Frequently Asked Questions

General Information Security

The following seven computer security tips are recommended by the National Information Protection Center (NIPC):

• Use strong passwords. Choose passwords that are difficult or impossible to guess but easy to remember. Give different passwords to all accounts.
• Make regular backups of critical data. Backups must be made at least once each day. Larger organization should perform a full backup weekly and incremental backups every day. At least once a month the backup should be verified.
• Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files in your computer periodically.
• Use a personal firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software. They are essential for those who keep their computers online though the popular DSL and cable modem connections but they are also valuable for those who still use dialup.
• Do not keep computers online when not in use. Either shut them off or physically disconnect then from the Internet connection.
• Do not open e-mail attachments from strangers, regardless of how enticing the subject line or attachment may be. Be suspicious of an unexpected e-mail attachment from someone you do know because it may have been sent without that person's knowledge from an infected machine.
• Regularly download security patches from your software vendors.

Additional security tips from TU’s Information Security Team:

• Be wise about cookies. Some Web sites require that your computer accept cookies before allowing access, but these little programs can reveal a lot of information about you. A good compromise: Keep cookies disabled and enable them only when necessary to visit a site you really need to see.
   
• Cookies

If you use Windows and share files with other Windows users, be sure your computer's permission settings require them to enter a username and password before gaining access. Without this safeguard practically anyone can tamper with you disk drive.

How will I know if the security of my computer has been compromised?

One way to identify suspicious behavior on your computer is to look for files and/or programs that you did not install, or for other behavior that is unexpected and out of the ordinary. If a program runs or opens by themselves (and didn't use to do so), you may be infected with a Trojan horse.

Another indicator that your computer may be infected or under attack is if the computer's speed becomes very slow all of a sudden. Your awareness of this performance change is important. We recommend you use an antivirus software (and a firewall, if you have one installed) to warn you of infections and attacks.

Is there a group on campus that can assist departments with identifying system vulnerabilities and risks?

TU has a team of specialists ready to help departments prevent attacks and to recover when they do occur. The TU's Information Security 's charge is to raise security awareness on campus and to assist departments with security-related issues.

The team offers TU departments a number of security-enhancing services, including:

• Vulnerability testing and network scanning. Using the same software tools hackers use, the team can try to break into your system — without causing any damage, of course.
• Security consulting and firewall analysis. A firewall is a specialized computer used to connect a local network to the Internet and guard against malicious traffic. Do you need a firewall, or will software-based security be sufficient in your setting? These folks can help you decide.

For more information on these services, contact the ISO at infosec@towson.edu.

How do I know if I am on a "secure" Web page?

Before you give personal information to a Web site, verify that the page is secure. A secure site should have one of the following:

• A closed padlock which can be found in the lower left corner of Netscape 7 or greater and in the right corner for Internet Explorer 6 or greater.
• An "s" added to the familiar "http" (making it https)

What constitutes harassing or inappropriate e-mail, and what can I do about it?

Examples of inappropriate e-mail include but are not limited to, SPAM, pyramid schemes, mass-mailings, marketing one or more products or services for sale, and chain-letters. Harassing e-mail messages can be construed as messages that threaten or intimidate the recipient.

You can find helpful information on this topic on WHOA's resource page.

What do I need to know about identity theft?

If you suspect your personal identity information has been compromised, please consult the following sites for information on what to do. The FTC provides a booklet "ID Theft: When Bad Things Happen To Your Good Name" that can be printed on-line, or you can contact the FTC directly to place an order.

Federal Trade Commission (FTC)
1-877-ID THEFT (877-438-4338)
Consumer Response Center, FTC
600 Pennsylvania Avenue, N.W.
Washington, DC 20580.

• ID Theft - FTC
• Identity Theft
• The Privacy Story

I opened an e-mail attachment I wasn't expecting... does that mean that my computer is infected?

Potentially. You should immediately run anti-virus software on your computer to find out.

What will protect my computer from hackers, worms, and viruses?

Keeping your operating system and software up-to-date is important because viruses and hackers use security flaws in old software to hijack computers.

Antivirus software is important because it protects your computer from known virus threats and other 'malware'. McAfee VirusScan™ is available free of charge to students via OTS Software Downloads.

• OTS Software Downloads

A firewall helps to prevent intruders from making unsolicited network connections to your computer. MacOS X™ and Windows XP™ come with firewall software (although it may not be turned on). If you have an earlier version of Windows™ you should strongly consider obtaining third-party firewall software for your computer.

How can I tell if an e-mail is authentic or bogus?

Newer worms and viruses can generate convincing e-mails that appear to have come from trusted sources. Most virus-laden e-mails are filtered by antivirus programs on the TU e-mail servers; however new viruses may make it through if they arrive before a reliable method to detect them has been developed.

The 'from' and 'to' fields of an e-mail may not identify the actual sender or the intended recipient. It's very common for spammers and viruses to forge either or both address fields.

Be EXTREMELY suspicious of any e-mail that asks you to open an attachment. E-mails that ask you to visit a Web site to 'confirm your account' are likewise suspicious.  If you have questions about whether an e-mail may be legit, the specialists at the OTS Help Desk x45551 may be able to advise you, or you can forward the e-mail (preferably with full headers) to infosec@towson.edu.

If I don’t store anything of interest or value on my computer and never use it to shop online, why is it important for me to maintain a secure system?

Any computer with a connection to the Internet is attractive to hackers, worms, and viruses that want to use your system to participate in various illegal activities they would not want traced to them, which include the following and more:

• send spam
• launch attacks on other systems
• host illegal download sites
• steal passwords and access codes

And hackers would much rather have the FBI visit you and confiscate your computer instead of theirs!
 

Information Security Office
Office of Technology Services
Cook Library, 4
Hours: Monday - Friday, 8:30 a.m. to 4:00 p.m.
E-mail: infosec@towson.edu