Securing your Computer & Protecting your Information
Use of all University of Hawaii information Technology Resources are governed by UH Executive Policy: E2.210 — Use and Management of Information Technology Resources. Continued use of your UH Username and University Information Technology Resources indicates your acceptance of and agreement to E2.210. The complete policy can be found online at: http://www.hawaii.edu/infotech/policies/itpolicy.html
A brief summary of Section III, "Principles of Responsible Use", is provided for your convenience. These examples are intended to illustrate the range of unacceptable actions rather than to exhaustively elaborate all specific behaviors that may violate this policy.
Users of University information technology resources should always engage in responsible computing and network practices. All users must respect property, security mechanisms, right to privacy, and freedom from intimidation, harassment, and annoyance in accordance with all University policies and procedures.
USERS MUST...
- Adamantly protect their personal passwords. If you suspect someone else is using your UH Username, please report it to the ITS Help Desk: (808) 956-8883.
- Respect the privacy of others' passwords, information, and communications, and may not attempt to use University resources to gain unauthorized access to any site or network or to maliciously compromise the performance of internal or external systems or networks.
- Not falsely represent themselves or "spoof" another physical network connection.
- Observe all laws relating to copyright, trademark, export, and intellectual property rights. Copying or sharing of copyrighted songs, movies, TV shows, software, games, etc. for purposes other than “fair use” as defined in the U.S. Copyright Law and the Digital Millennium Copyright Act (DMCA) is illegal. See http://www.hawaii.edu/askus/813 for more information.
- Ensure that their electronic communications do not infringe the rights of others and are conducted in accord with the same standards of behavior that apply in other forms of communication.
- University resources are intended to be used for institutional purposes and may not be used for private gain.
- Users may not engage in activities which compromise institutional systems or network performance for others.
Securing Your Computer:
DO....
- Perform System updates.
- Use anti-virus software and update it regulary.
- Make regular backups of critical data (and test your backups to ensure they are readable).
- Use strong passwords. Change them frequently and change all default passwords.
- Use a properly configured firewall. Warning: a misconfigured firewall can provide a false sense of security and will allow viruses, worms, and hackers into your computer.
- Test your system for vulnerabilities. Use web-based vulnerability assessment tools such as:
http://www.grc.com (click on "ShieldsUp"). - Download software from reputable sources.
- Use anti-spyware. Update the software frequently and scan your computer regularly for spyware.
- Visit only legitimate websites. Malicious websites can download and install malware on your computer turning it into a "spam generator" or or become part of a bot network which can be used to attack other machines.
- If you use P2P file sharing software:
- Remember that downloading and distributing copyrighted materials (songs, movies, software, games, etc.) is illegal and violates UH Executive Policy E2.210: Use and Management of Information Technology Resources.
- Know & monitor which directories and files are being shared.
DO NOT...
- Open email attachments from strangers and any unexpected or unusual email from people you do know.
- Use "previews" — automatic viewing and downloading of attachments or files.
- Do not run unnecesary services such as web servers (IIS), databases (MS SQL), Telnet, FTP, IRC, etc.
- Download software from untrusted sources.
For more detailed information about "Securing Your Desktop Computer", please read: http://www.hawaii.edu/askus/593
Protecting Your Information:
- Do not reply to unsolicited (spam) email.
- Use free web-based email addresses (Yahoo, Hotmail, etc.) when subscribing to email lists to minimize the amount of spam email you might recieve on your primary email account.
- Do not give out personal information (address, SSN, passwords, etc.) in response to unsolicited requests.
- Protect your passwords.
- Encrypt or password-protect files that contain personal, confidential information such as tax return files, online banking information, etc. Use the built-in encryption capabilities of your operating system or use other third party products such as GPG (http://www.gnupg.org/download/index.en.html). As of 5/29/14, ITS is no longer suggesting TrueCrypt as an encryption method.
- Windows Encryption: http://www.hawaii.edu/askus/1285
- Mac OS X Encryption: http://www.hawaii.edu/askus/676
- Windows Encryption: http://www.hawaii.edu/askus/1285
- Be suspicious of email from what appears to be a legitimate organization (such as Citibank, eBay, PayPal, FirstUSA, etc.) asking you to click on a link to update your personal information such as name, address, SSN, bank accounts, and credit card numbers . These are fraud schemes known as "phishing". Personal information gathered will be used/sold to commit fraudulent financial activities. Do NOT update your personal information by clicking on the link. If it seems legitimate, call the organization to verify the request and always type in the URL yourself. For more information on "phishing" visit:
https://www.consumer.ftc.gov/articles/0003-phishing
http://www.antiphishing.org
Remember UH ITS will never ask for your username and password over email. We will also never ask you to put your username or password in a URL to request an email quota increase or for any other service enhancement.
On-Line Transactions
- DO NOT user public computers or wireless networks for personal/confidential transactions.
- Use only one credit card (with a low limit) for ALL online purchases.
- USE only one checking account for alFor all EFT (Electronic Funds Transfers) transactions.
- DO NOT use your SSN if at all possible.
Preventing ID Theft & Fraud
- Do an annual credit check:
http://www.annualcreditreport.com/ - Watch for unauthorized charges.
- Verify that you are receiving all statements.
- Don't send personal, credit card, or other financial information over email or IM.
- Use a cross-cut shredder to destroy your personal documents that contain sensitive information including pre-approved credit card offers.
- Report fraudulent activities to:
- the Internet Crime Complaint Center (IC3): http://www.ic3.gov
- the Federal Trade Commission (FTC): http://onguardonline.gov
- For additional ID theft prevention tips, visit the State Attorney General's website: http://ag.hawaii.gov/quick-links/id-theft/id-theft-related-resources/
Additional Resources
- http://www.ic3.gov
- http://onguardonline.gov
- http://www.microsoft.com/athome/security
- www.hawaii.edu/askus/705
- www.webopedia.com/TERM/S/strong_password.html
- http://computer.howstuffworks.com/firewall.htm
- http://www.staysafeonline.org
- http://www.antiphishing.org
- https://www.consumer.gov/articles/1015-avoiding-identity-theft
- https://www.consumer.ftc.gov/topics/online-security
- http://windowsupdate.microsoft.com
Information for this document compiled from:
https://www.hawaii.edu/policy/
http://onguardonline.gov
http://www.us-cert.gov/
www.copyright.gov/title17/
www.copyright.gov/legislation/dmca.pdf
Last Reviewed January 2011
Last Updated: January 2011
