Securing On-campus PCs

Network Operations Center -- 03/2010

This document is aimed at PC users on Dowling's administrative networks. Recommendations for secure computing on home and Residence PCs are at this page.

The Internet resembles America's old West, where the "rule of law" takes a back seat to Darwinism, the "survival of the fittest." In such an environment your PC is attacked from many directions, such as email, network traffic and plain-old web surfing. Your I.T. staff has worked very hard to protect Dowling's computing environment from harm. It's a continuing "arms race".

The danger here is that students' personal information, or yours, could be stolen. If the computer entrusted to you becomes compromised, it can provide a route into secure systems, from which social security numbers and other private data could be harvested and sold. So it is critically important that every PC inside Dowling's networks is properly secured. This requires your cooperation and assistance.

Below we have gathered some advice from many sources, including recommendations from colleagues, newsletters, personal experience and lots of security-related web sites.

  1. First, learn to operate your PC safely. Adjusting your behavior is the most effective prevention measure against security problems.
    • Avoid visiting "questionable" sites. This is a judgement call, of course, but most people can tell when there's a problem. "Your" PC here at Dowling is provided to you so you can do your work; if you stay on business-related sites it is unlikely that your PC will be attacked.
    • Never open an unexpected email attachment. Unless you're certain what that attachment contains, don't open it. Telephone the sender if you have any doubt.
      "No legitimate organization on the planet will EVER send you an update file attached to an email message."
      -- Patrick Douglas Crispen, http://www.netsquirrel.com/
    • Use your Dowling email account ONLY for Dowling business. Use your home email or a free email from Hotmail, GMail, Yahoo, etc. for things that are not business-related.
    • Give out as little information about yourself as possible. The FTC has a good site about identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft/.
  2. Backup your data:
    • Store important files on J: - Whenever you login to the network it connects you to a personal storage space named "J:". This is your "home directory" on the network, and it's backed up every night. In the event your PC has serious problems, you can login at ANY administrative computer on campus to retrieve files from your J: drive.
    • Copy important files to CD, flash drive or (last resort) floppy. This gives you quick access in case of data loss. Floppy disks are the smallest, least reliable storage medium so use them with caution, if at all.
  3. You are NOT PERMITTED to install software on Dowling PCs. If you need software installed on your PC please contact the Help Desk at x3445. There are many issues that arise with software installation, among them:
    • Licensing: Does Dowling own the software you're installing? Unlicensed copies can cost the College hundreds of thousands of dollars in licensing violation fines. Did you know that you could be held personally responsible for licensing and copyright violations on your PC?
    • Stability: Is the software well-written? Poorly-coded programs can wreak havoc on a formerly smooth-running PC.
    • "Trojan horse" programs: are you sure that's all you're installing? For example, many file-sharing programs install spyware that "phones home" about your web-surfing behavior, and popup programs that claim to protect your PC from viruses. What if that list of student IDs on your PC gets transmitted to identity thieves?
  4. Read and learn about the issues. Here are some comprehensive discussions of personal computer security from authoritative sources:

Here are some of the measures we have taken to protect your Dowling PC:

  • Computer Associates' eTrust Suite detects and deletes viruses, spyware, and trojan horse programs. We automatically update the antivirus on all on-campus PCs regularly. We can help you initiate a scan of your PC you think there is a problem: just call the Help Desk at x3445.
  • PatchLink and Zenworks automatically deliver software updates to your PC. This is how we update Windows and much of your software. You can help the process:
    • Shut down your PC every night. When you login the next day, updates will be delivered.
    • Allow your PC to reboot if asked. Some updates make major changes that require completely reloading Windows, which is accomplished with a reboot.
    • Report problems to the Help Desk, x3445. Only you know how your PC normally behaves, so if its behavior changes for the worse, please tell us so we can investigate.
  • Our mail system blocks viruses, worms and potentially dangerous attachments. It also blocks messages from servers known to be sending spam (RBL blocking), messages containing links to known spammer sites (SURBL blocking), and messages that "look like" spam. Every morning you receive a GWAVA message restriction digest which lists emails that were blocked. If any of them looks like it might be legitimate you can click the "release" button to tell GWAVA to deliver it.
  • Our firewall protects you by blocking attempts to connect to your PC from outside, while allowing outbound connections to public servers. It's difficult for a PC outside Dowling to reach your PC directly unless YOU inititiate a connection by, for example, browsing to a site or running a file-sharing program.
  • Zenworks, in addition to delivering software updates, provides inventory management and remote-control support capability:
    • Links to software installed across the network, like Banner, GroupWise, and access to special software like Budget Management or system management programs.
    • Reports on software and hardware installed on Dowling's PCs; this helps us support you when you have PC problems and helps us plan for improvements and upgrades.
    • Zenworks Remote Control enables us, when you give permission, to take control of your PC to show-and-tell, to fix problems or install software for you.

For further information and advice about safe computing on Dowling's PCs, please visit http://www.dowling.edu/mydowling/Tech/best-practices.html.




© 2007 Dowling College