December 15, 2003

Are you practicing safe computing?

Donna Price is coordinator for communications and marketing services for ITD.

Information security incidents are an ongoing threat to the Emory computing community. Many computers still harbor live strains of the viruses and worms, such as the W32/Blaster, that attacked computers and workstations across campus beginning in late August. Even with mass efforts to clean and patch systems, the computing community remains infected.

Other systems have security vulnerabilities that leave them susceptible to malicious attacks that could potentially cause data loss, legal liability and other serious consequences.

The Information Technology Division's (ITD) security team works to protect the network and connected electronic resources from hacks and attempted hacks, computer viruses and worms, spam, and copyright infringements. Over the past year the team has implemented several initiatives, such as e-mail virus scanning and a firewall system, that go a long way toward securing campus computing.

"The e-mail virus scanners have been a huge success," said Jay Flanagan, ITD security team lead. "In the first month alone, more than 50,000 viruses were either eradicated or quarantined. We're also working with Emory Healthcare and other campus IT units to protect [Health Insurance Portability and Accountability Act] and [Family Education Rights and Privacy Act] information, human resources, financial and other restricted-access data via a trusted-core firewall."

Ultimately, however, the security of networked resources hinges on an informed and proactive computing community. That's why, as part of its new security awareness program, "Information Security: U R IT," ITD is calling on the Emory community to routinely use safe computing practices.

Six steps to ensure safe computing are:

· follow recommendations for selecting passwords.

· install and use antivirus software.

· install Windows operating system patches when they become available.

· keep system software up to date.

· protect the network from copyright violations and problems associated with peer-to-peer (P2P) software.

· immediately report security incidents to the security team or the ITD Help Desk.

Four questions to ask when assessing computing security practices are:

· Have you changed your passwords in the past three months? Individuals are responsible for securing and selecting strong passwords and for changing them regularly. Password guidelines for desktop computing are posted online at www.it.emory.edu/showdoc.cfm?docid=2601 and for system administration at www.it.emory.edu/showdoc.cfm?docid=1535&fr=1096.

· Does your computer run slowly or crash regularly? It only takes one incidence for a security problem, like a virus or worm, to seriously affect a computer. On average, there are more than 300 new viruses or variants of existing viruses every month.

If you surf the Internet, swap files with friends, receive and look at attachments, or use any files from an outside (not on your computer) source, you can pick up a virus or worm. Even with antiviral software, computers can be infected. That's why it's important to keep software updated and to schedule regular scans.

Even Macintosh computers can also be vulnerable. Macintosh-only viruses are rare, but it's possible to pass along Windows viruses in attachments, particularly Word Macro viruses.

The latest version of Emory's recommended, site-licensed antivirus software, Symantec, is available at http://software.service.emory.edu and is also on the Emory Online CD-ROM.

· If you are using Microsoft Windows operating system, have you applied all the latest security patches? With the recent major vulnerabilities in the Windows operating system, it's critical that users watch for ITD systems alerts, follow the directions and install recommended patches immediately.

· Is P2P software installed on your computer? Not everyone is aware that installing file-sharing software opens computers and the network to hackers and creates security vulnerabilities not only for individual machines but also for the entire University network. Once installed, these applications can reveal sensitive information hackers use to gain remote control of your computer to explore and exploit your files and the network.

Additionally, unauthorized use, modification or distribution of copyrighted works is a violation of copyright law unless the use is considered fair use under the law. Individuals are responsible for protecting themselves from copyright infringement violations by using Emory's computer and network resources in accordance with all Emory rules, guidelines and policies as well as all federal, state and local laws, rules and regulations.

The ITD Help Desk at 404-727-7777 or help@emory.edu can assist with safe configuration or removal of P2P software. Look for recommended security guidelines, policies, standards and practices at http://it.emory.edu/security_policies, and report security incidents by e-mailing SecurityTeam-L@listserv.emory.edu.