Network Security for End Users

First, be sure you understand the network computing policy.

Computer systems attacks are on a sharp rise, and our system is only as secure as its weakest access point. The following information is a critical part of network security. All users should be aware of this information and follow the guidelines specified. This page is written for you, the end user. It contains:

Overview
Data: Your Own
Data: Other People's
First Line of Defense: Education
Second Line of Defense: IDs and Passwords
Third Line of Defense: Logging Out
Viruses
Front-door Defense: A Firewall

Overview

The world of computing is, of course, interconnected. The computer at your desk is connected to the NMC campus network and the Banner System. The NMC network is connected to the Internet (World Wide Web). By extension, your computer is connected to the world - and so are the files on your Q: drive and everything on your C: drive.

If you could visualize all of this, you'd see an image of every spider web in the woods overlaid on every other spider web in the woods in such a way as to make it possible for every spider to move across every web without ever having to leave an extra silken strand. By further extension, this means that Banner is connected to the world .

Clearly, a great of the data on the NMC network needs to be protected from prying eyes, be it personal or confidential or both. Safeguarding our NMC network is a major responsibility of each user on the system. One careless user can allow outsider entry into our network, with all the potentially disastrous results you have heard about, plus some that haven't been invented yet.

Please don't interpret this to mean that your files are available to anyone on the network. Our network security software prevents one user from seeing another user's files without authorization. The problem here is not with other users of the network, but with people who might "break into" the network and bypass its security.

Data: Your Own

If you've ever written a letter on your computer and saved it there, it may contain your return address. It might have your phone number. This is data that mass advertisers would simply love to have. Have you ever bought anything over the Web? If so, your credit card number and expiration date are in your computer somewhere - and not just your computer, but others as well.

Other kinds of data we store include:

that spreadsheet you worked on for two days with formulae and cell references,
that report you've been researching and working on for a month,
that proposal in Word for a new academic program, complete with links into...
...the best PowerPoint presentation ever created!

Losing data like this can be a disaster because most people don't document how they created their great stuff and how it works. Replacing these things can take days, weeks, months, or even longer. What happens if it gets lost? Data is your blood, sweat and tears. This is why data security is everyone's responsibility: the data you save may be your own!

Data: Other People's

All of the personal, financial information and demographic data (including academic records) relating to students is contained in our Banner system. So is the personnel data relating to you - it's in the Banner Human Resources files. We have an obligation under federal law to safeguard this information. Violation of these laws could cause serious legal difficulties to NMC, and that's on top of the damage done by the compromised data itself.

The staff in the Human Resources, Records/Registration, and Financial Aid Offices are very familiar with these federal regulations and work diligently to safeguard this data. Our Banner data requires all the protection we can give it, and this means every employee of the college.

Data security is the responsibility of everyone with access to the NMC network.

Even those who do not have access to the Banner data can compromise its security by their own carelessness.

First Line of Defense: Education

In the case of network security, the best defense is not a good offense, but rather a "defense in depth." We can't pre-emptively strike at the world of malicious hackers. We have to create barriers so it is not worth their time and effort to try to get in.

The first line of defense is EDUCATION, and that is what this page is all about. You need to thoroughly understand the ramifications of being connected to both the NMC network and the Internet. You should understand that your actions are critical to the safety of your data and all the data stored at NMC. Without your commitment and concern, our defensive strategy will fail. End users such as you are the single most important link in the security chain. It is important that you be concerned about network security and be sure you are not the "weak link" that an outsider needs to get in.

Second Line of Defense: Account IDs and Passwords

Think of your network login ID as the address of your house and your password as the key that unlocks your front door. If you lose your key and I find it, but I don't know which house it unlocks, the key is useless. If I know your address but don't have your key, I have a chance of getting in because I can work at picking the lock (guessing your password). If I have both, your house is wide open to me!

Requiring you to change your password regularly is part of our network defense. Someone may have gotten your address (login ID), but frequent password changes make it harder for them to unlock the door. Of course, passwords that are easily guessed are like using very simple or fragile locks, or leaving a spare key under the doormat. Tough passwords are "gibberish" and contain both numbers and letters. This doesn't mean they have to be hard for YOU to remember!

Some password strategies you might consider:

Think of a quote or phrase, perhaps part of a song, with eight to twelve words in it. Then create an acronym for it. For example, "Sittin' in a railway station, got a ticket for my destination" becomes SIRSGT4MD. "Fourscore and Seven Years Ago, Our Fathers Brought Forth..." becomes 4&7YAOFBF or 87YAOFBF. Great passwords!! You can use & for "and," U for "you," B for "be," etc. Pretend you're making up a vanity license plate for your car.
You like to use whole words you can remember? Try doubling them and adding a number ("rover2rover"), putting two or more words together with a special character ("bike&hike") or misspelling a short phrase ("iluv2sail"). Anything that makes it hard to guess makes your password that much safer. Try to work in a number or special character if you can - the more obscure, the better.

