Securing your Computer:
Safe computing is mostly about prudence, preparation, and prevention. NDSU has seen a large number of computers on the network become compromised. The following suggestions are intended to help students, faculty, and staff become more aware of safe computing issues.
The Internet is a powerful resource, but the same features that make it powerful also provide the means for misuse. Your "network neighbors" are world-wide, and, if you are not careful, they may have complete access to your system or you identity. While there really is no "100% secure" Internet-connected computer system, it is possible to take a few simple steps to get close.
Of course, you might say, "I don't have any top secret information on my computer." However, you don't want to lose what you do have, and you don't want to be responsible for illegal activity on your computer. "Infected" computers can
- Infect other systems
- Take down entire businesses or networks
- Be used for illegal activities
- Be used as repositories for copyright protected media or software
- Have information corrupted or deleted
Hundreds of computers can be taken over in seconds. Remember that you, as an owner of an account or computer, are responsible for any and all activity using your access information. You can save yourself a lot of grief by following some basic rules for safe computing.
Create a Secure Login
Creating a secure login is the first and possibly the easiest step to a more secure computer. Here are a few tips on creating a more secure computer simply by creating a secure Login
- Always set up accounts that require good passwords. Do NOT allow a password to be empty or blank. Most password cracking tools that can find these and compromise them in seconds. Don't be an easy target.
- Use GOOD PASSWORDS! Do NOT use words that could be looked up in a dictionary or are simple. Password crackers can "guess" those in seconds. When possible, use special characters, digits, mixed case, etc. NDSU requires that your password should be at least 8 characters long, mixed case, special characters and digits. The website forbes.com recently named the 25 worst passwords of 2012 and number 1 is still "password" <-- Don't use this password!!!
- It is recommended that you remove un-needed accounts from your computer. Removing the guest account will secure your computer. Also, by removing un-needed accounts gives you a way to easily see if rouge accounts have been created if your computer does become compromised.
Update, Update, Update
In 2000, Microsoft released Automatic Updates to try to make sure that Windows computers connected to the Internet were getting the latest patches for their Operating System. This is a practice you should also get into regarding your computers as well.
- On NDSU computer equipment we utilize WSUS ( Windows Server Update Services) to provide the Microsoft based Windows computers their updates.
- For the Macs on campus we suggest that you check for updates on a weekly basis. Simply click the apple in the upper left and select Software Update... to start the update application
- Linux computers use a wide a varied update tool ranging from apt-get, pacman, yum, and many others, we suggest you update your software at least weekly
You should also make sure that your applications you have installed on your computer get updated as well. Most applications now have their own update utility built in and some operating systems have application stores that update those applications as updates become available. Until there are application stores for all operating systems please make sure your editing, viewing, watching and listening software is all up to date.
April 15, 2014
The Internet was stunned to learn of a significant vulnerabilty to security this last weekend. OpenSSL, an application that is used by software and services throughout the Internet for authorization of legitimate websites was found to have a core flaw. Essentially anyone from anywhere could send a specially crafted packet to a service or site using OpenSSL, asking if the server is still accepting communications and the server would return up to 64 Kilobytes of what was in its memory at the time of request. This return could be username and passwords, or documents, or even security certificates. The OpenSSL foundation responded and fixed the core code of OpenSSL, but there are still hundreds of thousands devices, or services that still are running the old version of the software. Please check for updates on your devices, and change any passwords for sites you maybe concerned about. However, only change those passwords after a site has patched their services, and revoked their old security certificate and created a new one.
December 5, 2013
Over 2 Million passwords to popular webpages discovered.
In Mid June, Trustwave Spiderlabs researchers were able to view information in the Pony Botnet controller that indicated that there were over 650,000 website credentials that had been harvested by this particular botnet, which, is fairly widespread. On Tuesday they announced that upon a more detailed look that over 2 million passwords have been harvested by this botnet. Many of these services have now been notified and they are taking corrective action on those accounts that have been compromised.