IT Security Support

Security FAQ

Questions:

These are some commonly asked questions regarding IT Security. If you don't find what you need on this page, IS&T maintains an online database called Hermes.

Answers:

General

What are the first things I should do to protect my computer when I arrive on campus?

Strong password: To set up your email or Athena account at MIT, you will need to register for an Athena user account online. A username will be assigned to you and you will need to pick a password. Strong passwords will discourage anyone else from using your account without your authorization. See these guidelines for strong passwords.
Virus protection: IS&T offers virus protection software free to all members of the MIT community. It can be downloaded from the software download page.
Physical security: Keep your computer safe! Campus police offer a laptop registration program to discourage computer theft.
Spam screening: Prevent your inbox from filling up with spam. Users of MIT email can set up spam screening and allow/deny lists to limit the number of spam messages. See more about email and spam below.
Backup: Don't lose all your hard work if you lose your computer, it contracts a virus, or it gets hacked. IS&T offers TSM, a backup and restore service that allows you to backup your data onto secure servers over the network. See more about backups below.

What if I don't have time to follow up on all of this security advice?
MIT has many IT professionals on campus. Here are a few options for IT assistance:

Bring your computer in to the IS&T Computer Help Desk where staff can configure your computer for maximum security (some of these services are fee-based).

Staff can take advantage of the AdminIT Program, which provides special IT-based support to administrative members of the MIT community.

For departments, MIT Departmental Services (DS) assists the MIT community in the application of computer technology to their work and research.

What is Kerberos?
Kerberos was created by MIT as a solution to network security problems. The Kerberos network authentication protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client has used Kerberos to prove its identity, it can also encrypt all of its communications to assure privacy and data integrity as it goes about its business.
Learn more.

What's the best way to back up my files at MIT?
There are several ways files can be backed up, using hard drives or disks. However, IS&T offers and recommends a network backup service. Tivoli Storage Manager ( TSM) lets you backup and restore files to/from a secure server.

What is a firewall?
A personal firewall is software installed on a computer that controls communication to and from that computer when connected to a network or the Internet. It provides a line of defense against someone who might try to access your computer without your permission. A personal firewall can help prevent computer worms from reaching your computer by blocking unsolicited communications. Through intrusion detection, the firewall allows a connection to be terminated or blocked when it suspects an intrusion is being attempted.
Learn more.

Email and Spam

What should I do if I think someone has used my email account?
If you have reason to believe your email account has been hacked, you should immediately change your email password. Notify the Security Team to ensure no other data has been accessed and compromised.

How do email accounts get compromised?
Email accounts can be compromised when the password to the account has been shared or stolen. Passwords that are too weak can be guessed or hacked. Another way a hacker will try to get a password is through social engineering. With the password to the account in hand, an unauthorized user can access email online and can use the account to send out spam messages. Any information contained in messages in email folders will also be accessible.

What is phishing?
Phishing is a form of scam or spoof. A phishing message is an email message that falsely claims to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. These types of messages can easily tempt the user to reply or click on a dangerous link or attachment because they often come from an organization that the user has already established trust with, such as his or her bank or school. To reduce the temptation to respond to such messages, users are reminded that no legitimate business will ever ask them to supply personal information through email.

What is MIT doing about spam?
Users of MIT email (i.e., those receiving their email on po9, po10, po11, po12, or po14) have the option of screening incoming messages for spam. MIT Spam Screening performs a series of tests on an incoming email message, scores it according to a set of criteria, and can optionally filter any message that qualifies as spam.
Learn more.

Where can I go for more information about spam?

