Device Security - Technical IT Staff
The most common forms of computer attacks are executed via email, malicious websites, removable media, and social engineering. Although the computer itself is under attack, the primary target is the end user's data. The attacker is attempting to trick the user into performing the actions needed to execute the attack. To protect yourself and your workstation you will want to:
- Recognize malicious emails and refrain from clicking on attachments or links.
- Use your work computer for work purposes. Limit casula web browsing and never click on advertisements.
- Be careful with removable media. If you find a lost USB drive or other removable device, it might have malicious software on it. Do not connect it to your computer. Instead, turn it over to your local IT staff or the DoIT Help Desk.
- Beware of social engineering. Social engineering is the clever manipulation of human willingness to trust other people. The best-automated defenses cannot protect against this type of attack.
If you have questions or concerns, please contact your local IT staff or the DoIT Help Desk.
Work Computers - Technical Content
As technical staff, you can be granted a higher level of access to systems. This means the changes you make at this level of access can have a greater impact on the confidentiality, integrity, and availability of a system. The IT Security Baseline defines minimum best practices for securing University data. Some additional suggestions:
- Never share your password with anybody, including a coworker or supervisor.
- Do not use the same password for business systems and social media sites such as Facebook, Twitter or Instagram.
- Be careful discussing technical details of campus systems with third parties.
Not all attacks are initiated by user interaction. In some cases, vulnerabilities can be exploited against an unsuspecting system. A good defense is to proactively identify and correct exploitable vulnerabilities. The University has licensed several tools to aid with identifying vulnerabilities. These include:
- Network scanning systems (Nessus, Qualys)
- A vulnerability management system (Secunia Corporate Software Inspector)
- An application scanner (IBM AppScan)
- A database scanner (McAfee Security Scanner for Databases) email email@example.com
Coordinate any scans or tests of University systems with the system owner. Obtain approval prior to conducting any scans. If you need assistance with any of these tools please contact firstname.lastname@example.org.
If you utilize a personal computer for any work purposes, you need to ensure the security of that device. There are several best practices that you can utilize to secure personal devices:
- Keep your operating system patched with the most recent updates. A few examples of these applications are your Internet browser, Adobe products and Java.
- Install and maintain anti-virus software. All staff can obtain free anti-virus software through the University for Windows and Mac systems.
- Ensure that a host-based firewall is enabled.
- If you are not connecting locally to the DoIT Staff Network, review the Campus Tools to Work Remotely. Primarily, understand how to use WiscVPN to secure your remote connection.
- Password protect your workstation. For guidance on creating password review the How to select, manage and protect passwords guide.
Personal Computers - Technical Content
Sometimes, technical staff need to troubleshoot work problems from home using a personal device. The ability to use personal devices increases productivity by allowing the freedom to resolve problems without coming to the office. This can cause additional risks depending on what other family members or activities are conducted on these computers. The threat to the organization is enhanced because technical staff often have elevated permissions to systems.
- If your job requires access to sensitive or critical resources, you can inquire if your department can provide a work computer for your home.
- Install only applications from trusted sources.
- Keep your home system patches up-to-date.
- Install antivirus on your computer. The University has a free version of Symantec that can be downloaded here.
- If you are working with sensitive or restricted data on your personal devices, encryption of that data is recommended. For more information view the Types of encryption and key concepts document.
- Create a non-administrator or root account for day-to-day use and elevate your privileges only when needed.
Securing Mobile Devices
The biggest security concern with mobile devices is that they are easy to lose or misplace. Additionally, mobile devices face most of the same threats as typical workstations, plus a few unique challenges:
Malware and Spyware: The amount of malware reported for mobile devices is rapidly increasing. There may be an anti-malware app for your phone.
App Permissions: The access that an application, particularly a “free” one, requests could include everything from your contact list to your physical location. This information may be stored or distributed to third parties by the app developer, as well as stolen or intercepted by unauthorized users.
Dialing for Dollars: An attacker sets up a premium text message system. The attacker creates malware to dial that number. The malware is installed as part of a downloadable game. The cell phone then periodically texts the number adding charges to the owner's cellular bill.
QR Codes and Shortened URLS: Short URL or QR Codes do not indicate where the end user is getting directed. They could be sent to a site that attacks the user's device.
Phishing Websites: Phishing websites are not new. Scammers have been targeting mobile devices because it is more difficult to recognize the site. Mobile devices make it difficult recognize the sites without security software.
Drive-by Downloads: This is a real website that an attacker has compromised and installed hidden malware. The malware will download when a user visits the site. This site is difficult to detect without security software.
BEST PRACTICES FOR MOBILE
- Be sure to use a strong and unique passcode or pattern sequence. If your unlocked phone is stolen your work accounts can be accessed easily.
- Keep your device up to date. That includes both the operating system and the apps running on your device.
- Look into tracking and remote wipe options for your phone
- Be cautious when clicking on links or QR Codes.
- Research an app before installing it.
Connecting Remotely and Public Access
While the Internet allows us to work from nearly anywhere, it also makes it easier for attackers to listen in on our communications. You should be especially mindful of how you're accessing campus resources from an untrusted network. Fortunately, there are tools and resources available to assist you and protect your devices.
- Connect via WiscVPN. If you are connecting through an untrusted network, either wired or wireless, you should establish a secure connection using the WiscVPN service. Even seemingly trustable networks, like the campus wireless hotspots, don't provide the security of WiscVPN.
- Do not use kiosks to access any work or personal accounts and services. This excludes DoIT managed kiosks available for use around campus as they are connected to the secure campus network. However, make sure you remember to log off after each session.
- Contact your local IT staff or the DoIT Help Desk if you have any issues with WiscVPN or other computer security tools such as antivirus and firewalls.
Connecting Remotely and Public Access - Technical Content
The WiscVPN service can be used to provide additional security. Besides providing an encrypted channel for communication, staff can request a static IP address. A static IP can allow system administrators to refine firewall rules to restrict access to sensitive services that are sometimes used by IT staff.
Stolen Device Stats
Below are statistics from University of Wisconsin Police Department regarding the reporting and recovery of stolen devices.
|Year||Laptops Stolen||Laptops Recovered||Cells Stolen||Cells Recovered||Tablets Stolen||Tablets Recovered||Desktops Stolen||Desktops Recovered|
According to UW Police "very few desktops stolen, while portable devices and cell phones are way up there. Vast majority of these thefts are opportunistic, where the thief sees an item unattended and unsecured."