Network Operations Center -- Chris Ihm -- 8/2007

This document is aimed at PC users on Dowling's administrative networks. Recommendations for secure computing on home and Residence PCs are at this page.

The Internet resembles America's old West, where the "rule of law" takes a back seat to Darwinism, the "survival of the fittest." In such an environment your PC is attacked from many directions, such as email, network traffic and plain-old web surfing. Your I.T. staff has worked very hard to protect Dowling's computing environment from harm. It's a continuing "arms race".

The danger here is that students' personal information, or yours, could be stolen. A compromised PC can provide a route into secure systems, from which social security numbers and other private data could be harvested and sold. So it is critically important that each and every PC inside Dowling's networks is properly secured. This requires your cooperation and assistance.

Below we have gathered some advice from many sources, including recommendations from colleagues, newsletters, personal experience and lots of security-related web site. Here are our recommendations:

1. First, learn to operate your PC safely. Adjusting your behavior while using the Internet is the most effective prevention measure against security problems.
   • Rule Number One: Never open an unexpected email attachment. If an attachment arrives that you weren't expecting, telephone the sender.

     "No legitimate organization on the planet will EVER send you an update file attached to an email message."
     -- Patrick Douglas Crispen, http://www.netsquirrel.com/

   • Use your Dowling email account ONLY for Dowling business. Use your home email or a free email from Hotmail, GMail, Yahoo, etc. for things that are not business-related.
   • Avoid visiting "questionable" sites. This is a judgement call, of course, but most people can tell when there's a problem. Hacker sites, gambling sites, and porn sites are especially dangerous - they like to install programs on your PC without your knowledge. Some news and shopping sites do the same thing. Just remember to wash your hands when you're done.
   • Give out as little information about yourself as possible. The FTC has a good site about identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft/.
2. Backup your data:
   • Store important files on J: - Whenever you login to the network it connects you to a personal storage space named "J:". This is your "home directory" on the network, and it's backed up every night. In the event your PC has serious problems, you can login at ANY administrative computer on campus to retrieve files from your J: drive.
   • Copy important files to CD, flash drive or (last resort) floppy. This gives you quick access in case of data loss. Floppy disks are the smallest, least reliable storage medium so use them with caution, if at all.
3. Do not install software on your PC. There are many issues that arise with software installation, among them:
   • Licensing: Does Dowling own the software you're installing? Unlicensed copies can cost the College hundreds of thousands of dollars in licensing violation fines. In fact, did you know that you could be held personally responsible for licensing and copyright violations on your PC? Review the Dowling College Acceptable Use Policy, especially the third paragraph from the bottom that reads, "Each user agrees to indemnify and hold harmless Dowling College...".
   • Stability: Is the software well-written? Poorly-coded programs can wreak havoc on a formerly smooth-running PC. Screensavers and "Active Desktop" programs are notorious PC-killers.
   • Unintended installs: are you sure that's all you're installing? For example, many file-sharing programs install spyware that "phones home" about your web-surfing behavior, and popup programs that interrupt your work to show you advertising. Who needs that?
   • In short, you are NOT PERMITTED to install software on Dowling PCs without authorization. If you need software installed on your PC please contact the Help Desk at x3445.
4. Read and learn about the issues. Here are some comprehensive discussions of personal computer security from authoritative sources:
• From CERT: http://www.cert.org/homeusers/HomeComputerSecurity/
• Another CERT article: http://www.cert.org/tech_tips/home_networks.html
• Microsoft's security tips: http://www.microsoft.com/security/
• Some other discussions of security we've found useful:
• http://www.firewallguide.com/
• http://www.antionline.com/fight-back/

In case you think we're slacking, here is some of the measures we have taken to protect your PC:

• Computer Associates' eTrust Antivirus detects and deletes viruses and worms. Malicious programs can be "caught" from e-mails or from browsing certain web sites. We automatically update the antivirus on all on-campus PCs regularly. We can help you initiate a scan of your PC you think there is a problem: just call the Help Desk at x3445.
• PatchLink automatically delivers software updates to your PC whenever you login. This is how we update Windows and much of your software. You can help the process:
  • Shut down your PC every night. When you login the next day, updates will be delivered.
  • Allow your PC to reboot if asked. Some updates make major changes that require completely reloading Windows, which is accomplished with a reboot.
  • Report problems to the Help Desk, x3445. Only you know how your PC normally behaves, so if its behavior changes for the worse, please tell us so we can investigate.
• SpySweeper Enterprise detects and deletes spyware, a form of malicious software which can violate your privacy and cause your PC to slow down or fail altogether. SpySweeper is automatically updated from a central server on-campus, and also scans your PC two or three times a week, usually during lunchtime.
• Our mail system blocks viruses, worms and potentially dangerous attachments. It also blocks messages from servers known to be sending spam (RBL blocking), and messages containing links to known spammer sites (SURBL blocking). Remaining messages that "look like" spam are forwarded to you with the word "spam" added to their Subject, so you can judge for yourself. By using layers of protection we increase your PC's security: malware that gets past one layer is likely to be caught by another.
• Our firewall protects you by blocking most attempts to connect to your PC from outside, while allowing connections to our public servers. It's difficult for a PC outside Dowling to reach your PC directly unless YOU inititiate a connection by, for example, browsing to a site or running a file-sharing program.
• Zenworks provides software delivery, inventory management and remote-control support capability:
  • Links to software installed across the network, like Banner, GroupWise, and access to special software like Budget Management or system management programs.
  • Reports on software and hardware installed on Dowling's PCs; this helps us support you when you have PC problems and helps us plan for improvements and upgrades.
  • Zenworks Remote Control enables us, when you give permission, to take control of your PC to show-and-tell, to fix problems or install software for you.