ISS Information Systems Services - Security and AntiVirus

Security and Malware

In order to mitigate the number of potential problems in dealing with computer security, DCU have drafted an ICT Policy, which we would ask all users to familiarise themselves with.

This section provides guidance and advice on how best to ensure compliance with this security policy, in order to minimise disruption to college services due to viruses, malware, spam and phishing attacks.

We encourage all staff and students to farmiliarise themselves with these policies. Click on the relevant links below to learn more:

 

Security and Malware

 Malware Information 
Malware Information

Short for "malicious software," malware refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, trojan horses, and spyware. Viruses, for example, can cause havoc on a computer's hard drive by deleting files or directory information. Spyware can gather data from a user's system without the user knowing it. This can include anything from the Web pages a user visits to personal information, such as credit card numbers.

As Malware can have potentially devastating effects, it is vital that all computer users be aware of this an implement best practices to avoid infection. Malware also possess the ability to propagate so that once they infect your computer they may be able to send themselves to every email address in your address book, clogging up the College email server. Malware may also propagate via shared folders on the College network disrupting various network facilities.

College Policy on Malware Management

College Policy states that Information Systems Services and users are equally obliged to exercise due care and vigilance in combating Malware. It is in the interests of all users to protect the information on their computers as some Malware can do irreversible damage such as deleting your files.

 Security 
Security

DCU has published ICT Policies and Guidelines which all university users are obliged to adhere to.

Click here to view ICT Policies and Guidelines 

This document outlines University Policy as well as advice on practical ways that all members of the university can help to protect the confidentiality, availability and integrity of university information technology resources.

IT Security Incidents are reported every year the most numerous of those being malware related attacks and all users of the university network have a responsibility to ensure that they have taken all possible steps to avoid infection by malware, whether they are using university owned or privately owned machines.

 ISS Services Anti-malware Procedures 
ISS Services Anti-malware Procedures
Email

Information Systems Services have invested in a comprehensive anti-malware scanning systems to ensure that all email entering and leaving college is scanned for known viruses and infected emails are quarantined or deleted where appropriate. Additionally some file extensions which are known to be associated with viruses are blocked by the College Mail system.

Computers

College has a site licence for the installation of anti-malware software on all computers on the network, either college or privately owned. All computers attached to the college network are obliged to run up-to-date anti-malware software. Information Systems Services constantly monitor the college network for evidence of virus infections. Where a computer is identified as having a virus which may spread to other computers on the network, Information Systems Services may disable the computers network connection. Users who suspect that their network point has been disabled for this reason should contact the ISS Service Desk (5007). Once IS Services support staff have confirmed that the machine is clear of infection the computers network connection will be enabled again.

User Responsibilities

All users should install Anti-malware software and follow the instructions to ensure that their computer is protected from viruses. Please contact ISS Service Desk if you have any questions.

 McAfee VirusScan 
McAfee VirusScan

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware. It reduces the cost of managing outbreak responses, stops zero-day threats, and mitigates the window of vulnerability—the time between the discovery of a vulnerability and when fixes are deployed

A site license for McAfee is available to all DCU staff, please visit DCU Anti Virus.

 
 Encryption Overview 
What is Encryption?

Encryption is the process of converting data into a cipher or code in order to prevent unauthorised access. On Campus DCU use McAfee Endpoint Encryption which offers multiple layers of protection that address specific areas of risk. Encryption can be extended not just to PCs, laptops, but also to network files and folders, mobile devices, removable media, and portable storage devices.

