Home

Information Security Guide for Students 2009

1. 13 FURTHER INFORMATION AND USEFUL LINKS e Rules regulations and information security policy of your university e Instructions on using the Internet safely www tietoturvaopas fi en www tietoturvakoulu fi en e Instructions on protecting your privacy and disclosing personal information www tietosuoja fi in English e Netiquette good manners on the Internet www en wikipedia org wiki Netiquette e nstructions on secure data transmission notifications of information security threats www cert fi en e Information security guidelines for mobile phone users www ficora fi mobiiliturva english e The government s legislative data bank FINLEX www finlex fi en e CT Driving License Course Material Univ of Helsinki www helsinki fi tvt ajokortti english
2. August 2009 CONTENTS The purpose of information security and data protection 1 Access rights and passwordS iau cete innui did eo daa pev ias 2 Internet and e mall sso ioco cotra see Io rate qat Rar dox Dot RU E REGE 3 Privacy protectlOn uiie resistere inerte enirn denne nante bs 5 University s computers and IT security seseesesss 6 Personal computers and IT security canus caccia cta ot tete 8 Public computers and wireless networks sssse 9 Portable memory devices and backup copies 10 Copyrights arid software licenses errant 11 When your right to study xpites erecti 12 Malware infections and information security breaches 13 Further information and useful links back cover This Information Security Guide is primarily written for university students The authors wish to thank the Government Information Security Manage ment Board VAHTI whose Information Security Instructions for Person nel VAHTI 10 2006 set an example for and inspired the writing of this guide We also wish to thank SEC the information security team of Finnish universities for commenting on the guide Authors Kenneth Kahri Univ of Helsinki Olavi Manninen Univ of Kuo pio Kaisu Rahko Univ of Oulu Layout and photos Katja Koppinen and Raija T rr nen Univ of Kuopio English translation Anna
3. are doing online When you are using these kinds of net works use only e mail and network services that encrypt transmission letters https appear in the address bar and there is a lock icon on the bottom of the screen PORTABLE MEMORY DEVICES AND BACKUP COPIES The university will take care of saving backup copies of your files if you save the data to your network drive or your home directory on the university s server USB memory sticks are convenient but do not use them as the primary or only medium to save your data A memory stick is easily lost do not save sensitive data on a memory stick Be careful with using other people s USB memory sticks The memory stick may be infected with malware When you insert the memory stick into your computer the mal ware may be automatically run and your computer will also get infected f you find someone else s memory stick on campus please deliver it to the IT Helpdesk without inspecting the con tents f you have a computer of your own remember to make backup copies on a regular basis Suitable backup media are for example USB hard disks memory sticks and writ able DVD or CD disks Write down what information the backup copy contains and when the data was saved Check regularly that your backup copies are still readable Store backup copies in a separate place away from your computer preferable under lock and key Learn to keep your mater
4. for private purposes is allowed provided that it does not hinder the primary purpose of the services Using the university s information systems for commercial purposes is generally prohibited Using the systems for po litical purposes such as electoral campaigning is similarly prohibited A good password is easy to remember and hard to guess Learn your password by heart and avoid writing it down Do not use ordinary words or words that are for example derived from your name as your password Select a pass word that includes lower case and upper case letters num bers and special characters Please note however that not all systems accept special characters as part of a password For more information please see the university s rules and regulations After the university s IT Helpdesk sends you a new pass word change it immediately into a password that only you know Change your passwords regularly and follow the recom mendations issued by the university Change your pass word without delay if you suspect it has been exposed Do not use the same password in the university s information systems and external systems INTERNET AND E MAIL Data is often transmitted through an insecure connection on the Internet In such case your data is not protected in any way so be careful when using e mails and the Web Each student receives a user account and e mail address from the university The ad
5. the class room if you are not sure they have the right to use the university s computers PERSONAL COMPUTERS AND IT SECURITY The university is responsible for the information security of its own computers You are responsible for the information security of your own computer Try to follow good adminis tration practices Good information security practices require that up to date firewall and antivirus software are installed on your computer automatic update of the operating system e g with the Windows update functionality is enabled and se curity updates are carried out Use a user account that has administrator privileges e g Administrator root only to install software and manage user accounts For normal use create yourself a user account without ad ministrator privileges This improves privacy protection and decreases the risk of malware infection Install new software on your computer only if it is absolute ly necessary Each unnecessary installation increases the risk of malware infection Install software only from known software resources Remember to make regular backup copies of your files Think about what kind of data you could lose if your hard disk is damaged or files are destroyed due to malware Becareful when transporting and storing a laptop The lap top needs to be protected from shock damage dust and moisture Never leave your laptop visible in a car f yo
