Safe Computing for Students
University students should take the following actions:
- Enable automatic security updates for your computer
- Protect your computer against viruses
- Protect your computer against spyware and adware
- Install Computrace LoJack software to help recover your computer in the event of theft or loss.
- Use strong passwords that include letters, numbers, and special characters (for example, $, &, #). University Computing Account passwords must be a minimum of eight characters in length and include at least one special character.
Examples of strong passwords include: 4Kansas2Go!, 2Gud2Btu#, @luNch2DY.
Examples of poor passwords include: Steelers, Pitt, Barbara (or anyone else's name), anniversaries, and birthdays.
- Change your passwords at least every semester. Log in to my.pitt.edu, select Profile, click Manage Your Account, and then click Password Change to change your University Computing Account password
- Never give out your password to anyone.
- Use Secure Shell (SSH) protocol when transmitting data to a remote computer, such as a UNIX machine. Use a Secure File Transfer Protocol (SFTP) to transfer files.
- Use the University's Secure Remote Access service to connect to restricted services, including accessing sensitive information from off-campus locations.
- Don't open email attachments from people you don't know. Be aware that you can't always trust the "from" address in an email. For example, spammers will often alter a spam email message to make it appear as though it has been sent from another address, even an "@pitt.edu" address.
- Don't download programs from sites you don't trust.
- Do not install or use file sharing software on your computer. Harmful software, such as viruses and Trojans, can be transferred to your computer through file sharing software.
- Back up the data on your computer daily, making sure to maintain the encryption of sensitive data on the backup medium.
- Keep a written record of the make, model, serial number, and other pertinent information about your computer.
- Contact the University's Surplus Property unit to dispose of or recycle computers and computer equipment, and to destroy old hard drives
Guidelines for Specific Operating Systems
In addition, follow these guidelines for your specific operating system.
- Use a current Windows operating system: Windows XP SP3 or later, Windows Vista, or Windows 7. Earlier generation operating systems such as Windows 98, ME, and 2000 have unresolved security problems and Microsoft no longer provides support for these operating systems.
- Physically secure your computer in an office with a locked door if possible, or use a cable lock and attach it to your desk.
- Don't leave your computer unattended so that someone else can use it. Use the CTRL+ALT+DEL keys and choose "Lock Workstation". Configure the Windows Screen Saver with a password by following these steps:
Windows 7 or Vista: Select Start, then Control Panel, then Personalization, then Screen Saver.
Windows XP: Select Start, then Control Panel, then Switch to Classic View, then Display, then Screen Saver.
- Ensure that the Windows Firewall, a Windows-compatible firewall, is enabled. Instructions are included in the help sheet titled How to meet the Health Check Secure Remote Access Requirement.
- Disable the Windows "Auto Login" and "Switch User" features. Make sure you have an account and password on the computer and do not use Auto Login or Switch User on Windows. These features allow anyone to access all of the information stored on your computer. Use Ctl-Alt-Delete instead to log in to your computer.
You can disable the Windows "Auto Login" and "Switch User" features at Control Panel -> User Accounts -> Advanced tab, and ensure that the box next to Require users to press Ctrl+Alt+Delete is checked
- Disable auto login. As a convenience, OS X automatically logs in to your account when you start up. This means that anyone else who boots your computer will gain full access to your account. To prevent this, uncheck the auto login box in Accounts preferences. Always use a password to access your Macintosh desktop. To disable auto login, go to System Preferences -> Accounts -> Login Options. Set "Display login window" as Name and Password. Set "Enable fast user switching" as Enabled, and set the View option as Name. This allows the user to lock the workstation when not in use, similar to how Windows functions.
- Use an updated OS X operating system, version 10.4, 10.5 or 10.6. Earlier generation operating systems have unresolved security problems.
- Don't leave your computer unattended so that someone else can use it. Lock it by using one of the standard Macintosh methods, logout or rotate to login window.
- Ensure that the Macintosh firewall is enabled. Turn on your firewall (Sharing Preference page). Go to Sharing, click Firewall, and click Start. You might need to allow specific services called ports if you are using them.
- Password protect the Macintosh screen saver. In the Security preference panel, select Require Password To Wake This Computer From Sleep or Screen Saver.
- Use the "Require Password When Waking" feature (Security Preference pane). This feature offers simple but powerful protection from snoops. For this to work well, make sure the screen saver interval is set to 5-10 minutes.
- Assign a Keychain Password (Keychain Access Application). On OS X, passwords are managed by Keychain Access (found in Application/Utilities). By default, the keychain password is the same as your login password. Anyone could change this by booting from an OS X CD-ROM and all of your passwords could be revealed. To prevent this, set a Keychain password that is different from your login and admin accounts. Use Change Password, which is found in the Edit menu.
- OS X requires entry of the Admin password before any major modifications can be made to the operating system. This means that you actively manage the security of your system. If the system asks for the Admin password when you don't expect it, click Cancel unless you understand why the system is requesting the password.
- Use an unprivileged login to do your daily work. Linux and Unix allowed unprivileged accounts to easily be created and used. Log in only as root to perform system administrator functions.
- Disable any and all network services, as well as services such as email, web, and file sharing.
- Check your logs on a regular basis for any anomalous activity. For example, repeated failed login attempts can be an indication of a hacking attempt. If you notice suspicious activity in your logs, contact the Technology Help Desk at 412 624-HELP .
- Use a Linux built-in or compatible firewall.
- When possible, check digital signatures of packages that you download and install. Consult your distribution help pages to find out more about this. Most web sites provide MD5 checksums and verified downloads for protection.
- Make sure you know what services and applications are running. This will help ensure that no rogue processes (such as keyloggers, which run as services or applications) are being run on the system.
- Disable the ctrl-alt-del keyboard function. If you do not disable this function, then someone could shut down your computer and capture control of it during the rebooting process
Guidelines for Mobile Devices
Portable devices include laptop computers, BlackBerries, smart phones, PDAs, USB drives, CDs, and floppy disks. These devices are frequently stolen or lost. Remember that you should eliminate any unauthorized sensitive information from portable devices and encrypt all authorized sensitive information. In addition, follow these steps to protect your devices.
- Physically secure your laptop computer by keeping it in an office that can be locked. Also, use a cable lock to secure it to a desk or heavy object in or outside of the office.
- The University Police department offers a laptop registration and engraving service called Operation ID to help identify stolen equipment.
- Do not store sensitive or confidential data on mobile devices unless you have been authorized to do so.
- Avoid leaving your mobile devices and media unattended.
- Always use a password to protect your portable device against unauthorized use.
- Turn Bluetooth power off by default, and do not let it be set to discoverable.
- Turn off the radio switch for your laptop's wi-fi access when you are not using it.
- If a portable device is lost or stolen, contact University Police for assistance. BlackBerry users with access to Enterprise Exchange should also contact the Technology Help Desk at 412-624-HELP . A security wipe can be performed remotely on the BlackBerry, which will delete all Exchange information and disable the phone service.