ITS Security

Security Awareness

 

Information Security is a very important issue at UMSL. It is important that all faculty and staff understand about Information Security and how it effects their jobs. We have a team of ITS staff members that are more than willing to discuss these issues with you and your department. If you would like to schedule a meeting with us, email us at CSIRT@UMSL.EDU.

Some Security Related Facts

  1. An Initial Installation Of Windows XP Can Be Infected In 20 Minutes.
  2. The "Code Red" Worm Infected Over 2000 New Computers Every Minute.
  3. The "Slammer" Worm Spread To All Vulnerable Machines In Less Than Ten Minutes.
  4. Over 4% Of Non-Spam Email Coming To UMSL Carry A Virus
  5. TSC Staff Spend An Average Of 4-5 Hours To Clean A Virus Or Spyware Infected PC
  6. It Can Require Hundreds Of Person-Hours To Recover From A Campus-Wide Virus
  7. In The Last 2 Months, UMSL Anti-Virus Software Has Caught 65 Different Viruses And Worms Which Attacked 244 Computers
  8. Compromised Computers Can Be Rendered Unusable
  9. ITS Puts Many Resources Into Blocking These Attacks Before They Reach Campus Computers

Below are some ways to combat these threats.

Use A Strong Password And DO NOT Share It

Here are some possible acceptable passwords.

  1. shortpass : Apple11
  2. medpass : Yello_Bee!
  3. longpass : This!slongpass1
  4. long2pass : Another,long pass

How long it takes to crack these passwords.

  1. shortpass : Apple11
    • trivial, < 5 min dictionary attack, half of LM is blank
  2. medpass : Yello_Bee!
    • easy, ~2 days brute force, broken into two 7 character LM's
  3. longpass : This!slongpass1
    • difficult, ~5e12 years brute force, no LM hash

Run Up To Date Anti-spyware Software

  1. We Use Symantec Anti-virus.
  2. It Should Be Installed On All Computers On Campus.
  3. A free AntiVirus product can be downloaded for personal use at http://www.microsoft.com/Security_Essentials/

Regularly Patch Your Computer

  1. Click On the WU Shield Icon In Your System Tray To Setup
  2. Click For More Options
  3. Select "Automatic" And Choose A Time Every Day To Have Updates Installed For You

Learn to recognize Phishing & Social Engineering scams

Social Engineering Defined

Phishing Defined:

You will often receive emails from places claiming to be your bank or credit card company. They want you to go to a specific site and enter your personal information. DO NOT DO IT! If you suspect that it is real. Type in real address of your bank or the company and go into the site the real way. If you suspect a phishing scam, please email it it to abuse@umsl.edu