City Currents Article: The ITS Department is on Top of Security (309) Recently, CCSF has been on alert regarding the college's computer security. There was concern that our some of our servers and computers had been compromised, exposing students and staff's information to intruders or viruses. Fortunately, it all turned out to be a false alarm. Following a thorough investigation, we found no serious threats to CCSF's digital Information Systems because both as a department and as individual IT professionals, we've been working on digital security for years so that you won't have to worry about the kinds security breaches suspected at the beginning of Spring 2012 semester. Every organization is vulnerable to cyber‐ attacks, and City College did experience a break in security in February, 2007. However, reflective of our ITS staff's professionalism, we not only recovered from that incident, but built stronger digital security procedures such that we are able to withstand current threats. We want to assure our entire community that each ITS staff member takes security very seriously and works to protect you and your data from the kinds of digital attacks that other organizations have suffered. And, we're not done. We are constantly researching and implementing behind‐the‐scenes security measures to ensure you are protected now and in the future. "The CCSF network is well‐maintained and much cleaner than comparable networks at other organizations," says Sam Bowne, an instructor in CCSF's Computer Networking and Information Technology Department. "No network is completely safe, however, there are far fewer viruses on the CCSF network than on a typical business network. CCSF computers all have enterprise antivirus software installed." So, what can you do if you suspect that your computer has been hacked or is otherwise compromised? Submit a CCSF HelpDesk Request and we'll check it out for you, make any necessary repairs, and/or update your security software. To learn about digital security at CCSF, visit the ITS website at www.ccsf.edu/td.
Blast Email: Rest Assured: The ITS Department is on Top of Security (428) Recently, the broader CCSF community has been on alert regarding the college's computer security. There was concern that our some of our servers and computers had been compromised, exposing students and staff's information to intruders or viruses. Fortunately, it all turned out to be a false alarm. Following a thorough investigation, we found no serious threats to CCSF's digital Information Systems. We discovered that less than 5 computers were attacked by a common computer virus in just one of our computer labs. Immediately upon detection, the threat was addressed and neutralized. No other threats were found. Every organization is vulnerable to cyber‐attacks, and City College did experience a break in security in February, 2007. However, reflective of our ITS staff's professionalism, we not only recovered from that incident, but built stronger digital security procedures such that we are able to withstand current threats. As a collective department and as individual IT professionals, we've been working on digital security for years so that you won't have to worry about the kinds security breaches suspected at the beginning of Spring 2012 semester. We research and stay on top of the latest software developments, including the multiple ways hackers and viruses might infiltrate our networks; We adopt policies and practices and implement strategies that minimize virus and other threats; We constantly update District software to include the most recent protections; and, we design and maintain strict security procedures for our entire network to secure student and staff personal information. Every CCSF computer user can rest easy that we are on the job to protect your digital information. "The CCSF network is well‐maintained and much cleaner than comparable networks at other organizations," says Sam Bowne, an instructor in CCSF's Computer Networking and Information Technology Department. "No network is completely safe, however, there are far fewer viruses on the CCSF network than on a typical business network. CCSF computers all have enterprise antivirus software installed." We want to assure our entire community that each ITS staff member takes security very seriously and works to protect you and your data from the kinds of digital attacks that other organizations have suffered. And, we're not done. We are constantly researching and implementing behind‐the‐scenes security measures to ensure you are protected now and in the future. If you suspect that your computer has been hacked or is otherwise compromised, please submit an online CCSF HelpDesk Request and we'll check the problem out for you, make any necessary repairs, and/or update your security software.
To learn about digital security at CCSF, visit the ITS website at www.ccsf.edu/td.
