Thank you for completing Stanford's Information Security Awareness Training. Below are links to all the material mentioned in the video. If you're just looking to click like crazy, the links are summarized in the sidebar. We also encourage you to explore the rest of the Secure Computing site.
WE WANT YOUR FEEDBACK
You can help us improve our awareness training by taking a very short survey. No tricky questions - we just want your opinion.
Protecting Your Computer
The function of a network firewall is to only allow connections from specific places or for specific services and to block all other network traffic. For most people, it's best to let the firewall block all incoming connections. This doesn't affect your ability to use the web, email, or other common services, but it makes your computer invisible to attackers scanning the Internet for potential victims.
- Residential Firewall Service for student residences
- Departmental Firewall Service for other locations on campus
BigFix automatic updates
BigFix is a patch management system that keeps track of software updates that are available for your computer and can deliver those updates when necessary. This includes operating system updates as well as updates to popular third-party software such as Adobe Reader, Flash Player, and Java. You can also use BigFix to help Stanford stay green by participating in the Power Management program.
Anti-virus software is one of the most basic precautions you can take to protect your computer. It finds programs that are known to be malicious and stops them from taking control of your computer. There are over 100,000,000 different kinds of malware out there, and more appear every day. While no anti-virus product can stop every virus, you are many orders of magnitude safer with anti-virus than without it. Stanford provides Sophos Anti-Virus for all Stanford users.
Protecting Your Credentials
Passwords are only effective if they are kept secret, and there are two main ways that attackers try to learn that secret: guessing and eavesdropping. Your best defense against guessing is to make your password longer. See the SUNet ID Passwords page for tips on how to pick a strong password, and make it as long as you can reliably remember.
Of course, the complexity of your password is irrelevant if someone is watching your keyboard as you type it in. Many account compromises occur because the account owner was using a public terminal that had keystroke-sniffing software installed, or because their own computer was compromised and was recording their keystrokes to send to an attacker.
If you would like to take an extra precaution against eavesdropping, you can enable Two-Step Authentication. With Two-Step enabled, you will sometimes be asked for a short authentication code in addition to your SUNet ID password. Each code is only good once, so it's useless to an eavesdropper after you've typed it in.
Caution for Travelers
A large number of account compromises appear to originate overseas. If you plan to use Stanford services or devices while traveling internationally, please see our Guidelines for International Travel.
Stanford's official policies governing the administrative aspects of the University are contained in the Administrative Guide. The Computing and Network Usage Policy is Guide Memo 6.2.1, and the other policies related directly to computing make up the rest of Chapter 6 of the Guide.
Stanford University Libraries maintains a site containing guidance on copyright laws and regulations. This includes information on basic copyright principles as they relate to academic activity as well as specific information on peer-to-peer file sharing.
As an educational research institution, Stanford is overflowing with information. Much of that information is public, but some of it needs special protection because of its inherent value to the University or because of specific laws and regulations that apply to it.
Stanford has a data classification guide that separates data into different levels of sensitivity and specifies the protection that each category requires.
Computing Device Protection
If you are handling highly sensitive data for the University, your computing devices will have to be specifically configured to protect that data. Desktop and laptop computers can take advantage of Stanford's Whole Disk Encryption service, while iPads and iPhones can use Stanford's Mobile Device Management service. (Protection for Android devices is planned for a future release.)
We encourage everyone with a supported mobile device to enroll it in Mobile Device Management as it has additional privacy and usability benefits.
More on Secure Computing
There's a lot to know about information security. You can find more Stanford-specific links at the Secure Computing home page.