search the site
- Computer & Network Security FAQs
- Password FAQs
- ITS Computer Security Alerts
- ITS Computer Security News
did you know?
Electronic attacks are performed on networks around the world on a daily basis, creating a high risk
that your computer will be broken into if you do not take specific precautions. Please take the following
steps to protect your computer and those of others who use NYU-NET. Every computer accessing NYU's network and data, including laptops and home computers, should comply with the Basic System Security Standard.
Basic System Security Standard
- Set an Administrator Password
- Download and Install All Security Updates
- Install and Run Antivirus & Anti-Spyware Software
- Activate Built-In Firewalls
Additional Security Controls
- Restrict Sharing
- Do Not Open or Reply to Suspicious E-mails
- Create Back Up Copies of Your Important Files
- Turn Your Computer OFF When Not in Use
- Review the ITS Policies
- Securely Dispose of Data
1. Set an Administrator Password
The first, and probably most important, precaution you can take is to set an administrator password on your computer. If you don't, your computer may be vulnerable to multiple worms and viruses that can exploit this single vulnerability.
If you are using a Windows XP or Mac OS X 10.5 or higher, set an administrator password, and reset it at least once every six months:
||Mac OS X 10.5 or higher
Windows Vista and 7: The Administrator account is disabled by default. No password activation is required.
For tips on creating a secure password, see the Security Tips section. As a general rule, you should use strong passwords to protect all of your online accounts, and be sure not to share them with anyone.
2. Download and Install All Security Updates
To download security updates, establish an Internet connection and follow the instructions for your computer's operating system below.
||Mac OS X 10.5 or higher
Application Security Updates
You should also make sure to apply security updates to all your third-party software. This software can include, but is not limited to:
In general, updates for third-party applications may not download and install automatically. You should consult the application provider's website for instructions on how to download and install security updates.
3. Install and Run Antivirus & Anti-Spyware Software
A key layer of protection for your computer is antivirus and anti-spyware software. You can download a free copy of Symantec Antivirus (for Windows and Mac) from the ITS-Licensed Software page (NetID and password login will be required).
You should also install "anti-spyware" software which can defend against malicious spyware. Spyware is software that tracks your computer activity, collects your personal information, and degrades your system's performance. To download a free copy of Microsoft Windows Defender anti-spyware for Windows XP or Vista, visit Windows Defender.
Note: Windows Vista computers come pre-installed with Windows Defender. To find out if you have Defender installed and enabled, visit Windows Defender and click on "How do I get Defender?"
If you do not wish to install Windows Defender and would prefer an alternative anti-spyware application, you may download and install Ad-Aware Free from the Lavasoft website. Please note that running two anti-spyware applications concurrently may have adverse effects your computer's performance.
Once you have installed these software, be sure to update each with the latest definitions immediately, then run a full system scan.
4. Activate Built-In Firewalls
A personal firewall is a software program that creates a protective barrier between your computer and the Internet. It blocks unauthorized or potentially dangerous communications from reaching your computer. A firewall also ensures that unauthorized people can't access your computer when you're connected to the Internet.
Most operating systems already come with a built-in firewall, such as Windows XP, Vista, and 7 and Mac OS X. To activate your computer's firewall, follow these instructions below.
||Mac OS X 10.5 or higher
Note: Mac OS X 10.5 firewall is OFF by default. It is imperative that you enable the firewall upon purchasing a new Mac or if you've recently reinstalled Mac OS X 10.5.
Third-party firewall software is also available from the NYU Computer Store and at most commercial computer stores.
5. Restrict Sharing
Your computer may be set up to allow other computers on the Internet to access your computer in order to share files. Unfortunately, this type of sharing capability can be used by others to infect your computer with a virus or to look at your personal files.
If you do share files, don't set your computer up to act as a server, and be sure to respect copyright laws. For information about file sharing applications and the rules governing their use at NYU, see www.nyu.edu/its/p2p/. To disable file sharing, follow the steps for your operating system below:
||Mac OS X 10.5 or higher
6. Do Not Open or Reply to Suspicious E-mails
As a general rule, if you don't know the person who has sent you an e-mail, you should simply delete the entire message without opening it. If you do know the person sending you the e-mail but the message contains an unexpected attachment or web link, you should check with them before opening the file or clicking on the URL. Remember that many computer viruses use fake "From:" addresses. It's easier to ask someone to resend a message to you than it is to clean a virus off of your computer!
In order to reduce the likelihood of falling victim to malicious e-mails, be aware of the following security threats:
- E-mail attachments from untrusted, suspicious, or unexpected sources: Opening malicious e-mail attachments will often result in a computer compromise. Once infected, the computer may send the same malicious message to other recipients in your address book, provide the attacker remote access to your computer, or use your computer to attack other systems.
- Requests for your NYU password or other personal info: If a message purports to be from NYU, ITS, or any other organization affiliated with NYU requesting your personal information such as name, date of birth, password, etc., it is almost certainly a phishing message. Do not reply to the message. ITS will never request your password information.
- Pushy or Account Closure Warning messages: If a message informs you of an impending account closure or similar action unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.
- Spam: You can help train our spam filtering software in one of two ways. If you are using the web interface, follow these instructions. If you are using a desktop client, forward all spam e-mail messages as attachments to email@example.com. (In order for the training to work, spam e-mails must be forwarded as attachments, not as inline text.)
- Phishing Messages: Forward all phishing messages as attachments to firstname.lastname@example.org.
- Malicious HTML code: Spam and phishing messages tend to contain HTML code intended to fool the recipient into believing the message is legitimate or to conceal the real destination of embedded URLs. Set your local e-mail client to render e-mails as plain text only to remove the HTML code and reduce the likelihood of clicking on a suspicious link.
7. Create Back-Up Copies of Your Important Files
Preserve your important files and the time it took you to create them by saving back up copies on a weekly basis. Files 2.0 provides 50MB of file storage, allowing you to save whenever and wherever you need to, or you can back up data to external hard drives or CDs. It's also a good idea to keep your original operating system and software start-up disks on hand in case your computer files get damaged.
8. Turn Off Your Computer When You're Not Using It
Turning off your computer when you don't need to use it lessens the chance that someone will be able to break into your computer and infect it with a virus or use it to harm someone else's computer.
9. Review the ITS Policies
Access to the Internet and NYU-NET is made available to the NYU community as part of the educational computing and networking resources of the University. Such resources and use of NYU's network are privileges and must be exercised in conformity with all applicable NYU policies and guidelines (available at www.nyu.edu/its/policies) and all applicable federal and state laws. Failure to abide by these policies can result in suspension of network privileges and referral of the matter to the appropriate disciplinary process.
10. Securely Dispose of Data
When you wish to dispose of a computer (desktop, laptop, or server), you must first remove all the data (sensitive or otherwise) that is on it. The easiest and most secure way to remove the data is to use a "wiping" program that not only deletes the data, but also overwrites each sector with garbage data multiple times. For more information on secure data disposal, visit the Computer Disposal Guidelines webpage.
Page last reviewed: April 27, 2012