McAfee Encryption Service FAQ

If you have any queries regarding the Mcafee Encryption Service you can submit a ticket to the ISS Service Desk. All the General Requirements, Application Processes, Support and FAQ can be found here:

DCU Encryption Service - FAQ (PDF)

DCU Data Classification Guidelines

A combination of data confidentiality, integrity and availability. Whether a set of data is LOW, MEDIUM, HIGH, or of VERY HIGH impact will inform the data classification and whether or not the data set should be considered sensitive data. To decide on the level of impact please refer to Dcu's Data Classification policy:

DCU Data Classification Policy (PDF)

DCU Data Handling Guidelines

These guidelines are to provide guidance to data custodians as to how they may protect data classified under the headings defined in the Data Classification policy. These guidelines are considered best practice for the protection of that data which can be found on the following website also:

DCU Data Handling Guidelines (PDF)

 
 Encryption (Phones) 
Encryption (Phones)

The vast majority of smart phones can connect to the DCU apps via the mobile apps (e.g. Email, Calendar, Docs) but some may not meet the criteria. If your phone model is unable to meet the required standard, you can still connect to DCU Apps through your mobile's browser (go to http://apps.dcu.ie). Please note: Windows 7 phones can not meet the encryption requirements to connect to DCU Apps.

Please note

ISS are not responsible for issues that might occur when configuring or encrypting personal devices and will only use the wipe functionality once we are requested to by the staff member

Staff Android:
Staff iPhone:
 Encryption (Documents for Email) 
Encryption (Documents for Email)

Unencrypted email is not a secure way to transfer sensitive information regardless of the email solution or where that email solution may be hosted (either 'in the cloud' or 'on premises'). DCU's email solution, provided by Google, is not encrypted. Therefore, in common with most commercial email solutions, all data in an unencrypted email can be intercepted as it is sent over the internet.

ISS does not support encryption solutions that encrypt the data held in the header or body of emails as we do not feel that such solutions strike the appropriate security/usability balance for DCU. ISS will continue to monitor all developments within this area and welcomes suggestions and feedback from the DCU community in this regard.

ISS does support the encryption of attachments and we have outlined instructions on how to do this below. If you choose to encrypt attachments please pay particular attention to not including sensitive information in the body of your email.

Never share the encryption password by email even to a different email address. We suggest that you share the password by telephone, in person or by SMS. Please note that ISS will not have access or the ability to retrieve or reset the password you create. You should give consideration to backing up the data you propose to encrypt.

If encrypting attachments by any of the means proposed below is not an option for you, please speak to us and we will be happy to help.

We offer two supported options for encrypting attachments:

Compressing the files using '7-Zip' software and encrypting the compressed file. This is possible by using the in-built features of Microsoft Office 2010 and above, available to download from DCU Software Centre.

This article explains how to encrypt and add a password to files in Microsoft Office 2016. This option will not appear in any version older than Office 2016.

The process is consistent across the Microsoft Office suite of products (MS Word 2016, MS Excel 2016, MS PowerPoint 2016 etc.).

How to Encrypt Documents using Microsoft Office 2016 (PDF)

'7-Zip' Compression Software

7z is an archive format, providing high compression ratio. 7-Zip supports encryption with AES-256 algorithm.

The software is available for free download from www.7-zip.org/download.html

How to Encrypt a Zip File using 7-Zip (PDF)

Please remember:Never email the encryption password.

If you forget your password, ISS can neither reset your password nor recover your files.

 Password Policies 

This Policy has been compiled to define the base level Password requirements for use within Dublin City University (DCU). The policy demonstrates DCU’s commitment to information security and its proactive approach for addressing risks within the campus.

DCU Password Policy

 Password Change 
EasyPass

EasyPass is a safe, secure and convenient way for you to reset or change your DCU password and to unlock your DCU account independently of ISS.

 

To enjoy all the benefits of EasyPass:
    • Please visit easypass.dcu.ie
    • Log in with your DCU user name and password.
    • Register an alternate non DCU email address.
    • This email will be used in the process to unlock your account and to change your password.

 

 

Benefits:
    • Enhancing passwords with passphrases.
    • Reset your passphrase from anywhere, at any time.
    • Never be locked out of your DCU account again.
    • Convenient mobile app.

 

 

Advice on the creation of a new passphrase:
    • Minimum length should be at least 14 characters.
    • Must contain both upper and lowercase characters.
    • Must not be a palindrome.
    • Must not contain any character more than twice consecutively.
    • Must not have 5 consecutive characters from username.

