Security

Table of Contents:


Information Security is Everyone’s Concern

You are the key to successful information security. An unprotected computer can be infected with a virus, worm, or Trojan in less than five minutes after being placed on a network. IT Security awareness means understanding the various threats that exist in one's environment and taking reasonable steps to guard against them.

Studies show that most breaches of computer security are the result of something a computer user did or failed to do. This training site will provide you with valuable information about best practices, policies, and procedures for ensuring secure information systems at Florida SouthWestern State College, so you can enjoy a safe computing environment.

Be sure to take the time to read all of the materials on this site carefully.


Virus Protection

Worms and Trojans are the most common forms of infection and/or compromise. They depend on computer systems that have not been protected with the most current security updates, or patches, released by operating system and security application vendors. Neglected applications and operating systems provide easy targets for hackers to take advantage of the computer user for their criminal activity.

Some viruses prey on uninformed computer users by embedding attachments in appealing looking e-mails hoping to trick the user into activating the virus, worm, or Trojan. Viruses can also be transmitted during file sharing using Instant Messaging services. Users should not open attachments unless they know and trust the sender. Viruses can come from a friend or relative as easily as from a stranger. A common indicator that a virus is attached to an email is the presence of inadequate or misspelled text or short phrases like, "Attention!!!" or "Your file is attached." in the body of the message. Be suspicious of all attachments and shared files, even those from a known or trusted source.

All Florida SouthWestern State College owned desktop computers and laptops are protected with ESET Endpoint Antivirus software. The software is set to download updates and patches automatically when they are made available from the application vendor. Updates will download when College staff are logged into the Florida SouthWestern State College network or when they are accessing the Internet through another network (e.g., when traveling or working from home).

If you suspect you have a problem, contact the Help Desk at x11202 or 239-489-9202.


Passwords

Passwords are an important part of your IT security. Poor, weak passwords can result in the compromise of an entire network or sensitive data. Everyone should be aware of how to select a strong, secure password. Secure passwords include at least three of the following characteristics and should be at least 8 characters long.

  • Numeric character (1,2,3,4,5,6,7,8,9)
  • Special character (!,#,#,$,%,^,&,*,=,etc.)
  • Lower case character (a,b,c,d,e,f,g,etc.)
  • Upper case character (A,B,C,D,E,G,F,G,etc.)

Other aspects of a strong password are:

  • A good password is of strong construction and is a password that is not shared by anyone.
  • A good password is not posted, emailed or written down.
  • A good password does not contain your username or any part of your name.
  • A good password does not contain information about family, friends or pets.

A mnemonic can make a good password easier to remember. You can base your password on a song, phrase or book. Additionally, you can substitute special characters for letters and numbers. For example “One for the Money” becomes !4tM()nE.


Storing Sensitive Data

Identity theft can happen to you. Advances in technology have provided criminals with new ways to obtain your personal information. These criminals, or hackers, can enter your computer through the internet and access the personal information you have stored there. Because the goal is to obtain your personal information, it’s extremely important that you make this as difficult as possible. You can help protect yourself, your family and your friends by making sure that:

  1. Your computer is protected with a strong password(s)
  2. Your application and operating system software is patched.
  3. When entering your personal information on a website, make sure that the website is encrypted. Look in the browser window for an object that looks like a lock. When the lock is depicted as closed, it indicates that the website is encrypted.
  4. Check the address line in the browser window for an address that starts with https://. This is another indication that the web site is secured.
  5. Practice smart internet habits when conducting financial transactions on line. Be selective of the sites you visit and check for the security level (the lock) of web pages that require you to enter personal information.

Following these steps will help you in your efforts to secure the sensitive information stored on your computer.

For additional information review the section on Phishing.


Spyware and Adware

Spyware is software installed on your computer without your knowledge or consent. These programs can collect various types of personal information and interfere with control of your computer functions. It can also hijack your browser and direct it elsewhere. Spyware, by design, takes advantage of you for commercial gain.

The term adware refers to software that displays advertisements whether or not the computer user has consented. Most adware is also spyware because it displays advertisements based on information it has collected about you. Often this results in many pop up advertisements while you are visiting web pages on the Internet.