CTO Blog: Rest Assured: The ITS Department is on Top of Security (382) Recently, the broader CCSF community has been on alert regarding the college's computer security. There was concern that our some of our servers and computers had been compromised, exposing students and staff's information to intruders or viruses. Fortunately, it all turned out to be a false alarm. Following a thorough investigation, we found no serious threats to CCSF's digital Information Systems because both as a department and as individual IT professionals, we've been working on digital security for years so that you won't have to worry about the kinds security breaches suspected at the beginning of Spring 2012 semester. Every organization is vulnerable to cyber‐ attacks, and City College did experience a break in security in February, 2007. However, reflective of our ITS staff's professionalism, we not only recovered from that incident, but built stronger digital security procedures such that we are able to withstand current threats. We research and stay on top of the latest software developments, including the multiple ways hackers and viruses might infiltrate our networks; We adopt policies and practices and implement strategies that minimize virus and other threats; We constantly update District software to include the most recent protections; and, we design and maintain strict security procedures for our entire network to secure student and staff personal information. Every CCSF computer user can rest easy that we are on the job to protect your digital information. "The CCSF network is well‐maintained and much cleaner than comparable networks at other organizations," says Sam Bowne, an instructor in CCSF's Computer Networking and Information Technology Department. "No network is completely safe, however, there are far fewer viruses on the CCSF network than on a typical business network. CCSF computers all have enterprise antivirus software installed." We want to assure our entire community that each ITS staff member takes security very seriously and works to protect you and your data from the kinds of digital attacks that other organizations have suffered. And, we're not done. We are constantly researching and implementing behind‐the‐scenes security measures to ensure you are protected now and in the future. Read more about specific digital safety practices in the Security & Safe Computing article below. Use the form below (or, send an email to td@ccsf.edu) if you have any questions, concerns, requests or suggestions for CCSF's ITS department.
CTO Blog: Security & Safe Computing – It's a Joint Venture (655) It's not unique to CCSF or any particular organization that it's a dangerous digital world out there. ITS works very hard to protect your digital information from being hacked or lost. However, we can't protect you completely without your help. We'll take steps to protect your professional data at CCSF, but security is a joint venture and we need your help to make sure the entire college is a digitally safe place. Here's what ITS does: Test new versions of software for viruses; Update District‐approved software (such as Microsoft Office) on CCSF computers; Include anti‐malware, such as McAfee Enterprise anti‐malware software across all District computers to coordinate and strengthen our efforts to thwart intrusion; Catch and eliminate a great deal (though not all) of spam before it gets to your mailbox; Implement and maintain several firewalls to keep hackers and malware from accessing or subverting your computer and data; Re‐image CCSF computers to wipe them clean of any infections; Build and maintain an intrusion prevention system that monitors and reports unusual activity on our computers; Respond as quickly thoroughly as we possibly can when notified of problems; and, Consult and communicate with CCSF community via TAG, ITPC and other groups to understand and respond to the community's concerns about digital security and safe computing. But, even the best IT efforts are still vulnerable to attacks and hacking if the end‐user (that's you!) doesn't participate. So, to be sure your computer and the District are digitally protected, here's what we need you to do: Be sure that your anti‐virus software is current and working. Hackers and malware creators are a creative bunch that adjust their practices in response to security efforts. If you have an old version of McAfee for example, it may not pick up a more recent version of malware. If you are unsure if you have the most recent version of anti‐malware software installed on your CCSF computer, please can submit a HelpDesk Request and we'll check it, and if necessary update it, for you; Request that CCSF's HelpDesk set your computer to automatically update your computer's operating system (for example, Windows XP, Windows 7, MAC OS, etc). While, we cannot update or service personal computers, we are happy to safely make sure your CCSF computer has the latest versions of District software; Check before you click an unknown link. Chrome, Firefox, Internet Explorer and Safari are internet browsers that all have security options such as maintain your password, blocking known websites that may compromise your data, etc. (Check your particular browser's OPTIONS to learn more);
Use good judgment when opening attachments sent to you via email. If you don't know the sender of the email, be very selective when opening attachments as they often contain hidden malware that could immediately or later attack your operating system and/or access your personal data. Some anti‐virus software, such as McAfee, can check an attachment for malware before you open it; Be cautious about entering personal information on the internet. Most websites have an http:// prefix, which means it is a public website. Secure websites (such as CCSF's Web4) begin with https://, which means that users must have an account or password to access those pages. Be very careful about entering personal data (such as credit card info, social security numbers, addresses, etc.) on non‐secure sites, otherwise someone might be able to "eavesdrop" on your entries; Never share your password with anyone – not even an IT professional. So, what can you do if you suspect that your CCSF computer is infected or is otherwise compromised? Submit a CCSF HelpDesk Request and we'll check it out for you, make any necessary repairs, and/or update your security software. Use the form below (or, send an email to td@ccsf.edu) if you have any questions, concerns, requests or suggestions about digital security and safe computing.
