorithm, and imperceptible otherwise Can raise an alert if alterations made to original file Can be used in distribution of works to track source Example of commercially available tool: o Digimarc Digimarc

Firewalls Monitor network traffic o block hackers o block viruses and malware Software-based o Windows, Mac, Linux all have built-in settings Hardware-based o home router Remote Desktop Access involves adjusting firewallsRemote Desktop Access o check out Remote Desktop Access best practices at Brandeis Remote Desktop Access best practices at Brandeis o consult the Tech Help Desk with any problems

Intrusion Detection Systems Brandeis maintains a Network Intrusion Detection System (NIDS) Host-based Intrusion Detection Systems (HIDS) o Snort Snort o OSSEC OSSEC o OSSIM OSSIM