Spam Filtering
The Coalition Against Unsolicited Commercial Email
The Network Abuse Clearinghouse and its sister site Spam Abuse include a useful page on recent Internet scams.
The Consumer Privacy Guide, sponsored by the Center for Democracy and Technology, is a good site examining how you can better protect your privacy.
Junkbusters is another good resource, which outlines steps you can take to defend yourself against spam, telemarketers, and other commercial intrusions.
Frequently asked questions on spam at MIT

Web Browsers

Why are security settings for web browsers important?
Your web browser is your primary connection to the rest of the Internet, and multiple applications may rely on your browser, or elements within your browser, to function. This makes the security settings within your browser even more important. Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked. The safest policy is to disable the majority of those features unless you decide they are necessary. If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.
[Text source: US-CERT]

What is SSH?
The program SSH (Secure Shell) is a secure replacement for telnet. It provides an encrypted channel for logging into another computer over a network, executing commands on a remote computer, and moving files from one computer to another. SSH provides strong host-to-host and user authentication as well as secure encrypted communications over an insecure Internet. Mac OS X comes with OpenSSH built in. For Windows, you will have to install a third party SSH client.
Learn more.

How can I stay safe when I visit social networking sites like MySpace or Facebook?
Use sound judgment when it comes to the information you choose to share with others online. Avoid sharing personal information that can be used for identity theft or that can be used to stalk you. Always think twice about what you post (images or text). Web pages can be archived so don't think the files are gone just because you deleted them. Restrict who can view your information and be skeptical about information shared by others.

Where can I go for more information about web browser security?

Updates, Patches, and Virus Protection

How frequently should I patch my system and software?
It is a good idea to update your operating system and software with patches as frequently as -- and scheduled at a time that -- is most convenient to you. However, it is advisable to not wait too long to install the patches. The longer you wait, the more likely your computer remains vulnerable to an exploit of the flaw. Set the updates to automatically download so that you don't have to remember to do so. The most common setting is "once a week."

Where do I get the latest operating system and software patches?

Windows: Obtain the updates through Automatic Update available through the Control Panel. Alternatively, the MIT Windows Automatic Update Service (WAUS) is available to those members of the MIT community who wish to utilize Microsoft's Automatic Update feature with a more conservative selection of patches -- focused on critical security updates -- than those available directly from Microsoft. Updates can also be downloaded from the Microsoft Web site.
Macintosh: Obtain the updates through Software Update available through System Preferences. Updates can also be downloaded from the Apple Web site.
Linux: RHN Update service is provided free with registration through MIT.
Learn more.

Why does my anti-virus software need to be updated?
Most people forget about their anti-virus software after they've installed it and first set it up. They may feel that this is enough to put them at ease in regards to virus protection. However, you must keep your virus protection software up to date.
Most anti-virus programs consist of two main parts: heuristic scanning, which searches for virus-type behavior; and a virus pattern database, sometimes called virus signature files, that identifies specific, known viruses. The database is the part that needs to be updated. More than 250 new viruses are detected each month. Companies that manufacture anti-virus software incorporate the detection processes for the new viruses almost as quickly as they can be detected. Anti-virus software on your computer will not detect or eliminate new viruses or variants until you download the new anti-virus update.

How can I prevent spyware being installed on my computer?
In addition to the security steps you are already taking, such as updating software, using a firewall, installing anti-virus software (most anti-virus software will also detect spyware), and setting up secure browser settings, it is important to surf and download safely.
The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want:

Only download programs from Web sites you trust.
Read all security warnings, license agreements, and privacy statements associated with any software you download.
Never click "agree" or "OK" to close a window. Instead, click the red close button in the top corner of the window.
Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs.

Where can I go for more information about protecting my computer from a virus?

See Virus Protection
See Dealing with Spyware and Other Malware

Passwords

What are strong passwords?
A strong password has a combination of character classes including capital letters, lower case letters, numbers, symbols and punctuation marks. A strong password is also greater than 6 characters, and its strength increases the longer it is. A strong password is only used in one place and is not a commonly used dictionary word.
Learn more.

How can I keep my password secure?
Do NOT share your password with anyone or write it down. If you need a reminder of what your password is, use a note only you would understand. For instance if you used your mother's favorite phrase and replaced certain letters with characters or capital letters you can write "mom's phrase, i = !, s = caps". Never keep the password near your work station.

If I forget my password, what should I do?
If you forget your Kerberos password, you can change it online using your MIT certificate or by contacting User Accounts. If you forget a password for any other online account, look for the "forgot your password?" link on the login page, which all login pages should provide.

