The Information Technology Security Office is committed to presenting technology security awareness sessions to anyone associated with George Mason University. If you are interested in learning more about this educational opportunity, visit the IT Security web site at <http://itu.gmu.edu/security> for links to advisories and news for quick alerts and current security information, rules and regulations, system administrator resources, information about spam, security tips, virus alerts, and much more.

What You Can Do To Minimize IT Security Risks

Security awareness training is the most effective means of securing the world’s cyberspace. The adage “think globally and act locally” aptly applies to cyberspace and its legion of users because IT security is difficult to achieve unless a cooperative and layered approach is employed by everyone. IT security begins with collective user awareness and shared responsibility. George Mason University’s central computer unit, The Information Technology Unit (ITU), works cooperatively to secure the enterprise systems and the network infrastructure. It is the individual user’s responsibility to understand the university policies and apply safe computing practices when using Mason’s resources. Secure computing practices for Window’s desktop users are suggested below.

Familiarize yourself with the Responsible Use of Computing (RUC) Policy 1301 found online at <http://www. gmu.edu/facstaff/policy/newpolicy/1301gen.html>.

 

Profile of a Responsible Computer User:

Knows what policy governs all computer use at George Mason University.
The Responsible Use of Computing Policy 1301 was written to preserve the security, availability, and integrity of Mason’s computing resources, and to protect all users’ rights to an open exchange of ideas and information. The policy sets forth the responsibilities of each member of the Mason community in the use of these resources. The full text is available at <http://www.gmu.edu/facstaff/policy/newpolicy/1301gen.html>.

Knows where to find technical assistance at Mason.
The Departmental Technology Coordinator Group was developed by the ITU Support Center to assist staff. You should contact your Technology Coordinator as your first stop. The list of coordinators is available at https://docushare.gmu.edu/dsweb/View/Collection-578. Of course, you can also call or visit ITU Support at 703-993-8870 or in person at Innovation Hall, Room 233. The web site also features a Help link for specific questions.

Knows that Mason has a site license for Symantec Endpoint Protection/AntiVirus Software.
If you are affiliated with George Mason University, you are entitled and encouraged to install and use Symantec Endpoint Protection/AntiVirus Software both at the office and at home. A copy is available to download from the ITU Support web page or you can drop by Patriot Computers in Johnson Center, Room 115 to pick up a CD ($10). Call Patriot Computers at 703-993-4100 for additional information.

Verifies that their Antivirus Software is up to date.
Antivirus software needs to be regularly updated to be effective. Malicious virus and worm writers are constantly letting loose new strains. Symantec Endpoint Protection/AntiVirus has a feature called “Live Update” allowing you to get the latest virus definitions. The easiest way to make sure your definitions are up-to-date is to call ITU Support (703-993-8870) and request that your Symantec Endpoint Protection/Antivirus Software be configured as managed. If your copy is managed, you will automatically receive virus definition updates from Mason servers daily or as new definitions become available. If your computer cannot be put on a managed server, the Support Center will help you set the best available options on your computer.

Knows about Windows Update and regularly uses this feature to protect their systems from vulnerabilities.
Microsoft has created a web site that checks for the latest service packs and security patches customized for your operating system. Often 4 –6 patches a month are released. If you fail to update your computer regularly, a compromise can occur.  If you need assistance please call the Support Center at 703-993-8870.

Creates “hard to guess” passwords.
The best passwords are pass phrases. Pass phrases include uppercase and lowercase letters numbers or symbols. “Cracking” a user’s password or the administrator account is easy if your password is a word found in any dictionary, in any language. Intruders have files at their disposal that contain almost every word known in any language. They feed those into a program that attempts to “guess” your password and voila’. Make it harder for them by using a pass phrase. Read <http://security.gmu.edu/practices/guidelines.html> for additional guidelines on how to set passwords.

Shuts down their system or logs off when away from the computer for an extended period of time.
Hackers routinely roam the Internet looking for untended machines so they can exploit any available backdoors to do malicious and destructive damage. Prevent this from happening by making it a habit to log off or shutdown your computer when you are away from your computer for an extended period of time.

Archives important files by copying to write protected medium.
Remember to back up the data you use on a regular basis. “Archive” data on a memory stick, DVR or CDR. Label and date the copy and keep it somewhere safe. If you are on the university’s Novell or MESA network, you also
have a network drive available to you to store archived files. A red N icon on your desktop tells you whether you are on the Novell network. If you are, you should see a home directory or H drive listed as one of your save options in your applications. This is your personal network directory available only to you to store files on. If you are on the MESA network an “M” drive designates your personal network directory. As always if you have questions please call the Support Center at 703-993-8870.

Avoids identity theft by following the basic precautions listed below.

• Never gives out their password over the phone, e-mail, or chat session to anyone, not even ITU staff.
  
  
• Doesn’t share their password, write it down leaving it on or near their computer or under their keyboard; they keep it locked in their head.
  
  
• Sets the screen saver password to turn on in 10 minutes, so if they walk away from their desk no one can sit down and use their account.
  
  
• If a login site was reached through an Internet browser, they remember to log out or close the browser, especially when using public computers!
  
  
• Never allows their Internet browser or mail application to “remember” their password.
  
  
  Physically protects their computer.
  Always makes sure that a computer is physically protected in a way that’s consistent with its value – and remembers that the value of a machine includes not only the value of the hardware itself, but the value of the data on it and the value of the access to the University’s network. Business-critical machines, like domain controllers, database servers, and print/file servers should always be in a locked room that only people charged withadministration and maintenance can access.
  

• Takes measures to protect their laptop.
  If you travel with a laptop, it’s absolutely critical that you protect it. The same features that make laptops great to travel with – small size, lightweight, and so forth – also make them easy to steal. There are a variety of locks and alarms available for laptops, and some models let you remove the hard drive and carry it with you. There are also software locks such as Computrace (available at Patriot Computers) that works similarly to LoJack car security systems. The only way you can know with 100% certainty that your data is safe and the hardware hasn’t been tampered with is to keep the laptop on your person at all times while traveling.

  
  Educates student technology assistants.
  Before you allow student assistants to administer a lab in your department or set up a brand new web server, require them to consult with your departmental IT staff or the ITU. If they don’t apply proper security configurations and patch updates prior to connecting these systems to the Internet, compromises will occur that could have consequences that affect the entire Mason computing community. Encourage all server or lab administrators to join the Systems Administrator Leadership Team (S.A.L.T.) <http://security.gmu.edu/sysadmin/salt-description.html> to take courses online <http://smartforce.doit.gmu.edu/index.html>, or attend workshops <http://www.doit.gmu.edu/workshops.cfm>.

  
  Responsible computer users do not hesitate to ask for assistance. Call ITU Support with any questions or concerns 703-993-8870.

Back to FSTG Homepage

Last Revised: February 13, 2009