Over the past years, computing has become an integral part of the day-to-day activities of almost all staff and students at the University of Malta. Computers are used for email communication, online research, the preparation of assignments, presentations, lecture notes, dissertations, record keeping etc. Undoubtedly, the most important benefits of today's computing are the communication and sharing of data.
Communication and sharing of data is possible because of the networking infrastructure that connects computers together. However, networking brings also new security risks. Among these there are risks that important data may be stolen, corrupted, or misused and that computer systems will be compromised. These risks raise concerns about:
- Data confidentiality - Information can be read or copied by unauthorised persons.
- Data integrity - Information can be modified as this is being transmitted over the network.
- Data availability - Information and resources of the network can be made available to unauthorised persons.
Compromised computers and insecure networks may also be used by third parties to attack other users that are connected to the campus network and other computer networks.
Although some users may not consider their data or email communications as 'top secret', they are uncomfortable if their data or email is being read by other people. They are also uncomfortable if forged emails are being sent from their computer or their computer is being used to attack other computer systems. Computer security is what helps ensure the confidentiality, accuracy, availability and integrity of the information you use to perform your work or enhance your studies at the University.
It is in the interest of all staff and students that our networking infrastructure continues to operate reliably and that the confidentiality and integrity of your own and any University information is maintained at all times. IT Services takes all the necessary precautions to minimise security threats to computers that are connected to the campus network. However, like any other security system, it is not possible to achieve security unless individual users take basic security precautions from their side. Each and every user should take adequate measures to maximise the security of his/her computer system.
Security will still be compromised if other less security-conscious users are allowed to use the same computer (e.g. a home computer being used by another member of the family).
EVERYONE should ensure that the security of his/her computer is maintained at the highest level possible.
IT Services requests all users to follow the underlying guidelines in order to maximise the security of their computers.
Use Anti-Virus Software
A virus is a malicious program that infects and runs on a computer system without your knowledge or permission. There are different categories of viruses having different effects on computer systems. Some viruses may corrupt or delete data that is stored on the computer. Others may disclose your data to third parties without your knowledge. Some viruses may slow down your computer system. Others may use your computer to attack other computers.
You must prevent your computer system from viruses by installing anti-virus software. These programs are designed to detect and in most cases remove viruses from a computer. University students are encouraged to use Avira AntiVir Personal, whilst members of staff are urged to use Avira AntiVir Professional. Both versions are available online.
Apart from installing and running an anti-virus program, you must ensure that this program is regularly updated. This is because new viruses are being developed all the time. An outdated anti-virus program will therefore be unable to detect new viruses. Most anti-virus programs, including Avira AntiVir Professional, are automatically updated with latest virus definitions when you connect your computer to the Internet.
Install Software Patches
Computer programs such as operating systems, email clients, browsers, media players and desktop applications (e.g. wordprocessors, spreadsheets, databases etc.) may have vulnerable defects through which intruders can gain access to your computer.
Software vendors usually release patches or hotfixes for their products when a security vulnerability is discovered. You must ensure that all programs on your computer are updated with the latest available patches. You should also check for any available updates when installing new software.
Software patches can often be downloaded for free from the vendor's website. Some programs (e.g. MS Windows XP SP2) have utilities which automatically connect to the vendor's website and download any available patches. If there is no automatic update feature for any of your programs, visit the vendors' website regularly and download any available updates.
Click the underlying links for updates to the following software:
Use Personal Firewall Software
When you connect your computer to the Internet, it starts transmitting and receiving data from a wide range of sources. Some of the incoming data may be originating from trusted sources such as when your email program receives messages or when your browser refreshes the weather forecast page. However, not all incoming data can be trusted. For example, the incoming data may have a Trojan horse that enables intruders to gain access to your computer system. Some network traffic can therefore modify, damage, or steal your data files and programs.
A personal firewall is a program that monitors the network traffic between the Internet and a computer. As network traffic passes through the firewall, the latter decides which traffic to forward and which to block, based on rules that you have defined. All firewalls screen traffic that is downloaded to your computer. Good firewalls filter both incoming and outgoing data by prompting the user each time a connection is attempted, and according to the user's response they 'learn' what Internet traffic can be received or sent from the computer system.
