Basic Security Checklist

Introduction

This basic security checklist addresses general security topics. We recommend that you print the checklist and read it carefully, checking off each issue as you understand it and address it on your system.

Password Security

Your computer password is your first, last, and best line of defense against damaging intrusions. Without a well-chosen password or set of passwords, any other security measures protecting your data are essentially useless. Make sure to never share your passwords with anyone else. The most frequent password mistakes made include choosing an obvious password or writing down the password near your computer. You can avoid creating an insecure password by making sure it meets these requirements:

• Is at an eight-character minimum. However, always feel free to make your password as long as you wish. The longer your password, the more secure it will be.
• Uses a combination of upper- and lower-case letters, including special characters such as '~!@#$%^}\|`";:,/?.
• Isn't based on any obvious items of personal information (e.g. PID, Social Security number, street address, etc.)
• Avoids words or combinations of words that could be found in an English dictionary, such as "ChapelHill".
• Uses acronyms for unusual phrases that you invent. An example would be the password "~2myuT$!" for "About 2 more years until Tenure Salary!"
• Is changed often. Usually it will take a hacker a very long time to crack a long, complex password. If you change your password every 90 days, then the chances of your password being cracked are even more diminished.

When it comes to physical password security, never record your password anywhere close to the computer (on post-its, pull-out trays in desks, inside drawers, under shelves, etc.)

Make sure to password protect your computer and any services or programs that you use online. Never turn on features that websites or email clients offer you. Even something as simple as an instant messaging client could potentially pose a threat to your computer security.

Physical Security

Even the most secure password can be compromised if you step away from your computer while logged in. Make sure that you always limit incidental access to your machine: log off your computer when you leave the room and lock your office or room. You can also use a screen saver password to lock your computer so that only you can unlock it.

While all computers on the UNC-Chapel Hill network are valuable to those looking to commit digital crimes, you should never forget that your computer equipment is also a target for theft. Remember to lock your laptop and any other easily portable equipment to a desk or other hefty object using a security cable (available in Student Stores).

Effective Antivirus Protection

Outside of a good password, constant antivirus protection is one of the most critical components on a secure computer system. Viruses can easily cause your system data to be compromised, and their destructive influence is devastating. The university provides Symantec Antivirus (PC) and Norton Antivirus (Mac) for free to all students, staff, and faculty, so there's no excuse not to install it.

Many users don't install antivirus software (and sometimes even disable existing software) because they think it slows their computer down or it clutters their system. Although antivirus software may in fact slow down your computer a negligible amount, it rarely affects the overall performance of your system, and the protection it provides is immeasurable.

Finally, many users keep their antivirus software installed but fail to update the virus definitions. Those definitions are equivalent to the FBI's Most Wanted list, and if you don't update them regularly, the software's efficacy is severely limited. Use the LiveUpdate button in Symantec Antivirus at least once a week to keep your definitions updated.

Evolving Past Telnet

If you use telnet to check your e-mail or utilize UNC's Unix shell, you should be aware that crackers may be able to eavesdrop on your telnet session. By spying on the plain-text data that moves between computers, they can pick up your username, password, grades, and more. And once they have your password, they can also use your accounts to send mail, hack into other computers, and get you into trouble for things you never did.

ITS recommends that you use Secure CRT as your default telnet client instead of the standard telnet that comes installed on your computer. Secure CRT looks and feels just like telnet, but it encrypts every piece of data that travels between your computer and the telnet server (often isis.unc.edu) so that others can't eavesdrop.

When you decide to use Secure CRT, don't be discouraged by the requirement that you register for a serial number. We have a limited number of site licenses at UNC, but any student or faculty member is more than welcome to use one. Receiving your license number usually takes less than one business day. For more information on Secure CRT, look at this HelpSite article.

Setting Up a Firewall

A firewall is a barrier between your computer and the Internet, through which only certain kinds of information can pass. You should install one if the long-term stability and security of your computer system is important to you. While ITS does not endorse any one product over another, we have instructions for how to set up a free firewall (or buy a professional product) on our Firewalls page.

Web Vigilance -- Trust No One

In order to protect your own personal privacy, we can't stress enough that you remain forever vigilant and protective of your Onyen, password, and other personal information. Many individuals assume that hackers will never go after them and that information. However, it is crucial to understand that hackers simply look for computers that are easy to crack and can be used for their own purposes. By simply having a good password, you severely reduce the risk of getting hacked. Hackers will always choose a machine without a password, because it is far easier to get into.

In addition, never give out your credit card numbers, social security number, or any other personal information on an unfamiliar site or a site that isn't secured by SSL encryption. Look for the lock icon in the bottom right-hand side of your web browser to make sure.

Programs on websites can also potentially compromise your computer, so you should completely trust such a program before allowing it to run.

If you're using a wireless adapter to connect to the Internet, please see our Wireless setup page.

E-mail Concerns

Never open attachments sent by a stranger. In general, it's a safer bet never to open any attachment if it's only "funny" or entertaining. These kinds of attachments frequently double as a trojan horse: a program that will distract you (or simply become invisible) while another computer user (a cracker) gains control of your computer.

It is also a good idea to create a separate web-based free e-mail account to receive junk mail and other unnecessary e-mail. Never respond to unsolicited e-mail, because doing so may confirm your existence to a SPAM-mail provider.

To stop SPAM, see our document: How do I reduce the amount of email spam I get? .

If you have further questions about e-mail or security, please explore the ITS Security Office Website or contact us at security@unc.edu . You may also contact the UNC Postmaster.

• Administrative (Remedy, Financial)
• Advanced Computing (Research, Statistics)
• Blackboard (Educational Technology)
• Campus Information (Calendars, Directories)
• Communication (Phones, Conferencing)
• Data Storage (Backup, Recovery)
• Email (Lists, Webmail)
• Networking (Wireless, VPN)
• Security (Policy, Viruses)
• Software (MS Office, Operating System)
• Support (Laptops, Printing)
• Web (Browsers, Web Design)