Information Security FAQs
Q: What general security precautions does MedIT take for web servers?
We take a range of industry-standard precautions, including:
- Configuration of web server securely according to the vendor’s security guidelines
- Identification of application files on the web server and protect them with access controls
- Running of web server processes with appropriate privilege accounts. We avoid running web server processes using full privileged accounts (e.g. ‘root’, ‘SYSTEM’, ‘Administrator’)
- Configuration of web server software to prevent any leak of information such as web server software version, internal IP address, directory structure, etc.
- Configuration of access rights so that server software cannot modify files being served to users. In other words, the web server software should have read-only access rights to those files
- Application of the latest security patches to web server software
The University’s latest security baseline can be found on the ISEA website (ISEA is a part of ITS).
Q: What computer security precautions I should consider as an end-user?
Here are some of the more important precautions that we advise for everyone:
- Encrypt all mobile devices (laptops, smartphones, tablets, USB keys)
- Don’t login to sensitive web applications from a public computer or public WiFi network
- Don’t cache your username and password in your workstation (i.e. “remember me”)
- Remember to log off at the end of a session
- Use different sets of logins and passwords for different web applications and services, and especially for personal and work systems
- Regularly change your passwords used in critical web applications
- Report abnormal behavior to the service provider immediately
- Ensure that the operating system and system components like Internet Explorer (browser) and Microsoft Office are fully patched and up-to-date
- Install a personal firewall as well as anti-virus software with the latest virus signatures
- Don’t download software, plug-ins, or browser toolbars from unknown sources
Q: Can I use p2p (peer-to-peer) software on campus?
P2P software can have legitimate, legal uses, so it is acceptable. However, the university has a strict, zero-tolerance policy on the use of p2p software to illegally distribute data, such as copyrighted movies. The network is monitored for this activity, and if it is detected then your IP will be blocked, and your divisional IT support group will be contacted.
Q: I have a virus on my system, and now my internet has stopped working.
Infected PCs often attempt to contact other systems on the network to spread the virus. If your PC is detected doing this, your IP address will be blocked until the system is cleaned. We advise that you have a MedIT technician assist with the cleanup to ensure the viruses are fully removed. We can also help you re-activate your IP address.
Q: I've heard that I should use an encrypted USB drive. What do you recommend?
Q: How do I Password Protect My Word Document?
To encrypt your file and set a password to open it:
- Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document.
- In the Encrypt Document dialog box, in the Password box, type a password, and then click OK. You can type up to 255 characters. By default, this feature uses AES 128-bit advanced encryption. Encryption is a standard method used to help make your file more secure.
- In the Confirm Password dialog box, in the Reenter password box, type the password again, and then click OK.
- To save the password, save the file.
Remove password protection from a Word document:
- Use the password to open the document.
- Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document.
- In the Encrypt Document dialog box, in the Password box, delete the encrypted password, and then click OK.
- Save the file.
Set a password to modify a Word document:
- Click the Microsoft Office Button , click Save As, and on the bottom of the Save As dialog, click Tools.
- On the Tools menu, click General Options. The General Options dialog opens.
- Under File sharing options for this document, in the Password to modify box, type a password.
- In the Confirm Password dialog, re-type the password. Click OK.
- Click Save.
Q: How do I clear my browser “cookies”?
Please note: instructions may be slightly different based on the version of your browser.
In Internet Explorer:
- Select Tools
- Select Internet Options
- Click Delete in Browsing history
- Make sure Cookies and website data is selected
- Click Delete
In Firefox:
- Select Tools
- Select Options
- Select Privacy
- Click Show Cookies
- Click Remove All Cookies
In Chrome:
- Click the Chrome menu
- Select Settings
- Click Show advanced settings…. link
- In Privacy click Content settings
- In Cookies click All cookies and site data….
- Click Remove all
Q: How do I reduce the amount of SPAM I get?
If you are experiencing a large amount of SPAM in your Inbox, chances are that you do not have the SPAM filter activated. Please follow the instructions below to filter out SPAM E-Mail.
- In Outlook, go to the Home Tab then click Rules then Create Rule.
- After you click on Create Rule, a window will pop up. Check and fill in the Subject Contains field as shown below and also check the Move The Item To Folder: field and select Junk E-Mail. Use the Select Folder Button to select the Junk E-Mail Folder.
- Click OK on the next pop up check the Run This Rule Now box and click ok.
- This should now filter out all E-Mails with SPAM in your Inbox.