data security illustration

IT Security & Awareness

Restricted Software

The use of various software applications are restricted as they pose security risks to the College's information technology resources.


DISTRIBUTED COMPUTING

Distributed Computing - A type of computing in which different components and objects comprising an application can be located on different computers connected to a network.

Examples:

SETI@Home
Distributed.NET

Risk to the College and/or general public:

  • Misuse of College's computing resources including computers and network bandwidth.
  • Security bugs in the clients such as buffer overflows that could expose users to any number of different types of attacks (denial of service attacks, worm infections, privilege-elevation attacks, Trojan attacks, etc.).

Recommendation as to how it should be restricted:

Distributed computing software is prohibited to be installed and/or used on any computer system connected to the MC network unless prior approval has been obtained from the Dean or Director of the requestor and the IT Security group. The request must describe the need to perform College-related activities.

Alternatives, if any:

  • None

Links for more information:

http://www.infosecuritymag.com/articles/february01/cover.shtml
http://www.securityfocus.com/news/300
http://www.extremetech.com/article2/0,3973,50459,00.asp


TOP


INSTANT MESSAGING

Instant Messaging - A type of communications service that enables you to create a private chat room with another individual. Typically, the instant messaging system alerts you whenever somebody on your private list is online. You can then initiate a chat session with that particular individual.

Examples:

ICQ
AOL Instant Messenger (AIM)
Yahoo! Messenger
MSN Messenge

Risk to the College and/or general public:

  • Privacy issues (personal information leakage, IP address exposure, loss of confidential information, and eavesdropping) because they transmit conversations unencrypted
  • Identity issues (impersonation),
  • Malware in transferred files (worms, viruses, Trojan horses, and other malicious software)
  • Security bugs in the clients such as buffer overflows that could expose users to any number of different types of attacks (denial of service attacks, worm infections, privilege-elevation attacks, Trojan attacks, etc.)

Recommendation as to how it should be restricted:

Instant messaging software is prohibited to be installed and/or used on any computer system connected to the MC network unless prior approval has been obtained from the Dean or Director of the requestor and the IT Security group. The request must describe the need to perform College-related activities.

Alternatives, if any:

  • E-mail

Links for more information:

http://www.infosecuritymag.com/2002/aug/cover.shtml
http://www.infosecuritymag.com/articles/february01/cover.shtml


TOP


PEER-TO-PEER

Peer-to-peer (P2P) file sharing - On the Internet, peer-to-peer (referred to as P2P) is a type of transient Internet network that allows a group of computer users with the same networking program to connect with each other and directly access files from one another's hard drives.

Examples:

KaZaA
Bearshare
Limewire
Morpheus
iMesh
WinMX

Risk to the College and/or general public:

  • Introduces malicious software such as viruses, trojans, and Internet worms to the College network and other resources.
  • Unknowingly share files on the computer it is installed to everyone on the Internet.
  • Uses up valuable network bandwidth.
  • Can be used to violate copyright laws.
  • Bugs in the client software can cause systems to crash or conflict with business applications.
  • Have been shown to provide "backdoors" for unauthorized access to local and network computing facilities.

Recommendation as to how it should be restricted:

Peer-to-peer file sharing software is prohibited to be installed and/or used on any computer system connected to the MC networks unless prior approval has been obtained from the Dean or Director of the requestor and the IT Security group. The request must describe the need to perform College-related activities.

Alternatives, if any:

  • None

Links for more information:

http://asia.cnet.com/itmanager/trends/0,39006409,39040104,00.htm
http://www.infosecuritymag.com/articles/february01/cover.shtml
http://www.scmagazine.com/scmagazine/sc-online/2001/article/039/article.html

TOP


REMOTE ACCESS

Remote Access - The ability to log onto a network from a distant location. Generally, this implies a computer, a modem, and some remote access software to connect to the network. Whereas remote control refers to taking control of another computer, remote access means that the remote computer actually becomes a full-fledged host on the network

Examples:

PCAnywhere
LapLink
VNC
Timbuktu
GoToMyPC.com
BackOrifice
SubSeven
NetBus
Terminal services server
Telnet server

Risk to the College and/or general public:

  • If not installed and configured correctly, can provide "backdoors" for unauthorized access to local and network computing facilities.
  • Introduces malicious software such as viruses, trojans, and Internet worms to the College network and other resources.
  • Bugs in the client software can cause systems to crash or conflict with business applications.

Recommendation as to how it should be restricted:

Remote access software is prohibited to be installed and/or used on any computer system connected to the MC networks unless prior approval has been obtained from the Dean or Director of the requestor and the IT Security group. The request must describe the need to perform College-related activities.

Alternatives, if any:

  • None

Links for more information:

http://www.itworld.com/Net/3138/ItW0220pc/page_1.html
http://www.networkcomputing.com/602/602work2.html
http://www.webopedia.com/TERM/R/remote_access.html

TOP

SECURITY & HACKING TOOLS

 

 

 

Security & Hacking Tools- software programs that are used to monitor and test the security of computers and networks. However, these tools are also used to discover vulnerabilities and exploit them.

Examples:

  • Sniffers
  • Port scanners
  • Vulnerability scanners
  • Password crackers
  • Keystroke loggers

Risk to the College and/or general public:

  • Sniffers - Network traffic is considered private.
  • Port scanners - Port scanning of any computer that is not owned by the person doing the scanning is considered to be a hostile act and a precursor to an actual hacking attempt.
  • Vulnerability scanners - Vulnerability scanners identify weaknesses in workstations, servers, and networks that can be exploited.
  • Password crackers - Password crackers circumvent systems, accounts, files, and directories with password protection.
  • Keystroke loggers - Keystroke loggers run in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker.
  • Any deliberate unauthorized use of these types of software will be treated as a violation of the Acceptable Use Policy and will result in disciplinary action.

Recommendation as to how it should be restricted:

Security tools/hacking tools are prohibited to be installed and/or used on any computer system connected to the MC networks unless prior approval has been obtained from the Dean or Director of the requestor and the IT Security group. The request must describe the need to perform College-related activities.

Alternatives, if any:

  • None

Links for more information: 

Port scanners
Vulnerability scanners
http://www.infosecuritymag.com/2002/jul/faster.shtml
Password crackers
http://www.securityfocus.com/infocus/1192
Keystroke logger
http://www.pestpatrol.com/Support/About/About_KeyLoggers.asp

TOP


SPYWARE

Spyware - spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared.

Examples:

Gator
GAIN
SaveNow
Doubleclick
OfferCompanion
New.Net
HotBar


Risk to the College and/or general public:

  • Loss of privacy - collects personal information (web surfing habits, passwords, online shopping information, email addresses) from your workstation uses that information for
  • Pop up or pop under advertising
  • Spam
  • Redirect your homepage
  • Degrade workstation and network performance


Recommendation as to how it should be restricted:

Spyware is prohibited to be installed and/or used on any computer system connected to the MC networks unless prior approval has been obtained from the Dean or Director of the requestor and the IT Security group. The request must describe the need to perform College-related activities.

Alternatives, if any: 

None

Links for more information:

http://www.spywareguide.com/product_list_full.php
http://www.webopedia.com/TERM/s/spyware.html
http://www.spywareinfo.com/articles/spyware/
http://www.weathergraphics.com/text/spyware.htm


TOP