Computing security at Thayer School is a huge topic, and we can't possibly cover everything here. If you have suggestions for additional topics, please let us know.
Locking Your Screen
Leaving your computer running and unlocked is a lot like leaving your car running and unlocked. An interloper could sit at your computer and gain access they shouldn't have:
- Any data your account can access on ThayerFS is available from your unlocked computer.
- Anyone who finds your computer in this state has access to whatever you have logged into. For example, they could probably read your email or send messages from your account. They may have access to and the ability to change Banner data (e.g. grades and enrollment information).
- Once you log into one system using WebAuth, your computer will automatically log in to other WebAuth-enabled applications. If you authenticated for the Thayer School directory or the Dartmouth software downloads page, someone finding your computer unattended and unlocked could log into your Banner account.
- Interactive logins on remote systems such as research computers are available for the interloper to type commands.
To protect against unauthorized access using your computer, you need to lock your screen or make sure your computer is turned off or physically inaccessible (e.g. in a locked office) when you leave it.
To lock your screen on a Windows computer, simply press the Windows key (the one with the Windows logo picture on it) and the L key simultaneously. Your screen will lock immediately. You will have to type your password to unlock it.
In case you forget to lock your screen, we recommend setting your screen saver to require a password also. To configure this, go to Start -> Control Panel -> Display -> Screen Saver and make sure On resume, password protect is checked. You should also make sure the Wait: setting is relatively short (10 minutes or less). Too short will be annoying while you are paused in your work; too long will expose your computer that much longer if you forget to lock the screen.
In Mac OS X you can require a password to wake the computer from sleep or screen saver.
To set this, open System Preferences click the Security icon and check the box next to Require password to wake this computer from sleep or screen saver. You should then check the Screen Saver and Energy Saver settings to make sure the idle time until activation is set to a reasonably short period - 10 minutes or less.
There is no simple method to set a keyboard shortcut to immediately put your Mac into screen saver or sleep. However, you can enable a Hot Corner to immediately activate the screen saver whenever the mouse pointer is moved to one of the four corners of the screen.
To set a Hot Corner, open System Preferences click on Desktop & Screen Saver and click the Hot Corners... button. You can then choose a favorite corner of the screen and select Start Screen Saver from the drop-down men
Securing Sensitive Data
If you work with data that could cause problems if a hacker or criminal got a copy, then you should make sure that data resides on ThayerFS. If you need to temporarily store a copy of sensitive data elsewhere (for example on the local disk of a notebook computer), then you need to make sure it is encrypted.
There are many types of data that may be sensitive (e.g. personal information, information protected by legal agreements, and information that would harm the institution if disclosed). Please see Securing (Encrypting) Data on Local Disk to help you determine whether your data is sensitive and if so how to secure it.
Serious security breaches happen all too frequently. For a list of breaches involving over 100 million records containing personal information, see https://www.privacyrights.org/data-breach. Please help us keep Thayer School and Dartmouth off this list and out of the news.
Backups are an excellent antidote for many security problems, but only if you have a recent backup. If your data is stored on ThayerFS, then it is backed up. See ThayerFS Backups for backup retention policies and information about how to recover data from backups.
If you data is not on ThayerFS (if it's on local disk, C:, D:, Desktop, My Documents, Documents, USB flash drive, external disk, etc.), it is only backed up if you or someone else in your group has done something explicit to back it up.
If you are wondering whether some particular data of yours needs to be backed up, consider what impact losing all of it tomorrow would have on your work. If the impact is more than an annoyance, then you need backups. You can lose data via hardware failure. Hard disks are just reliable enough to lull people into a false sense of security and then fail at some highly inconvenient time. You can also lose data from a security breach or even by inadvertently deleting it.
Thayer Computing Services strongly recommends that you store all your important work data on ThayerFS so we can automatically back it up for you. If this is impractical for some reason, please contact us so we can seek a reliable alternative.
Files on ThayerFS Are Safer
Another security advantage of storing user files on ThayerFS is that they are significantly more secure from theft than files stored on local disk. We have carefully secured the server and related systems. Unless a hacker has your user name and password, it is very unlikely that they can gain access to your data if it is on ThayerFS.
On the other hand, if your data is on a local computer, anyone with physical access to the computer and a little knowledge can easily its defeat password protection and access files on its hard disk. Notebook computers are especially vulnerable to theft which obviously gives potential hackers physical access. You could encrypt files stored locally on your computer's disk, but this has its own set of complications and perils.
Encrypting Sensitive Data on Local Disk
If you must store sensitive data on local disk, then you must encrypt it. Please see Securing (Encrypting) Data on Local Disk to help you determine whether your data is sensitive.
If you need to provide sensitive information in electronic format to a 3rd party, the best method is to save the data as an encrypted PDF document.
Strong passwords matter. Protect your passwords. Please don't share them or write them down in easy to find places. See Managing Passwords and Password Rules and Recommendations for suggestions for strong passwords. Even stronger authentication is avaialable for many Dartmouth systems if you use PKI certificates (Windows or Mac).
Never send your user name and password in email! Hackers routinely send out scams claiming something bad will happen or you will miss an opportunity unless you send them your user name and password immediately. This sort of scam is called phishing, and the perpetrators definitely do not have your cyber-space well-being in mind.
Sophisticated scammers frequently send email that purports to be from your bank or credit card company, or other actual companies that you may do business with. These emails can look quite legitimate, using official logos and even providing phone numbers and contact information of the legitimate business. They will often claim that you need to update or verify your account, and will provide a link to a website where you will be asked for your password or other sensitive information.
Some of these fake websites can look extremely professional. Though there is no 100% fool-proof way to identify these fraudulent sites there are several important steps you can take to keep yourself from being scammed:
- Use the latest version of Firefox or Internet Explorer. These both have anti-phishing devices that will alert you if they suspect a website you are visiting is fraudulent.
- Double-check the URL of the website carefully to see if it differs from the actual URL used by the legitimate company. Pay careful attention to spelling and the top-level domain name.
- Just use extreme skepticism about any unexpected commercial email.
Please be extra cautious about responding to these requests. Most all banks and other businesses have policies where they will never ask you for sensitive information through email.
All Windows computers attached to the Internet need antivirus software. Dartmouth has licensed Symantec Endpoint Protection. If you don't have up to date antivirus protection on your computer, you should install this immediately (after uninstalling any obsolete antivirus software you may already have on it).
The best way to combat spyware is to avoid getting it in the first place. Be very careful about what you install on your computer - many "helpful" free software and utilities actually contain malware that will infect your computer. Once you get one malware program, it can bring in more and more until your computer is clogged up to the point of being useless. Often, malware will offer you free software it claims will rid your computer of spyware that ironically ends up being more malware.
All Thayer School servers and lab computers are protected by firewall software. Your personal computer(s) should be too. For Windows computers, we recommend enabling the built-in Windows Firewall, or installing Symantec Endpoint Protection. For Macintosh, we recommend using the built-in OS X firewall capabilities.
Dartmouth VPN provides a secure way to access Dartmouth's network from off campus.