6. Naukkarinen Tampere Univ of Technology This guide has been written as part of official duties of employment at the universities of Helsinki Kuopio and Oulu and is licensed under a Creative Commons Attribution Noncommercial Share Alike License http creativecommons org licenses by nc sa 1 0 fi THE PURPOSE OF INFORMATION SECURITY AND DATA PROTECTION Computers and the Internet are important tools for stu dents However there are certain risks involved in using the Internet so you should be aware of the basic principles of information security and data protection Information security means protecting information and in formation systems from unauthorized access and ensuring that they are reliable and safe to use Data protection means protecting your information from unauthorized disclosure and preventing misuse of personal information To protect your privacy it is vital you take the principles of data protection into account when using a computer Re member to protect both your own data and that of oth ers Information that needs to be protected from outsiders includes for example personal contact health and bank account information e mails and photographs Information security is often considered difficult but with common sense and by following instructions you can easily avoid most of the pitfalls Everyone is responsible for maintaining information secu rity at the university The info
7. copyright Do not down load them from the Internet or share them through the Internet without the express consent of the person who owns the copyright Current copyright legislation prohibits copying computer software for personal use Unauthorized distribution of software protected by copyright is also pun ishable by law 11 When you are quoting someone else s material in your own written works or theses you must follow the rules of cita tion Always add a citation when you are quoting someone else s work Always ensure you have the right to do so be fore quoting or inserting links to someone else s material into your own work WHEN YOUR RIGHT TO STUDY EXPIRES 12 Your right to use the IT services available at the university will terminate when your right to study expires After you graduate or your right to study expires your right to use the university s IT services will be terminated Your user account is usually disabled automatically After your right to study expires the university will permanently delete your user account e mails and files saved to your home directory after a certain period of time Before your user account is disabled please note the following e Notify your friends that your e mail address has changed e Copy the files that you want to keep from the univer sity s servers and delete the remaining files e Copy the e mail messages you want to keep or forward them to another e mail addres
8. dress provided by the univer sity must be used as the primary e mail address in all the university s services and information systems including the Student Register and virtual learning environments Oodi Optima Moodle Blackboard etc When you are writing e mails and interacting with others through the Internet remember to follow the principles of Netiquette Posting insulting messages on an Internet fo rum is impolite In some cases it may even result in a court sentence E mail attachments may be infected with malware Beware of all unusual e mails and especially e mail attachments Do not open suspicious e mails For more information please contact the university s IT Helpdesk Unsolicited advertisements and chain letters are spam Do not answer to such e mails or forward them Instead de lete them immediately Spam e mails may contain malware or direct the user to a malicious website Universities use different methods to filter spam In some systems spam filtering is automatically enabled and in oth ers the user may have to enable filtering For more informa tion please see the university s rules and regulations Use caution with e mails The sender of the e mail may be someone else than the person whose name shows up in your inbox Viruses may also send e mail without any user action Be especially careful with so called phishing e mails These fraudulent messages may ask for your username and pass word o
9. e s personal information Be careful when posting personal information on yourself or others on Internet forums e g Facebook MySpace or other network services Once you post personal informa tion such as a photograph or home address on the Inter net it may be difficult or impossible to remove it completely afterwards t is easy to impersonate someone else when using an In ternet service so do not believe everything you read f you use your mobile phone in a public space someone may hear and recognize you Keep your voice down when speaking on the phone in public UNIVERSITY S COMPUTERS AND IT SECURITY Do not let others see your computer keyboard or screen when you are typing your username and password or when you are processing sensitive data Always log in to the university s computers with your own username and password Log off after using a computer and make sure of the following Delete all temporary files and other data saved by the browser Delete other temporary files you have saved on the com puter Remember to take your memory stick and papers with you as you leave f you need to leave the computer temporarily take your memory stick and other materials with you and lock the computer so no one will be able to see your username and password or read your files Please note that locking the computer for a longer period of time may be prohibited at your university b
10. ecause it reserves the computer and oth ers cannot use it in your absence Locking your Windows computer Win L Save all important data to your network drive or home di rectory when using a computer connected to the univer sity s network The university will then take care of saving a backup copy of your work Save changes on a regular basis in many Windows pro grammes with the key combination Ctrl S when you are modifying text or other material for a longer period of time This way you will not lose all your work in case of a technical failure Before you print materials out of a shared printer make sure you know where the printer is located Collect your printouts as soon as possible Lock the computer before collecting your printouts The university s computers are meant to be used primarily for study related purposes If others are waiting for their turn do not use a computer for personal purposes Installing software on the university s computers is gener ally prohibited and often technically prevented too If you need certain software please contact the IT Helpdesk It is possible that the software has already been installed on computers in another classroom or the university may in some cases agree to obtain a license for the software If you have access rights to locked computer classrooms at the university remember to close the door after entering and leaving the classroom Do not let others into