How do I remove stored passwords in my browser?
Each browser has a different method for removing stored passwords. The instructions are listed here. To keep your browser from storing passwords, make sure you select the "never remember" option in your browser's settings. When prompted to remember a password when first logging in to an online account, always decline.

Copyright and Peer-to-Peer (P2P) File Sharing

What is peer-to-peer software?
Peer-to-peer (P2P) software is any file-sharing software (e.g., KaZaA, BitTorrent, Morpheus, Grokster) that allows users to both share content from their computers and to connect to other, similarly configured computers for the purpose of downloading content. While P2P software has many legal uses, it is often used for unauthorized sharing and downloading of copyrighted materials such as music, films, video games and software.

If I use file sharing is my computer safe?
Some P2P applications will put you at risk of downloading files that contain viruses and Trojans and exposing your personal files to the outside world. Also, many free P2P applications have been known to contain spyware and adware. You shouldn't trust the name of a file on a stranger's computer, or download an application from an untrustworthy source. In addition, if you have file sharing enabled, anyone can see the shared files on your computer. Make sure that there is not any personal or sensitive information being shared that could put you or others at risk for identity theft or fraud.

What is the risk of copyright infringement if I use file sharing software?
You are only at risk if you are sharing files that are copyright protected. Music, software, and movie files are usually protected by copyright. Unless you have personally created the file or have received written permission from the copyright holder to distribute the file, it's probably protected by copyright and thus illegal to share. Make sure that if you are sharing files, that the shared folder does not contain any copyright protected files.

Where can I go for more information about copyright infringement and P2P file sharing?
See Digital Copyright Issues on MIT Network.

System Compromises

How do I report an incident?
Information or network security incidents should be reported immediately to security@mit.edu. If you believe sensitive information may have been compromised (leaked or stolen), report this to infoprotect@mit.edu. If data was compromised because of a theft of electronic media or a computing device, also report this to MIT campus police by dialing 100 from campus or 617.253.1212.
More detailed information on how to respond to a compromised computer incident can be found here.

Under what conditions would IT Security remove a machine from the network?
A computer is removed from the MIT network in order to protect the data on that computer from misuse or theft, or to protect other computers on the network from attacks. It may also be removed if illegal behavior has been detected in association with the computer (for instance illegal file sharing of copyrighted material).
The IT Security Support Team recognizes that a decision to remove a machine from the network can create inconvenience and difficulties for users. Please understand that our purpose is only to protect compromised systems and data from further misuse, and to ensure the safety of work at MIT and elsewhere on the Internet.

What do I do if my network access has been terminated?
If you lose network access, check your email using another computer (for instance one of the public Athena workstations). You will receive an email from ITSS with a case number if network access was disabled because your computer was compromised, or for inappropriate network behavior. Follow the instructions in the email.
To get your network access turned back on, you will need to reply to security@mit.edu with the case number in the subject line. Your network access will be enabled when IT Security is confident that the computer presents no risk or the inappropriate behavior has stopped. If you do not receive email from ITSS, you should contact the Service Desk.

Why is it necessary that I reformat?
When the nature of the infection or intrusion is such that it is not possible to detect and eradicate all possible malicious code on your machine, wiping the system clean and reinstalling the operating system may be necessary. When reinstallation has been complete, downloading all Microsoft and Apple critical patches, as well as running anti-virus software, should enable you to go back to using the computer normally. Back up all your important files and applications prior to reinstallation. This can be a frustrating and time-consuming process, but unfortunately, this is the only way to be sure recovery is complete. If you need assistance with this process, the Help Desk provides this service for a $60/hour fee.

Where can I go for more information on system compromises?
More information can be found within the Network Security topic on this site.

Getting Help

IT Security Support

Security FAQ

Questions:

General

Email and Spam

Web Browsers

Updates, Patches, and Virus Protection

Passwords

Copyright and Peer-to-Peer File (P2P) Sharing

System Compromises

General

Email and Spam

Web Browsers

Updates, Patches, and Virus Protection

Passwords

Copyright and Peer-to-Peer (P2P) File Sharing

System Compromises

Related Links