Most spyware is installed without your knowledge. Spyware can be bundled in shareware or other downloadable software as well as music CDs. Spyware developers also try to trick people into installing their software by emulating a standard Windows dialog box. The resulting popup box will contain a message such as “Would you like to optimize the performance of your computer?” or “Registry Cleaner Recommended” with buttons that say Yes and No. No matter which button the user clicks, the result is the same – the software is downloaded to your computer. Never click on unwanted popups. Shut them down by clicking on the red X in the upper right hand corner of the box.

To protect your system from Spyware:

  1. Enable the security features in your browser.
  2. Download programs, software and files only from trusted sites.
  3. Install anti-spyware software, keep it updated and schedule it to run regularly. There are several applications that are free which do a terrific job protecting your computer.

Email Hoaxes and Urban Legends

Everyone has received email with an attached petition, warning or an opportunity to win millions. Unsolicited email is also known as SPAM. Clicking on links in these messages can expose the user to a computer virus. Before you forward the message or respond to the request, check the validity of it. There are many web sites available where you can check to see whether the email you received is a hoax, scam, virus or urban legend.

An urban legend is basically a story. It can be funny, terrible or horrifying. Sometimes they are even true. Typically these messages end by asking the user to forward the message to everyone they know or to a specific demographic group.

Scam email messages typically promise that the receiver will collect large sums of money in return for a small investment. Often this type of scam cites a foreign lottery, or an inheritance that the sender cannot collect without your help. Do not attempt to contact the sender of these messages! They are ruthless and violent criminals.

Using the links below, you can check to see if the message you have received is a known hoax, scam, urban legend or chain letter before you hit the forward button.


Desktop Security

There are many levels of information technology security. If a computer is not protected at the personal level, it could allow someone to obtain access to the information stored there or cause you to lose your network access. You can protect yourself from the average desktop hacker.

Desktop hackers often watch what you are doing by looking over your shoulder. If your computer is positioned such that someone can see what keys you are pressing on the keyboard, place a small mirror on your monitor so that you know when someone is standing behind you.

If you know you are going to be away from your desk for an extended period of time during the work day; a good alternative to shutting down your system is to log off the system. Additionally, it is good practice to log out of your email application, the FSW portal and the Banner system when you are finished using those applications.

Being aware of who is around you is the first line of defense for desktop computer users. By combining awareness, good password practices, and secure applications, users will have a security formula that makes them less likely to be hacked.

To request assistance, please contact the Help Desk at x11202 or 239-489-9202.


Phishing

Phishing is an attempt to fool people into providing personal information such as credit card or banking numbers. Typically, the phishing scammers send an email disguised as a request for information from a well known company. They also create fake websites designed to closely resemble the company's official site. The fake website will appear almost identical to the official site.

Recipients of the phishing email are typically asked to click on a hyperlink to correct, confirm or provide information. Clicking the link triggers a phony website to open in the browser. Typically a web form is found that asks for private information such as credit card and banking numbers and other information such as a home address and phone number. Sometimes the user is asked to login with their username and password. Virtually all of the information entered into this phony website can later be collected and used at will by the criminals conducting the phishing scam.

Sometimes this form is embedded within the email with instructions to provide details such as a password and bank account number. Users are then instructed to return the email to the sender. An alternative method attempts to trick recipients into installing a Trojan virus on their computer by opening an email attachment or downloading the Trojan virus from a website. The Trojan is then used to collect information from the user’s computer. These emails are mass-mailed to many thousands of people with the hope that some of the recipients will be customers of the targeted institution. The scammers also hope that people will be unaware and believe the email to be a legitimate request.

Cyber thieves also use official-looking e-mails to lure you to fake websites and trick you into revealing your personal information.

It’s also an example of an even more mischievous type of phishing known as “spear phishing”—a rising cyber threat that you need to know about.

Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.

How spear phishing works. First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization’s computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites. Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data. Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.

Criminal gain, your loss. Once criminals have your personal data, they can access your bank account, use your credit cards, and create a whole new identity using your information. Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail…an especially useful tool in crimes like economic espionage where sensitive internal communications can be accessed and trade secrets stolen. Malware can also hijack your computer, and hijacked computers can be organized into enormous networks called botnets that can be used for denial of service attacks.

How to avoid becoming a spear phishing victim. Law enforcement takes this kind of crime seriously, and we in the FBI work cyber investigations with our partners, including the U.S. Secret Service and investigative agencies within the Department of Defense. But what can you do to make sure you don’t end up a victim in one of our cases?

  • Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).
  • Use a phishing filter…many of the latest web browsers have them built in or offer them as plug-ins.
  • Never follow a link to a secure site from an e-mail—always enter the URL manually.
  • Don't be fooled (especially today) by the latest scams. Visit the Internet Crime Complaint Center (IC3) and for tips and information.

Scareware-Protect Your Computer

While surfing the Internet, you may have seen a pop-up message telling you your computer is infected with a virus. The message goes on to explain that you should order the antivirus software advertised in the pop-up. Before you click on the link to the offer consider the following:

  • Most internet security companies will not use ads to tell you your computer’s been infected with a virus.
  • Most of these pop-ups are scams.
  • According to the FBI Internet Crime Complaint Center it is one of the fastest growing types of Internet fraud.

The scam, known as “scareware”, attempts to convince you to purchase their “antivirus” software. This software actually installs malicious software (malware) into your system. Additionally, many of these criminals operate outside the U.S., making investigations difficult and complex for law enforcement.

How to spot a “scareware” scam:

  • These pop-ups typically use icons that do not work like a typical button or link.
  • To build authenticity into their software, “scareware” will show a list of reputable icons, like well known software companies or security publications. However, there are no links to the sites so that you can see the actual reviews or recommendations.
  • The pop-up is hard to close. “Scareware” pop-ups employ aggressive techniques. They will not close easily after clicking the “close” or “X” button.
  • Cyber criminals often use easy-to-remember names like Virus Shield, Antivirus, or Virus Remover.

How to protect yourself: Make sure your computer is fully protected by legitimate, up-to-date antivirus software.

To report a fraud or scam contact the Lee County Sheriff’s Office Fraud Line at 239-477-1242.


Firewalls

Whether at work or at home, you have probably heard the term firewall. A firewall is a software or hardware device that is configured to filter information in order to keep destructive data from entering the FSW network—in other words, it provides access control by defining what information is permitted to enter the network as well as your computer. In essence it is not a wall but a door that allows trusted Internet traffic in and out of your network.

More specifically, firewalls can be configured to:

  1. Block ports that viruses, worms, and Trojans use to communicate with other machines on the Internet.
  2. Prevent unwanted sharing of your files and computer devices such as printers.
  3. Prevent applications on your computer from connecting to the Internet if they don't need to.
  4. Make it difficult for hackers to access and take advantage of un-patched network applications and services on your computer.

Firewalls are designed to create a secure barrier between your internal network and your computer and the outside world.


File Sharing and Copyright

Click here to read the File Sharing Procedure of Florida SouthWestern State College.

Copyright is a form of protection given to authors and creators of intellectual work including, music, drama, art, literature, and more. The author of the work is the only person who has the right to do or let anyone else do the following:

  1. Make copies of the work
  2. Distribute the work
  3. Display the work
  4. Perform the work
  5. Make derivative works

“Derivative works” refers to making modifications to the original work, adapting the original work, and translating the original work to another media. Public domain works refer to those works that are not copyright protected and freely available for anyone’s use. This includes work for which the term of copyright expired; works where the author did not comply with statutory procedures to obtain the copyright or it is the work of the U.S. Government.

Most of the recordings and videos found on the Internet today are protected by copyright. To obtain a work that is not in the public domain, you must get permission from the owner of the copyright. A safe way to assure you are obtaining legal copies of a published work is to pay the appropriate fee at a legal download site. Services such as Napster, Apple iTunes, and Musicmatch provide download permission based on a signed agreement with the owner of the work.

Although file sharing is a legal technology with legal uses, many users use it to download and upload copyrighted materials without permission. Accusations of illegal file sharing typically come from either the music or movie industries, in the form of a The Digital Millennium Copyright Act Complaint (DMCA). The DMCA was passed by Congress in 1998 to bring copyright laws in line with digital technology. It defines penalties such as hefty fines for individuals found guilty of illegally circulating copyrighted works.

Summary of Civil and Criminal Penalties for Violation of Federal Copyright Laws

Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.

Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505.

Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.

For more information, please see the Web site of the U.S. Copyright Office at www.copyright.gov, especially their FAQ's at www.copyright.gov/help/faq.