Case Cyber Security
Awareness: 2008-2009
Overview
Case announces National Cyber Security Awareness
Month starting October 1, 2008, with a focus on the topic of
Password Use and Controls.
New Password Policy
Case Western Reserve University announces the
kickoff of a new
password management policy for all Case users. This
policy was developed over the past year and aligns the security
controls required for account access to Tier
II and Tier III systems
Coupled with the transition to the new Student
Information System,
the university risk environment has changed as all facutly and students
are accessing the web-based application with userID and password
authentication. Case has designated the Student Information
System as
a Tier II system.
Many staff who have access to Tier
III information systems have already come under the provisions of
the new global password management policy.
What Is Changing?
The big difference in the password management
policy is the new maximum age of a password.
For most faculty, students, and staff,
the maximum age will be 365 days (1 year).
For some staff and faculty, departmental
requirements will apply and passwords will have to be changed at least
every 180 days.
The current complexity and minimum age
requirements will remain the same.
Key Steps to know in making
password changes
Use the password change tools referenced at the Case Password site.
Use a password management tool for various passwords. Case
recommends PasswordSafe.
A short video
tutorial is available from the Information Security Office.
The Case Help Desk has guides for changing
embedded passwords in applications such as a mail client (mailApp,
Thunderbird, etc.), the
Oracle Calendar (Corporate Time), and in handheld devices such as a
Palm Treo, Blackberry, WindowsMobile, or iPhone.
So
you want to be secure at Case? These general password
related security tips will get you started.
Memorable
Use a password that is personally memorable, but not simple. This will
make it easier for you to recall so there will be no temptation to
write it down. CERT has guide on
selecting a good password.
Password
Keyring
Have too many passwords to remember? A program such as PasswordSafe
is a good way to keep them organized.
PasswordSafe will also let you generate new passwords when you need to
change them.
Browse
Safe
In Windows, consider using the Mozilla Firefox web
browser. It is more secure than Internet Explorer and can be
configured with additional plugins to improve your web
experience. More in-depth information can be found on the Safe
Browsing Guidelines page. Google also has a Safe Browsing
Toolbar for Firefox.
Encrypt
Sensitive Info
Chances are you've got plenty of personal information you don't want
the whole world to know, and occasionally you even send it via
email. An email is about as private as a postcard. In
other words, if you don't want to tell everyone, don't just email it! GnuPG will allow you to encrypt
email and files on your hard drive; check out the tutorials to set up
and use it here.
Don't
Get Hooked!
A phish is an email that looks legitimate and asks for your username
and password for some website. Don't give out your
information to one of
these emails! Case or any other institution you're a
member of will never ask you for your
information via email. When in doubt, delete the email or forward it
with full headers to CastleCops PIRT (pirt@castlecops.com).
Case Paranoid Geeks
Be a real geek and play the ISS Security Game.
|
