Jump to content - Jump to section navigation
This page gives a brief overview of computer security at Brandeis, including what LTS does and what you can do to keep your computer safe.
These are things that should be present on every computer at Brandeis. University-owned computers come already configured this way, and other computers must be reconfigured to match before they can register on the network.
Antivirus programs attempt to detect and disable malicious programs on your computer before they can do any harm. They detect software using signatures, electronic "fingerprints" that uniquely identify programs. Because new malicious programs now come out at a very fast rate, antivirus signatures don't always catch them.
Antivirus software is not as good protection as it used to be, but it's still a useful part of a larger security plan. You should run antivirus software on all Windows computers and update the signatures frequently.
A firewall is a piece of software or device that blocks certain kinds of network communication, usually to try to keep attackers out. Firewalls come in all shapes and sizes, but host firewalls protect just the single computer they run on.
Firewalls can't stop all attacks, though. Some attackers wait for your computer to connect to them instead of connecting to your computer directly. They might do that by running a malicious web site, or sending malicious files by email or IM.
Almost all modern computers come with host firewall software built in and turned on by default. You should always keep your computer's host firewall turned on.
Most computer programs are very large and complex, which means it's easy for the people who write them to make mistakes. Usually those mistakes will just make the program crash, but sometimes attackers can take advantage of them to take control of computers. Fortunately, software vendors frequently release patches or updates for their programs which fix known mistakes.
Windows computers and Macs have features that allow them to fetch and install updates automatically. You should always use these features and install updates as soon as they're available.
You can use your UNet username and password to log into your computer if it's university-owned and set up by LTS. That's a good thing because you don't have to remember a different password, and UNet passwords have strong complexity requirements that make them hard to guess.
If your computer isn't set up to use UNet usernames and passwords, you should pick a new password that's different from your UNet one. It doesn't have to be as complex, since it should only be possible to use it to log into your computer if you're physically standing in front of it.
There are often at least two pieces of software that you can use to perform any common task - email, browsing the web, writing papers, etc. Sometimes one of these has a significantly better or worse security history than the others. In that case, LTS will recommend specific software for you to use.
For example, LTS recommends using either Firefox or Safari instead of Internet Explorer.
The more software you have on your computer, the more potential security problems there could be in them. It's always a good idea to remove or disable any software you don't use.
If you're not sure how to remove something, or want to make sure it's not important, check with the UNet Helpdesk first.
LTS does these things to protect all the computers at Brandeis. You don't have to do anything to benefit from these services.
Most university-owned Windows computers are part of a "domain," which allows LTS to configure them as a group. For example, domain computers all automatically install software updates and allow logins with UNet username and password.
A firewall is a piece of software or device that blocks certain kinds of network communication, usually to try to keep attackers out. Firewalls come in all shapes and sizes, and LTS maintains a large one that sits between the Brandeis network and the Internet.
Firewalls can't stop all attacks, though. Some attackers wait for your computer to connect to them instead of connecting to your computer directly. They might do that by running a malicious web site, or sending malicious files by email or IM.
The Brandeis network is constantly under attack, although usually the attacks are very unsophisticated and not dangerous. LTS monitors attacks and finds compromised computers with the help of an Intrusion Detection System or IDS.
The IDS monitors all network traffic, and detects attacks using signatures in the same way that antivirus software detects viruses. Also like antivirus software, an IDS is only as good as the signatures it uses.
Everyone should install the latest updates for all of their software, but not everyone does. Computers that no one maintains or whose owner doesn't know better often miss updates and become vulnerable to attack.
To protect these computers, LTS uses special software to scan the network. Attackers use similar tools to find vulnerable computers, so LTS tries to find them first and get them updated.
In addition to weeding out spam, the LTS email filters also remove dangerous or malicious messages. Frequently attackers will send email trying to trick people into visiting malicious web sites, running malicious programs, or revealing their passwords or other sensitive information.
Although some bad email will always slip through, the LTS email filters block the vast majority of these kinds of attacks.
The most important part of computer security isn't a program or a device - it's how people act. You can use these tips to keep your computer and the Brandeis network more secure.
The easiest way for an attacker to steal your information or take control of your computer is to trick you into doing his work for him.
If something seems strange, stop. Think about it. Are you being asked to run a program from a source you don't trust? Are you sure the person or web site you're talking to is who you think it is? Pay attention to unusual warning messages. If something feels wrong, it usually is.
If you're not sure, call the Help Desk or Tech Desk for a second opinion. A five-minute phone call can save you a lot of frustration later.
A very common trick is to make links that look like they're going one place but actually go somewhere else. For instance, this link looks like it's going to Apple's web site, but where does it really go?
This trick works on the web, in email and in instant messages. Sometimes you may be able to see where the real link goes by putting the mouse cursor over it, but not always. Here's another example taken from a real IM virus.
The best way to protect yourself is to copy and paste the link instead of clicking it. Or sometimes it's easier to type the site into your web browser and navigate from there. For example, if you use Bank of America and get an email from them, try typing "www.bankofamerica.com" into your web browser instead of clicking the link in the message.
Another popular trick with attackers is to get you to run their malicious programs by including them with something free that you want. Always be suspicious of free software that you didn't specifically go looking for. Some real-world examples include codecs you need to view videos, fake antivirus software, or electronic postcards "from a friend."
There are lots of ways you can lose your data, and most of them don't involve any kind of malicious behavior. If you don't keep backups of your important files, you're sure to regret it sooner or later.
All Brandeis community members get 1 gigabyte of storage space in their UNet home directories. It's a good, secure place to keep backups.
You might be very careful to keep your own computer secure, but what about a friend's computer, or a public computer at an Internet cafe? If you don't trust a computer, don't enter your UNet password into it!
LTS maintains public computers on Brandeis campus so that they are safe to use.
If you work or teach at Brandeis, you probably have access to sensitive data. That data could be student records, financial information, social security numbers, or any number of other things. Most people know that it's important to keep that data secure, but it can be easy to be careless with electronic information.
If you can possibly avoid it, don't put sensitive data on computers that aren't university-owned. Back it up onto your UNet home directory or an Omega file share, not USB drives or similar things that are easy to lose or steal. Try not to take sensitive data home with you.
