Temerty Faculty of Medicine
Search this site
Menu

Information Security FAQs

Q: What general security precautions does MedIT take for web servers?

We take a range of industry-standard precautions, including:

  • We configure the web server securely according to the vendor’s security guidelines
  • We identify application files on the web server and protect them with access controls
  • We run web server processes with appropriate privilege accounts. We avoid running web server processes using full privileged accounts (e.g. ‘root’, ‘SYSTEM’, ‘Administrator’)
  • We configure web server software to prevent any leak of information such as web server software version, internal IP address, directory structure, etc.
  • We configure access rights so that server software cannot modify files being served to users. In other words, the web server software should have read-only access rights to those files
  • We apply the latest security patches to web server software

The University’s latest security baseline can be found on the ISEA website (ISEA is a part of ITS).

Q: What computer security precautions I should consider as an end-user?

Here are some of the more important precautions that we advise for everyone:

  • Encrypt all mobile devices (laptops, smartphones, tablets, USB keys)
  • Don’t login to sensitive web applications from a public computer or public WiFi network
  • Don’t cache your username and password in your workstation (i.e. “remember me”)
  • Remember to log off at the end of a session
  • Use different sets of logins and passwords for different web applications and services, and especially for personal and work systems
  • Regularly change your passwords used in critical web applications
  • Report abnormal behavior to the service provider immediately
  • Ensure that the operating system and system components like Internet Explorer (browser) and Microsoft Office are fully patched and up-to-date
  • Install a personal firewall as well as anti-virus software with the latest virus signatures
  • Don’t download software, plug-ins, or browser toolbars from unknown sources

Q: Can I use p2p (peer-to-peer) software on campus?

p2p software can have legitimate, legal uses, so it is acceptable. However, the university has a strict, zero-tolerance policy on the use of p2p software to illegally distribute data, such as copyrighted movies. The network is monitored for this activity, and if it is detected then your IP will be blocked, and your divisional IT support group will be contacted.

Q: I have a virus on my system, and now my internet has stopped working.

Infected PCs often attempt to contact other systems on the network to spread the virus. If your PC is detected doing this your IP address will be blocked until the system is cleaned. We advise that you have a MedIT technician assist with the cleanup to ensure the viruses are fully removed. We can also help you re-activate your IP address.

Q: I've heard that I should use an encrypted USB drive. What do you recommend?

University policy and established practice require that personal information (PI), if it’s not stored on a secure server, must be encrypted. The use of whole-disk encryption ensures that, if the storage device (like a USB drive or laptop) is lost or stolen, the data on it will be inaccessible and would therefore not be considered to have been exposed by the Information and Privacy Commissioner. For a long time, encrypted USB drives tended to be significantly more expensive than unencrypted ones, which slowed adoption. However, much lower-priced options have become available in recent years. Our recommendation is the Kingston DataTraveler Locker+ encrypted drive, which is compatible with both Windows and Mac operating systems. These drives are stocked by MedStore.

Q: How do I Password Protect My Word Document?

To encrypt your file and set a password to open it:

  1. Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document.
  2. In the Encrypt Document dialog box, in the Password box, type a password, and then click OK. You can type up to 255 characters. By default, this feature uses AES 128-bit advanced encryption. Encryption is a standard method used to help make your file more secure.
  3. In the Confirm Password dialog box, in the Reenter password box, type the password again, and then click OK.
  4. To save the password, save the file.

Remove password protection from a Word document:

  1. Use the password to open the document.
  2. Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document.
  3. In the Encrypt Document dialog box, in the Password box, delete the encrypted password, and then click OK.
  4. Save the file.

Set a password to modify a Word document:

  1. Click the Microsoft Office Button , click Save As, and on the bottom of the Save As dialog, click Tools.
  2. On the Tools menu, click General Options. The General Options dialog opens.
  3. Under File sharing options for this document, in the Password to modify box, type a password.
  4. In the Confirm Password dialog, re-type the password. Click OK.
  5. Click Save.

Q: How do I clear my browser “cookies”?

Please note: instructions may be slightly different based on the version of your browser.

In Internet Explorer:

  • Select Tools
  • Select Internet Options
  • Click Delete in Browsing history
  • Make sure Cookies and website data is selected
  • Click Delete

In Firefox:

  • Select Tools
  • Select Options
  • Select Privacy
  • Click Show Cookies
  • Click Remove All Cookies

In Chrome:

  • Click the Chrome menu
  • Select Settings
  • Click Show advanced settings…. link
  • In Privacy click Content settings
  • In Cookies click All cookies and site data….
  • Click Remove all

Q: How do I reduce the amount of SPAM I get?

If you are experiencing a large amount of SPAM in your Inbox then chances are that you do not have the SPAM filter activated. Please follow the instructions below to filter out SPAM E-Mail.

  • In Outlook go to the Home Tab then click Rules then Create Rule.
  • After you click on Create Rule a window will pop up, check and fill in the Subject Contains field as shown below and also check the Move The Item To Folder: field and select Junk E-Mail. Use the Select Folder Button to select the Junk E-Mail Folder.
  • Click OK on the next pop up check the Run This Rule Now box and click ok.
  • This should now filter out all E-Mails with SPAM in your Inbox.

Q: I’m finding spam messages or bouncebacks to messages in my Inbox from myself. I know I didn’t send these messages. Why is this happening?

It’s called “spoofing”. Hackers may have gotten your email address from somewhere, and rather than using their own email address to send out Spam, they are using your email address. Unfortunately, there’s very little we can do about this since the mail protocol allows anyone to put anything in the “From: “ field of a message being sent.