You are strongly advised to install a firewall program on your computer. Some operating systems (e.g. MS Windows XP SP2) have an integrated personal firewall. Users who do not have such operating systems are strongly advised to install a personal firewall. Sygate is a firewall program which is free for personal use.
Use Anti-spyware Software
Spyware is a category of software that collects and reports information without your knowledge or consent. The information collected by spyware can range from the websites that you visit to sensitive information such as passwords and credit card details. Spyware can also alter some settings on your computer, for example your browser's homepage is changed without your knowledge.
You can get spyware on your computer when you visit certain websites. For example a pop-up message may prompt you to download a software utility that you 'need' or else a software program downloads automatically without your knowledge. The spyware then runs on the computer, tracking your browsing activities and reports these to third parties, such as advertisers. Spyware also uses memory and processing capacity, and can slow or cause the computer to crash.
Spyware cannot be detected by anti-virus software. You should therefore install and run a spyware removal program to get rid of spyware. It is important to update the anti-spyware program regularly in order to maintain the confidentiality of your data and stability of your computer system.
MS Windows XP/Vista/7 users may download Microsoft Security Essentials. Alternatively users may download Spybot Search & Destroy (S&D). Both programs are free.
Treat all Email Attachments, File Downloads etc. with Caution
Treat ALL files attached to incoming emails with caution. Just because a mail originated from an address that you recognise does not mean that the file is safe or that the supposed sender has anything to do with it. Some file types, particularly those carrying the extension .EXE, .COM, .PIF, .JS, .VBS, .SHS, .SCR, .DOT are potential viral infections. Double file extensions e.g. 'readme.txt.vbs', should always be treated with suspicion.
Similarly, you need to be very cautious about files that you download from the Internet. Avoid downloading files from bulletin boards or public newsgroups. These are potential sources of viral infections.
Before opening email attachments or downloaded files, it is always good practice to first save files to your hard disk and to scan these for viruses before opening. However, remember that anti-virus software only detect known viruses. Therefore, there is still the risk that an attachment or downloaded file may contain malicious programs.
Software updates e.g. drivers, multimedia players, etc. should be downloaded from the manufacturer's official website or trusted sites. The same applies for any other new software that you may wish to install on your computer, even if you are installing this from CD or other media. It is important to verify that the source of the software is from a trusted source e.g. original software manufacturer media or website.
By default, MS Windows operating systems do not display any file extensions. It is therefore recommended that MS Windows XP users should follow the underlying instructions in order to have file extensions displayed:
- Double-click My Computer icon on MS Windows desktop.
- Click Tools menu.
- Click Folder Options...
- Click the View tab.
- Scroll down to the line Hide file Extensions for known file types and uncheck the box next to it.
- Click OK button.
Users operating MS Windows Vista/7 should follow these instructions to display file extensions.
- Go to Start and select My Computer.
- Select Organise from the menu bar.
- Click Folder and Search Options...
- Go to View tab.
- Scroll down to the line Hide Extensions for known file types and uncheck the box next to it.
- Click OK button.
Make Regular Backups & Remove Sensitive Data
Regular data backups allow you to restore your computer to a prior operational state following corruption of your filing system by a virus or if your hard disk is damaged. Data backups also facilitate the recovery of a single file or set of files when these are accidentally deleted or corrupted.
You are encouraged to make regular backups of your data files on removable media preferably on a USB drive or DVD. In particular you are encouraged to backup any sensitive or critical data and, as much as possible, remove sensitive data from your computer hard-disk and instead store it on offline media. You can follow these instructions to back up your mail using Mozilla Thunderbird.
Use a Strong Password
The use of a strong password enhances the security of your computer system. Your password should be at least 6 characters long. It should consist of both upper- and lower-case letters and also one or more numerical digits. Your date of birth, phone number or any word that can be found in a dictionary do not constitute a strong password.
Never share or disclose your password to any other person including colleagues, family members etc. Do change your password if you suspect that somebody knows it. You are also advised to change your password on a regular basis.