Security Awareness - E-mail & Web Security

Last Updated: 09/09/2014

Overview

Sending and receiving email, file sharing and browsing websites may seem innocuous on the surface, but if you’re not careful these activities can open your computer to countless vulnerabilities. Email messages can easily be forged and they’re often used to launch malware. Malicious web sites can install software on your computer or collect personal information from your computer.

Email and Web Security

Here are a few basic things to keep in mind:

  • Don't give out confidential information in response to any email. Messages that try to persuade you to send your password or credit card number are forged, even if they appear to be from the your bank or system administrator.
  • Be wary of any email attachment that you weren’t expecting (this also applies to Web downloads). It’s very easy for a computer virus to be present in an email that appears to be from a friend. It is strongly suggested that antivirus software be used to scan anything that you receive in your email.
  • If you receive email from an address at CU Boulder which you feel violates the campus Acceptable Use of CU-­Boulder’s IT Resources policy, it should be reported to the IT Service Center at help@colorado.edu so action can be taken. It is suggested you do not delete the message, as it can often be useful in tracking down the incident. Read abuse guidelines and tips.
  • Plugins or add-ons are additional programs you can install in your web browser to add more functionality, but every plugin you add becomes a another window for attackers to break into your computer. Install only plugins that are authorized and that you absolutely need. Here’s how to remove unneeded plugins and add-ons.
  • To learn how to update your browser or turn on securtity settings, please choose your browser from the following list: Firefox; Chrome; Internet Explorer: IE11, IE10, IE 9, 8, 7; Safari.
  • Find more tips for browsing the Internet safely.
  • If your computer is centrally managed, please contact your Dedicated Desktop Support representative or IT staff to inquire about browser security settings.

Use Secure Clients

Access to OIT systems requires the use of secure clients and encrypted authentication. Not only does it help protect our network from malicious computer attacks and stolen logins, passwords, etc., but also new federal grant rules require secure computer practices.

Desktop Management including antivirus and patches

Every desktop computer must have current and up-to-date antivirus software. OIT has a campus license and students can download the software.

The operating system on every desktop must be kept up-to-date. OIT has documentation on configuring your Windows system for automatic updates. OIT also has documentation for running Windows Update manually.

File Sharing - a setting on your computer that lets hackers into your computer unless they are disabled or fixed

  • Be very careful with Windows file sharing. The default options for all versions of Windows are insecure and will let hackers into your computer unless they are disabled or fixed! Your best bet is to disable file sharing completely. View instructions on disabling file sharing.
  • Because there are academic applications for peer-to-peer (p2p) file-sharing applications such as BitTorrent, LimeWire and Kazaa, CU-Boulder does not ban them from its network. However, we recognize that most p2p activity consists of copying music and video files for personal enjoyment. Music and videos are copyrighted.
  • File-sharing may put your personal computer data at risk. OIT suggests that you not run p2p types of programs. If you feel you must do so, please at least disable the uploading features. Doing this should NOT affect your ability to copy files to your computer from other locations. It will prevent others from copying files from your computer.

Issues when using public computers

  • Always remember to log off when you finish with secure web sites such as CULink or CULearn. If you do not, the next person to use the computer will have access to your personal information.
  • Public computers that may not always be securely configured pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you can not verify the security of the computer. When you log out of a computer in an OIT lab or OIT "scarpie" kiosk your privacy is protected.

Here are some helpful tips for hardening computers: