Security Alerts and Recommendations
ITS General Cybersecurity Recommendations
The Mines department of Information & Technology Solutions (ITS) recommends that you take steps to protect yourself and your computer from cyber-attacks.
- Viruses: Download and use an antivirus product. Mines has licensed Symantec Endpoint antivirus for use on both school-owned and personally-owned computers. This software is available without charge to Mines faculty, staff, and students who use Windows or Mac OS X. The free download is available here. (Linux users may install the free ClamAV antivirus package directly from their distribution repository.) Update your antivirus software regularly.
- Updates: Update and patch your operating system and programs frequently. Remember to update third-party browsers, Flash, Acrobat, and other programs that aren’t part of the operating system itself. Patches ensure that you are relatively protected from the latest cyber-attacks.
- Trojan horses and other email exploits: Remember that legitimate vendors do not send patches via email; these types of communications are usually generated by viruses or criminals. Do not download or install an email attachment unless you are expecting it, even if it appears to come from someone you know and trust. (You can always call that person and ask them if they did, indeed, send you an email with a file attached.) Some emails may be crafted by third parties to persuade you to click on a link or install a bit of software. In so doing, you may unknowingly give them access to your passwords, account information, and the computer itself. While antivirus software may catch some of these exploits, your best defense is to be smart and not click on unknown links or files within email. (Obviously, if you have subscribed to an email service that sends notices of new updates available from a specific vendor or security service, those emails would be legitimate.)
- Spoofing and Phishing: Remember that Mines — or any other legitimate holders of personally identifiable information, Social Security numbers, credit and bank account numbers, or birth date — will never request that you reveal such information via the Internet, an email, or by telephone. Such requests are generated by criminals with the objective of stealing the information and an individual’s identity. Guard your online information as you would your credit card or Social Security Card.
Antivirus and Security Related Links
BreakTheChain.org: Stopping junk email and Internet misinformation (http://breakthechain.org/).
CERT: CERT Coordination Center (http://www.cert.org/) at Carnegie-Mellon University.
CVE: Common Vulnerabilities and exposures (http://cve.mitre.org/).
Internet Storm Center: Tracking Internet threat levels from viruses and malware (http://isc.incidents.org/).
McAfee: Current threats tracked by McAfee, maker of antivirus software and virus-removal tools (http://us.mcafee.com/virusInfo/default.asp?WWW_URL=www.mcafee.com/anti-virus/default.asp) .
MSRC: Microsoft Security Response Center catalogs Windows security issues and responses.
National Vulnerability Database from the Department of Homeland Security and National Institute of Standards and Technology (http://nvd.nist.gov/).
Security Focus: Symantec, maker of antivirus software and virus-removal tools, tracks current vulnerabilities (http://www.securityfocus.com/).
Operating System and Software Update Links
Adobe: Visit the update site (http://www.adobe.com/downloads/updates/?ogn=EN_US-gntray_dl_updates) to patch Shockwave, Flash, Acrobat and other Adobe software.
Apple: OS X automatically checks weekly for software updates, but even if you don’t have an Apple OS, you should frequently patch Apple’s QuickTime and iTunes programs on Windows (http://www.apple.com/softwareupdate/).
Microsoft: Use the built-in updating tool inside Windows, or learn about updating of the Windows operating system and other Microsoft software, like Office (http://update.microsoft.com).