CASE.EDU:    HOME | DIRECTORIES | SEARCH
case western reserve university

INFORMATION SECURITY

 
 

QUICK LINKS:

2006 Awareness Posters/Info

attachments!

hook, line, and sinquer

get the poster

passwords

Case Cyber Security Awareness: 2008-2009

staysafeonline
Overview

Case announces National Cyber Security Awareness Month starting October 1, 2008, with a focus on the topic of

Password Use and  Controls

New Password Policy

Case Western Reserve University announces the kickoff of a new password management policy for all Case users.  This policy was developed over the past year and aligns the security controls required for account access to Tier II and Tier III systems

Coupled with the transition to the new Student Information System, the university risk environment has changed as all facutly and students are accessing the web-based application with userID and password authentication.  Case has designated the Student Information System as a Tier II system.

Many staff who have access to  Tier III information systems have already come under the provisions of the new global password management policy.

change often


What Is Changing?

The big difference in the password management policy is the new maximum age of a password. 

For most faculty, students, and staff, the maximum age will be 365 days (1 year).

For some staff and faculty, departmental requirements will apply and passwords will have to be changed at least every 180 days.

The current complexity and minimum age requirements will remain the same.

Key Steps to know in making password changes


Use the password change tools referenced at the Case Password site.

Use a password management tool for various passwords.  Case recommends PasswordSafe. A short video tutorial is available from the Information Security Office.

The Case Help Desk has guides for changing embedded passwords in applications such as a mail client (mailApp, Thunderbird, etc.), the Oracle Calendar (Corporate Time), and in handheld devices such as a Palm Treo, Blackberry, WindowsMobile, or iPhone.



So you want to be secure at Case? These general password related security tips will get you started.


Memorable
Use a password that is personally memorable, but not simple. This will make it easier for you to recall so there will be no temptation to write it down.  CERT has guide on selecting a good password.

Password Keyring
Have too many passwords to remember? A program such as PasswordSafe is a good way to keep them organized. PasswordSafe will also let you generate new passwords when you need to change them.

Browse Safe
In Windows, consider using the Mozilla Firefox web browser. It is more secure than Internet Explorer and can be configured with additional plugins to improve your web experience. More in-depth information can be found on the Safe Browsing Guidelines page.  Google also has a Safe Browsing Toolbar for Firefox.

Encrypt Sensitive Info
Chances are you've got plenty of personal information you don't want the whole world to know, and occasionally you even send it via email.  An email is about as private as a postcard. In other words, if you don't want to tell everyone, don't just email it! GnuPG will allow you to encrypt email and files on your hard drive; check out the tutorials to set up and use it here.

Don't Get Hooked!
A phish is an email that looks legitimate and asks for your username and password for some website.  Don't give out your information to one of these emails! Case or any other institution you're a member of will never
ask you for your information via email. When in doubt, delete the email or forward it with full headers to CastleCops PIRT (pirt@castlecops.com).



Case Paranoid Geeks
Be a real geek and play the ISS Security Game.