Computer Security for Student Affairs
End Users

Computer security is defined as the protection of electronic data and computer hardware from theft, loss, or corruption.
End users are the first line of defense against individuals who try to gain unauthorized access to computer systems for the purpose of stealing and corrupting data. These individuals pose a real threat to the SDSU campus because they are constantly looking for vulnerable systems that they can exploit.

Computer files, electronic mail and accounts are not private in an absolute sense. Any unencrypted information that is sent over the network can be captured and read.

The following information and tools are provided in order to help Student Affairs protect its computing assets, while supporting the Division's relatively open access requirements.

Passwords
Anti-Malware Information
Social Engineering
Other Security Issues
SDSU Computing Policies

Passwords

A strong password is the best defense against someone breaking into your computer and destroying, modifying, or stealing data.

  • Do not write your password on a Post-It note and leave it near your PC!
  • Passwords should be easy to remember, but difficult for others to guess. 
  • Never use names, birthdays, pets' names, social security numbers, or any word that can be found in a dictionary in any language.
  • Never share your password with anyone. 
  • If any user needs access to a computer, the system administrator will explicitly grant him or her access through the creation of a new user account.
  • Never write down your passwords.
  • Use acronyms or two short words separated by a number to create passwords that can be easily remembered.

Here are additional guidelines for choosing a good password.

Anti-Malware Information

  • Avoid opening files attached to email unless you know their source or requested the file.
  • Don't run files directly from the Internet (it's safer to save them to disk first and then run them).
  • You can check the validity of a malware at the McAfee site.
  • The latest version of anti-malware software can be downloaded from EDORAS.
  • Malware protection (DAT) files should be scheduled to update daily.

Social Engineering

Social engineering is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people to circumvent normal security procedures.  Two of the most common social engineering attacks involve the impersonation of help desk personnel and the impersonation of legitimate company personnel via email.  Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques.

There are several signs of social engineering attacks that recognize: refusal to give contact information, rushing, name-dropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information

Other Security Issues

  • Do not open an attachment unless you know it is safe.
  • Password protected screen savers should be used on computers with access to sensitive information.  The screen saver should be configured to activate after 5 minutes or less.
  • Always lock your computer when you leave your desk, by clicking Ctrl-Alt-Delete/Lock Computer

Campus Computing Policies