Passwords you should NEVER use:

The word "password"
Any word found in a dictionary
Your name or any part of it
Your family members' names or birthdays
Your pets' names
Anything about the task you're doing (such as using "students" for your Banner password)
Anything else that a casual acquaintance or coworker might be able to guess about you.

Not sure? Play a game. Give one of your coworkers (preferably one who knows you well) ten chances to guess your password. If they come even close, you need to find a better password strategy.

Sharing login IDs and passwords is never a good idea, and it is expressly forbidden for any users of the NMC network. You have signed an agreement stating you will not do this. But what's in it for you??

Think about it. You may have a few things stored on your computer that you don't want your co-workers or your boss to see. More importantly, if they do something on the network while signed in as you, it will look as if you have done it. This might be something malicious, but more commonly, it is a mistake that you would not have made. If someone else needs access to Banner or you need to share files on the network, they can get that access as quickly as they need it. Ask someone in Systems and LAN Management (SLM) or Information Technology Services (ITS) for help. Network security is a major part of our job - and yours.

Third Line of Defense: Logging Out

If you are going to be away from your computer for a while, log out. If you are going home at the end of the day, log out. If you don't do this, you might just as well put up a big sign in front of your house saying; "I'm not home, the door is open and the safe is unlocked." This is a major, critical part of network security. If you're logged out, your "address" (ID) is difficult to discover and the key isn't available. If you're logged in, you've just given access to anyone who wants it. There's no limit to the mayhem and destruction that you have just made possible. Users who don't log out are one of the most common network security problems at NMC.

Viruses

You've probably heard a lot about viruses. We're sure you've heard also about viruses that e-mail themselves to you and look as if they're from one of your friends or coworkers. We can't be too vigilant in this area. There are people out there who take great delight in causing malicious destruction. We don't pretend to understand why this is the case - but it is.

As a major defense, NMC owns a license for McAfee virus protection software and our GroupWise system has some virus prevention features as well. You should have McAfee on your computer already—if so, you'll see a magnifying glass icon and a shield with a red V in your "system tray," the lower right corner of your screen. This software is regularly updated to keep us safe from new viruses.

If you do not have McAfee installed, please contact ITS immediately.

How to Catch a Worm

Some viruses (or, more accurately, "worms") look like an e-mail message from a friend or coworker. With few exceptions, they are easy to spot. Here are a few warning signs to watch out for.

An email with an attachment that ends with .exe, .vbs, .com or .scr.
These are programs that will run (and do whatever damage they're set to do) as soon as you open them. Never, never open such an attachment, no matter who it comes from! Delete it and empty it from your trash. Even though GroupWise has some virus protection features installed, you still need to be cautious.
An email (especially one with an attachment) that doesn't say anything unique about the sender.
Internet worms look as if they're sent by someone you know and trust. They may say something like "I know you'll love this site, click here!" You see that the sender is your mother, who sends cool internet stuff all the time. So you click. Boom, you're infected. Unless your mother signs the email "Love, Mom" or "Remember to brush your teeth, dear" - some information she wouldn't have stored in her computer - consider it suspect and call your mom before you open it. Even a signature file can be pasted into an email by a virus, so demand something more personal. Besides, you should call your mom more often anyway.
An email from someone you don't know.
At best this is probably advertising, at worst, a virus that is activated when you open the attachment. Never, never open the attachment.

If you have an email that you think may contain a virus, delete it. Then go to your trash and empty it.

Fortunately, with good virus detection software and vigilant users, we can solve most potential problems before they can cause us any grief.

Defense at the "front door" - a firewall

It is possible to install a combination of special hardware and software at the point where the NMC network connects to the Internet (www). Together, these are called a firewall. Firewalls limit access to only authorized people doing authorized "transactions" in authorized places. Think of it as a second type of lock on the front door: not only do you have the lock in the doorknob (your password), but now you have a deadbolt lock on the door as well. It can even hide your address in such a way that passersby can't tell what it is. That's three measures of protection: hidden address, lock (password) and deadbolt lock.

Firewalls cost money to purchase, learn, set up, and maintain. Systems and LAN Management is working to justify the expense, find out which product is best for NMC, purchase it, learn it, configure it, and then maintain it.

Summary

The staff of Systems and LAN Management and Information Technology Services can only do so much. In the final analysis, YOU are the most important part of any network security plan. Without your cooperation, everything we do is similar to locking the barn door after the horse been stolen. Using secure passwords (a mix of numbers and letters in "gibberish" format), logging out when you leave, and exercising virus awareness are major pieces of this puzzle. We'll do our part with antivirus software, firewalls and whatever else is appropriate. Working together, we can safeguard the valuable data on our network. (Y)our network and (y)our data will be safe from the rest of the world!