 

Please visit our password information web page for more detailed advice on the creation of a new passphrase.

Not Affected Affected
    • ITS
    • Core Supervisor
    • Cardax
    • Laptop Encryption
    • DCU Network Login
    • DCU Windows PC Login
    • Email - DCU Apps
    • DCU Apps (Calendar, Documents, Sites)
    • RSS
    • Core
    • Secure Web Pages (Portal, Moodle)
    • Agresso
 Online Safety Checklist 
Online Safety Checklist
  • Don't fall victim of a scam by responding to unexpected emails or text messages and don't click on any links or attachments within them.
  • Make sure that your computer's firewall is active and up to date.
  • Regularly check that your computer's operating system and software is up to date.
  • Always, choose a password and secret answer that you will remember, but will not be easily guessed by anyone else.
  • Secure sites have addresses that start with 'https' and a small padlock icon that appears in the status bar at the bottom of your browser window.
  • When you visit any of our websites type the URL address into your browser. This will ensure you go to the correct site and not a spoof or fraudulent site.
 Online fraud and phishing 
Online fraud and phishing

There has been a steady rise in the volume of phishing attempts, which use fraudulent emails and websites to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, etc. Such attempts are increasingly professional and both the email and website may look entirely genuine, mimicking the trusted brand identity of the organisation involved. Banks, credit card agencies and online services such as AIB, Bank of Ireland, eBay, and Paypal have been targeted.

To protect yourself
  • Do not give out personal information in response to an unsolicited contact, whether by phone, e-mail or other medium
  • Note that responsible organisations will never request such information by email
  • You must be very careful when asked to give out security information such as a password, pin number or security code and be particularly suspicious if too much is asked for: increasingly banks only ask for partial information for example the third, fifth and first digit of a pin
  • Do not be too reassured by the locked padlock icon on your browser: it simply means that the internet transaction is encrypted (and so very difficult to intercept) - not that it is going to the genuine site
  • Although online fraud is increasing, be aware that most credit card fraud is still in restaurants: do not let your card out of your sight
  • Note also that there is a rise in fraud through monitoring personal information at cash machines - do not use a cash machine if you see anything strange about it, there have been incidents where miniature cameras have been used to record pin numbers, while a realistic false front has been installed to record (or "skim") card details
  • Be sure you are going to the correct site by typing the address yourself or by using your own personal bookmark
  • You are recommended to delete the fraudulent message, though if you are particularly concerned, do feel free to report the matter, but do not attempt to engage in correspondence with the sender
  • If an offer seems too good to be true, then it probably is not true, particularly if it is the promise of money from a lottery you have not entered or money for handling a large sum for somebody you have never met
Phishing

Phishing is a fraudulent activity designed to trick you in to giving out your login details. Fraudsters can then use this information to log in to your account and steal information

Identifying a phishing email
  • Be suspicious of any requests for personal or financial information.  We will never ask you to confirm your bank details or login information by email.
  • 'Dear Student' - phishing emails are usually sent out in bulk and therefore are unlikely to contain your first name or surname
  • Check the quality of the communication.  Misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing.
  • 'Failure to respond in 24 hours will result in your account being closed' these types of messages are designed to convey a sense of urgency to prompt a quick response.
Protect your computer

Any computer connected to the internet is vulnerable to malware; viruses, trojans or spyware.

