Difference between revisions of "Runsafe"

Summary:

• Start your computer off healthy by setting it up at birth according to StartSafe recommendations.
• Feed your computer cautiously. Refuse unknown programs.
  • Unfamiliar or unsolicited files from any source should be treated with caution.
  • Verify the sender and the contents.
    • e-mail attachments
    • instant message file transfers
    • P2P files
    • Files found on open windows file shares
    • Files offered from Web links found in e-mail, instant messages, P2P, or any other unsolicited source
• Eat from your computer cautiously.
  • The FROM field in an e-mail message cannot be trusted.
  • Anyone can put up a web site that says anything
  • File names are often meaningless
  • Do not make critical decisions based on unsolicited messages without verifying the source
    • Providing passwords
    • Providing sensitive information like account numbers
    • Running programs on your computer
    • Reconfiguring your computer
• Don't let someone else force feed your computer something bad
  • Update your computer's programs regularly
  • Choose strong passwords and safeguard them.
• Be aware of computer health risks and crime.
  • Computing Security Hot Topics
• Put some food away for bad times. Backup critical data regularly.
• Recovery instructions for a sick and quarantined Windows computer.

Did you know that with one wrong mouse click you could make it possible for someone to read all your email, documents, or instant messages? That they could also view your grades, online bank accounts, or change your course schedule? That they could read or change anything on your computer? Or anything accessed from it? That they could turn on your computer's microphone to listen in on conversations? Or command your computer to attack other network users or sites? Or use your computer for a computer crime for which you may be blamed?

Did you know a newly installed Windows XP, 2000, NT, or Linux computer is likely vulnerable to the same type of compromise without even a mouse click just by being attached to the network?

Did you know several such incidents have occurred on computers at JMU...from Windows 95 and Macintosh desktops to Windows NT and Unix servers? That they've been used to attack other computers and divulge information? Did you know all our computers are scanned constantly from around the world by people hoping to take advantage of them?

Did you know that your behavior impacts your neighbors' security and their behavior yours?

The Internet, paired with today's software, provides us astonishing capabilities for sharing and communication. However, these same capabilities also provide access and computer power to more than 600 million people around the world...some of whom may not share our behavioral expectations. Examples, such as random acts of vandalism, can be found in any local newspaper.

The threats associated with online folks' behavior are very different from similar threats in the physical world. Using the same freedom and functionality we treasure, they can communicate with our computers almost instantaneously, almost anonymously, and en masse from around the world. They don't even need to be a computer expert. It only takes one person to write a destructive program to enable many people without technical knowledge to cause problems, just as all of us use word processors and web browsers without knowing how they work or being able to write one ourselves.

While the risks associated with these threats can be decreased by limiting communications, limiting computer functionality, and increasing the complexity involved with our computing environment, they can't be eliminated. Moreover, the more we wish to maintain our current freedom in communications and computing, the more necessary it is that we individually take steps to take care of ourselves and reduce the need for outside controls and limitations.

The only person ultimately in control of a computer is the operator in front of the keyboard. That person presently has the freedom to run any software he or she wants and communicate with anyone around the world. Our computers can do almost anything we tell them to do. Unfortunately, this versatility makes them very complicated. Perhaps the most complicated devices we are exposed to on a regular basis. This is true despite our most fervent wishes, occasional profanity, and manufacturers efforts. Computers have more decision points and varying functionality than almost anything else we use. They are not cars, televisions, or radios and efforts to make them appear to be so have sometimes backfired and caused security problems.

The goal of the R.U.N.S.A.F.E. program is to help you attain the knowledge and skills necessary to more safely operate an Internet connected computer. R.U.N.S.A.F.E. workshops are offered once per semester that describe the incidents we've seen at JMU, the threats we're exposed to, and that teach the defensive concepts and procedures described here. Onsite workshops are also available to groups. (contact Gary Flynn to schedule one).

Online:

RUNSAFE PowerPoint presentation. If you don't have PowerPoint, you can get a free viewer from Microsoft here. Security in the Trenches PowerPoint presentation. A sixteen minute RUNSAFE awareness video is available. It can be downloaded here. The material is copyrighted by Jim Blackburn but may be used for educational purposes. The file is 161 MB in size.