Polls On a Scale of 1 – 10, how safe do you feel using CCSF computers? On a Scale of 1 – 10, how safe do you feel using your home computer? CTO Page: What is one specific thing the ITS Department can do to make you feel digitally secure at CCSF?
Glossary Access: Being able to get to what you need. Data access is being able to get to (usually having permission to use) particular data on a computer. Web access means having a connection to the World Wide Web through an access provider. Adware: Adware is the common name used to describe software that is given to the user with advertisements embedded in the application. Another use of the phrase adware is to describe a form of spyware that collects information about the user in order to display advertisements in the Web browser. Application Blacklisting: A network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities. Application Whitelisting: A computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources. Antivirus Software: A program that searches your hard drive and floppy disks for any known or potential viruses. Cache: A temporary storage area for instructions and data near a computer's central processing unit (CPU), usually implemented in high‐speed memory. It replicates information from main memory or storage in a way that facilitates quicker access, using fewer resources than the original source. Certificate: A Digital Certificate is an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be. Data Breach: An incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. The most common concept of a data breach is an attacker hacking into a network to steal sensitive data. Data Integrity: Refers to the validity of data. There are many ways to minimize these threats to data integrity, such as backing up data regularly; controlling access to data via security mechanisms; designing user interfaces that prevent the input of invalid data; and, using error detection and correction software when transmitting data. Data Key: A variable value that is applied to a string or block of text to encrypt or decrypt it that is used to encrypt or decrypt data only.
Digital Security: Protection of a computer's internet account and stored files from intrusion by an outside user. Digital Signature: A digital signature can prove identity because it is created with the private key portion (which only the key holder should access) of a public/private key pair. Anyone with the sender's published public key can decrypt the signature and, by doing so, receive the assurance that the data must have come from the sender and that the data has not changed (integrity). Encryption & Decryption: The process of systematically encoding (or decoding) streamed data before (or after) transmission so that an unauthorized party cannot decipher it. Firewall: An application or an entire computer that controls access to the network and monitors the flow of network traffic. A firewall can screen and keep out unwanted network traffic and ward off outside intrusion into a private network. Hacking: Unauthorized access to a computer system – essentially, breaking into computer systems. HTTP: Short for HyperText Transfer Protocol, the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. HTTPS: The use of Secure Socket Layer (SSL) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping. Imaging a Computer: A backup process for a computer or virtual machine (VM) that creates a copy of the operating system (OS) and all the data associated with it, including the system state and application configurations. The backup is saved as a single file that is called an image. Internet Browser: An application program (such as Google's Chrome, Apple's Safari, Mozilla's Firefox, and Microsoft's Internet Explorer) that provides a way to look at and interact with information on the World Wide Web. Intruder Detection Prevention: A device or software application that monitors network or system activities for malicious activities or policy violations and produces reports about such activity. ITPC: The Information Technology Policies Committee is the central planning and policy coordination committee, established within the framework of the Collegial Governance System and serving as the focal point for administrative and academic technology issues. Password vs Passphrase: A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an
encoded signature that proves to someone that it was really you who sent a message) or in an encryption or a decryption of a message. Phising: The act of sending an e‐mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e‐mail directs the user to visit a website where they are asked to update personal information, such as passwords and credit card, etc., but the website is bogus. Protected Network: An umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. Unprotected Network: An unprotected network makes it much easier for anyone to access shared files and resources on networked computers and servers as well as obtain log‐in information from Websites and mail accounts. Spam: Unsolicited email – generally considered junk mail. Spyware/Malware: Any technology that aids in gathering information about a person or organization without their knowledge, often in the form of programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing or downloading a new program. TAG: The Technology Advisory Group is made of up chancellor‐appointed members and meets monthly to support the overall goals of ITS, and advise ITS leadership. Virus/Bug: A program or programming code that replicates by being copied or by initiating its copying to another program, computer or document. Viruses can be transmitted as attachments to an e‐mail note or in a downloaded file, or be present on a diskette or CD. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Sources: http://www.gartner.com, http://whatis.techtarget.com, http://www.webopedia.com, http://www.ccsf.edu