Viruses and Trojans
  • Viruses are harmful programs that disturb the way computers work. They come in many forms and can be attached to emails, disguised as innocent looking programs and documents, or spread by infected websites.
  • Viruses will try to either collect information about you and send it on to an unauthorised third party or damage your computer by removing important files or altering data.
  • Trojans can detect passwords when you log into a website and credit card details when you shop online. Some advanced Trojans can direct you to fake pages or a spoofed website, tricking you into disclosing sensitive information.
  • If your computer is affected by malware your personal and financial information could be easily compromised. There are a number of steps you can take to ensure that the information on your computer is safe.
Install anti-malware software
  • Good anti-malware software will scan your incoming emails, the websites you visit and files you open, for known viruses.
  • New viruses are discovered daily, so it is important that you set your anti-malware software to update at least every 2 or 3 days.
Turn on your Firewall
  • A firewall is an essential barrier between your computer and the internet, preventing anyone connecting to your computer without your permission. Most computers have inbuilt firewalls that will alert you if they are not turned on. There are other firewall products that can be downloaded and some will come as part of an antivirus package.
  • Make sure your computer has a firewall installed and that it is always turned on.
Keep your operating system up to date
  • Malware can be made to target security loopholes and flaws in your operating system and the software it runs.
  • Most operating systems and software have an option to automatically check for updates when you connect to the internet; make sure this is turned on.
  • Other software you use can be updated by checking the manufacturer's website.
 Protect your wireless network 
Protect your wireless network

The wireless router which is used to connect your computer to the internet is the most common device that can be targeted by hackers to steal personal information from your computer. We don't advise using Wi-Fi hot spots to access your account. If you use a Wi-Fi network at home, make sure that it is secure.

Keep your mobile device up to date

If you are accessing your account using a smartphone or tablet device, always make sure that your device's firmware, operating system and apps are up to date.

Passwords
Tips for choosing a password
  • Don't use something that people can easily guess about you eg. your name, date of birth, or the town you are from
  • Always use a mixture of characters; letters and numbers
  • Don't use the same password for different accounts
  • Change your password regularly
Protect your identity
  • Destroy all unwanted paperwork
  • Keep valuable documents in a secure place
  • Don't fall victim of a scam by responding to unexpected emails or text messages and don't click on any links or attachments within them
 Website security 
Website security
  • When you log in your online account is protected by a secure encryption to keep your information safe. Our secure sites have addresses that start with 'https' and a small padlock icon in the status bar at the bottom of your browser window.
  • Double click the padlock symbol to view information confirming that the site is genuine.
  • Always log out of our site when you have finished using it, and close the browser window. This ensures that your user session is closed properly.
  • We recommend that when you visit any of our websites that you type the URL address into your browser. This ensures you are going to the correct site and not a spoof or fraudulent site.
 Social networking 
Social networking

The nature of social networking sites such as Facebook and twitter can create security risks. It is important to remain cautious when using them.

  • Always create strong passwords for online accounts and update them regularly on social media sites. Longer passwords (8-10 characters) that contain letters, numbers, and symbols are more secure. Avoid using the same password for multiple social media sites.
  • Be cautious of the information you post publicly such as your Customer Reference Number, address or date of birth. Use the site's privacy settings to limit who can see your personal information and posts.
  • Be careful who you befriend. You put yourself at risk by not taking the time to filter who you accept into your inner circle. Friend requests can be used by social bots to hack your network and by phishers trying to steal your personal information.
  • Stay up to date with changes to your social network's settings as small changes can cause big problems. If a site decides to changes it's privacy settings or policy this could leave your personal details more publicly available than they had been previously.
  • Review your social media profiles. Always consider how others may view the information you provide about yourself, your family and your friends and remember that social media sites are public resources.
  • Don't fall victim of a scam by responding to unexpected emails or text messages and don't click on any links or attachments within them.
  • Make sure that your computer's firewall is active and up to date.
  • Regularly check that your computer's operating system and software is up to date.
  • Always, choose a password and secret answer that you will remember, but will not be easily guessed by anyone else.
  • Secure sites have addresses that start with 'https' and a small padlock icon that appears in the status bar at the bottom of your browser window.
  • When you visit any of our websites type the URL address into your browser. This will ensure you go to the correct site and not a spoof or fraudulent site.
 ICT Policies 
ICT Policies

The University provides ICT systems and services to support students and staff in fulfilling the requirements of their course, research or role.  All users of ICT systems or services provided by the University should be familiar with and abide by the following policies:

Click here to view ICT Policies and Guidelines