Network safety

In recent months, unaware Information Technology customers may have violated responsible use policies at the University of Houston. Violations often involve the use of peer-to-peer networking software, such as Morpheus, Audiogalaxy or Gnutella, which arose in the wake of the Napster controversy. While most were simply uninformed about involved risks or etiquette, they made themselves vulnerable to attack by inviting unauthorized access to UH systems. Violations like these soften security measures and make it easier for malicious hackers to break into university computers. It is the responsibility of every customer to be familiar with responsible use policies. The penalties for abuse vary from disconnection to termination, or even legal action. Practicing good network safety is easy and makes both UH and Internet services faster and more reliable for everyone.
Most importantly customers should:
Avoid applications that use excessive bandwidth. Downloading or uploading a large amount of information is what the network is designed to allow. However, overuse of this ability can have a negative impact on other network customers. Customers should attempt to limit, or cap, the data sent and received by an application on the network. IT Security monitors network traffic and, if excessive traffic is detected, customers may be disconnected from the network without warning.
Keep software updated.
Mac OS 9
From the Apple Menu, select "Control Panel"
Select "Software Update"
Check the box next to "Update Software Automatically"
If the default time is during your workday, select "Schedule" and modify to a time on the weekends or a more convenient time. Mac OS X
Open System Preferences
Select Software Update
Click on "Automatically"
Select "Weekly" from the pull-down menu to enable weekly automatic software updates or "Monthly" for systems that are not often connected to the Network. Windows
Visit Microsoft's Windows Updates page at http://windowsupdate.microsoft.com monthly.
Click "Select Product Updates" to automatically search for necessary updates. Customers using other operating systems should check with operating system vendors to determine and apply software updates.
Do not open unexpected e-mail attachments without first confirming their contents with the sender. Do not open e-mail attachments sent by people you do not know.
Is there any software that can help protect me?
Install and maintain anti-virus software and virus definitions. Scan removable media for viruses before using them. To learn how IT customers can get free anti-virus software and how to keep virus definitions updated, read "Using Anti-Virus Software".
Back-up systems thoroughly and often. Read "Backing Up Your Computer" for more information.
Home users may wish to download and use the Zone Alarm personal firewall software for Windows from ZoneLabs, Inc., free for personal use.
Although not supported by IT, telnet customers can benefit from the use of SSH utilities such as MacSSH for Mac OS 9 or PuTTY for Windows. Most Linux, Mac OS X and other UNIX systems have SSH available by default. Visit http://www.openssh.com for more information.
How can I avoid causing problems on the network?
Turn computers off when leaving for the day or during extended periods of inactivity unless a special need requires that they be left on. Continuous connection to the network makes a computer more vulnerable to attack.
Do not exchange copyrighted materials.
IT Security monitors for internal attempts to compromise security. Scanning for network vulnerabilities or similar behavior is a violation of responsible use policies and penalties will be enforced.
Why should I change my password?Special tools exist that automatically guess passwords by attempting them all. This process can take many weeks or months so changing a password every 30 days is a good policy to foil this process. However, these tools are often configured to use English and commonly used terms first, so in addition to changing your password often, use a password that is difficult to guess. Here are some tips on creating a better password:
Passwords should be words that are difficult to guess but easy to remember.
They should consist of at least eight characters, both letters and numbers.
The more random and unusual the better. Note: The very best passwords use random, unconnected characters such as "sn8x@VA" or "Nx+@faS" but these can be difficult to remember. One solution is transforming simple words. This can be done by taking a word such as "marionette" and rewriting it as "m@R10N3tt3" to make it more secure. Or rewriting "capsized" as "c@p5!zeD." These passwords, although based on real words, are very difficult for password-guessing tools to defeat.
More hints on passwords:
Never use a blank field for your password. Access to all university systems should be protected by a password to prevent loss of data.
IT Support Center encourages customers to change new passwords at the first opportunity and then once every 30 days.
Avoid writing down your password unless it is in a secure place. For information on how to change your password visit this month's IT Support Center Frequently Asked Questions.
What is Spam? Does it hurt the network?
Spam is another word for unsolicited e-mail. Unlike ordinary advertisement methods, marketing through e-mail is very inexpensive for companies and individuals but can be very costly in time and confusion for individuals who receive it, as spam often designed to look like legitimate e-mail.
Avoid purchasing products or services sent to you in unsolicited e-mail as this encourages the distribution of millions of e-mail messages every year to UH servers, wasting bandwidth and productivity.
Individuals may not send unsolicited e-mail about non-university products or services using the UH network. This is a violation of university policy and can result in legal action.
Other tips:
Do not assume your peers understand network safety—they are the group most likely to expose you to vulnerability.
Close programs when you step away from them and password-protect screensavers to prevent unauthorized access.
Lock doors and keep unauthorized users away from systems.
Be familiar with the policies governing appropriate usage of university systems. Visit the policies section of the Information Technology reference guide for more information about specific guidelines. They are designed to reduce opportunities for malicious hackers and maximize network availability.