11. ials organised on the computer memory devices and in paper form so that it is easier to ensure they are protected Old hard disks memory sticks and other memory devices and papers containing sensitive data should not be thrown in the bin Destroy the materials appropriately data saved 10 on a memory stick hard disk or other electronic media is destroyed by overwriting or crushing the object and paper documents are shredded COPYRIGHTS AND SOFTWARE LICENSES Only install licensed software or freely available software on your computer Do not install illegal copies or any other software if you are not sure you have the right to use it The right to study at a university entitles students to use certain software For further information please see the university s rules and regulations Remember that using software to which you have access because of your student status is often limited to study related purposes Your right to use the software will ter minate when your right to study at the university expires After this it is your responsibility to uninstall the software from all the computers on which you have installed it The terms of use concerning electronic resources available at the university s library restrict who has the right to use the resources and to what purpose For further informa tion please see the instructions of the university s library Films and music are protected by
12. r online bank account information by giving some excuse that sounds reasonable or masquerading as a trust worthy entity If you receive an e mail that is not meant for you please notify the sender that s he has the wrong e mail address Remember that you are bound by confidentiality with re gard to the content of the message When you send e mails make sure you know the recipi ent s correct e mail address Check the address for typos before sending the message Use caution when sharing your e mail address or posting it on the Internet Get yourself a free e mail address such as a Hotmail or Gmail address Avoid using your university e mail address on Internet forums and services such as Fa cebook MySpace etc Use only network services that are well known and reli able If you use an e mail service provided by and external ser vice provider select a service that encrypts data transmis sion letters https appear in the address bar and there is a lock icon on the bottom of the screen Never use network services under a user account that has administrator privileges Administrator root PRIVACY PROTECTION Use caution when managing personal in formation Think first what kind of personal information you can share with others and who is the recipient You have the right to share your own per sonal information with others but you need permission or other authorization to share anyone els
13. rmation security policies in force at Finnish universities stipulate that students are for example responsible for following given instructions to protect their own information and that of others Informa tion security breaches may have legal consequences f you hold a position of trust alongside your studies your responsibilities go beyond those of an ordinary student Please familiarize yourself with these responsibilities ACCESS RIGHTS AND PASSWORDS Your access rights to the university s information systems are granted for your personal use only Students usually log in to the university s computers and in formation systems with a username and password Handle your username and password with as much care as your bank card Some Finnish universities employ a smart card student card Lyyra for identification purposes and access control Students must handle the smart card with care As the owner of the card you are responsible for the use of your smart card so do not lend it to others You are responsible for all the activities occurring under your user account Do not tell your username or password to others Even the system administrators do not need to know your password Never provide your username and password in response to an unsolicited request The university offers you e mail and other services that are primarily meant to be used for study related purposes Rea sonable use of the services
14. s e Uninstall any software to which you had usage rights due to your student status and are no longer entitled to use from your computer MALWARE INFECTIONS AND INFORMATION SE CURITY BREACHES f you suspect that a computer is or has been infected with malware 1 Use another computer to change all the passwords you have used on the infected computer If you have used online banking services through the infected computer notify your bank immediately that your online bank ac count information may have been exposed 2 If the infected computer is your own stop using it imme diately and find out how to remove malware If some one else owns the computer contact the owner without delay The university s IT Helpdesk may offer some limited assis tance with restoring your computer after a malware infec tion You can start by viewing instructions issued by the IT Helpdesk on handling computer viruses In addition visit the website of the company that developed your antivirus software for instructions on removing malware Ifyou have reason to suspect an information security breach or misuse of an information system contact the person in charge of the service or IT system If the case concerns your university contact the IT Helpdesk If the case concerns an other organisation contact the organisation s switchboard Remember to leave your contact information so you can be reached if additional information is needed
15. u have your own wireless network connection enable the security settings so others cannot use your connection or follow what you are doing on the Internet For instruc tions please see the user manual of your wireless device f you have your own broadband connection check the user manual to see if it includes a firewall and enable it Keep track of warnings issued for example by service pro viders concerning information security threats e g www cert fi en PUBLIC COMPUTERS AND WIRELESS NETWORKS Computers in Internet cafes libraries and other public spaces are handy when you are on the go and need to use a computer However be sceptical of information security and data protection when using such computers The com puter may be infected with malware as a result of the ac tivities of the previous user Think first if itis necessary to log in to network services with your own username and password and consider what kind of data to process with a publicly accessible computer Using a computer always leaves tracks behind temporary files cookies browser sessions etc Learn how to clear the cache memory of a browser and other typical tracks that using a computer leaves When you are using wireless networks find out if the con nection is secure or not Networks in shared use such as computers in cafes and airports usually have an unpro tected connection and others can easily monitor what you

Information Security Guide for Students 2009

Contents

Download Pdf Manuals

Related Search

Related Contents