Archive for February 2014

Windows XP countdown

We are writing with a reminder that Microsoft will be ending support for Windows XP on April 8th, 2014.  This means that they will no longer provide security patches for computers running Windows XP and the risk of continuing to run this unsupported operating system could cause serious system downtime or loss of data.

In an effort to minimise disruption to staff and students who are still running Windows XP, we have made a decision to allow Windows XP on the College network until July 1st, 2014.  However, we are encouraging anyone with a Windows XP computer to take action well in advance of that date by upgrading their operating system or replacing their computer as soon as possible.

Please refer to this our Removal of Windows XP support FAQ for any questions you might have.  As always, if you need further assistance, please contact the IS Services Helpdesk (helpdesk@tcd.ie | 01 896 2000).

IT Security | Phones and Tablets – Mobile Device Security 101

Smartphones and tablets are essentially mobile computers they allow you to access the Internet and email, download applications and games and store photos, videos and your personal information on them. Therefore it is important to realise that you need to protect and secure your phones & tablets just as you would your computer or laptop.

What should I do?

In order to protect your phone or tablet and the data stored on it you should have a look at the security features that are available on the device. All devices should have security settings though the exact options available will differ depending on manufacturer, model and software version.

Below is a guide to some of the general security settings that you should consider:

1) Set a Pin Code and automatic lock

Most smartphones and tablets have functionality to allow users to set a password or Personal Identification Number (PIN) on the phone that is then necessary to know in order to access the phone.  Similarly most devices can be configured to automatically lock if your phone has not been used for a set period of time 5mins etc.

Setting a PIN and an automatic lock are the simplest yet most effective security measures that you can utilise to minimise loss and disruption in the event that your phone or tablet is lost or stolen.

2) Take Care on Untrusted Networks

When connecting to the Internet using Wi-Fi on a mobile device always try to use an encrypted network that requires a password and which you are sure is operated by a reputable provider. Configure your settings so that that your device asks permission to join a new wireless network rather than joining automatically.

3) Keep Software Up-To-Date

Phone and tablet manufacturers regularly issue updates to the software on your phone, some of these updates may be fixing known security problems so you should make sure to regularly update the software on your devices.

4) Disable Bluetooth

Disable Bluetooth when it is not actively transmitting information and switch Bluetooth devices to hidden mode Bluetooth lets you wirelessly connect to devices and transfer information over short distances. It is best to leave your device in undiscoverable mode (hidden) so that it is only visible when you specifically need other people or devices to see it. This means that hackers cannot easily see your phone and attempt to connect to it

5) Use Encryption to Protect Confidential Data

Some phones or tablets allow you to encrypt your data, sometimes this functionality is built in and sometimes third-party software is available. It is always desirable to encrypt data on a mobile device as encryption secures your data if your device is lost or stolen.

Don’t forget College staff can also get their Laptops encrypted

6)  Investigate Remote Tracking Options & know what to do if your Device is Lost or Stolen

Utilise any remote tracking facility or remote data deletion option on the device if these are available. This type of service will give you piece of mind in the event that the device is lost/stolen

Make sure that you know how to report lost or stolen devices immediately. If you lose your device then it may be possible to remotely wipe personal data from it. For example, staff can make use of a feature through the staff Exchange email service to remotely wipe some devices. For more information please contact the IS Services Helpdesk.

IT Security | Cloud computing & Security

“Cloud Computing” is a popular term which is commonly used to describe IT services delivered over a network or Internet connection. Any service where the software and data storage does not exist on your own computing device and where you connect remotely via a network or the Internet is a cloud service.

Do you use any cloud services?

There’s a good chance you’ve already used some form of cloud computing.  If you have an e-mail account with a web-based email service like Hotmail or Gmail,  if you use Dropbox or Google drive  to store files or if you post data to social media sites like Facebook Instagram or Twitter  then you’ve had some experience with cloud computing.

What do I need to know about the cloud?

Cloud services can provide a significant range of benefits including increased solution choice and flexibility, however, the cloud also presents new challenges.  As a user there a number of things you should consider before you start using a new cloud service to store or process your data:

1) Have you read the small print?

When you sign up for a cloud service even a free one you will usually be asked to sign up to terms and conditions of service, this is effectively the contract between you and the cloud provider company. You should read the T’s &C’s carefully to ensure that you are happy with the service you are signing up to. Things to look out for include: where geographically will your data be stored and will the contract allow the provider to disclose any of the data to others without your permission?

2) Will your data be private and secure?

The Internet can be a dangerous place, and your data will only be as secure as the measures that the cloud company have put in place. The best companies will be able to prove that they have good security measures in place by producing an independent certificate.

If in doubt you should consider encrypting your data before storing it in the cloud as an extra precaution.

3) What happens in a disaster?

IT disasters including fires, floods and equipment failures happen from time to time, you should make sure that you know whether the cloud service provider has a backup and recovery plan. If not you may need to make other plans for the recovery of your data yourself in the event of a disaster.

4) Know your Exit Strategy

What will happen to your data when you cease using the service or if the cloud service provider goes out of business?

Again check the small print of the service contract to make sure you know what will happen to your data when you are no longer using the service, will you be able to get it back, and will the service provider delete it form their system or retain copies of it?

Can I put College data in the Cloud?

Any College data which is confidential, valuable or which contains details belonging to living individuals (and therefore falls under the Data Protection Act) needs to be properly protected from unauthorised access and IT disasters.

The processes involved in procuring and evaluating cloud services can be complex and subject to legal, ethical and policy stipulations. IS Services advise all College users to seek professional advice before attempting to store this type of data in the cloud.

Contact the IS Services Helpdesk where our staff can provide assistance and advice on the necessary steps to take.

And don’t forget..

For most cloud services the only thing preventing others from accessing your data is your account and password. Make sure to keep them secure and use good passwords.

TCHPC: February 2014 training courses

The Trinity Centre for High Performance Computing (TCHPC – http://www.tchpc.tcd.ie/) provides advanced computing (Linux and HPC), data management, visualisation and software development facilities and expertise for Irish researchers from all disciplines.

Please see the following link for information regarding the February training courses. http://www.tchpc.tcd.ie/node/1106.

TCHPC: Walk-In Workshop session on Friday 7th February between 12pm and 1pm

The Trinity Centre for High Performance Computing (TCHPC – http://www.tchpc.tcd.ie/) provides advanced computing (Linux and HPC), data management, visualisation and software development facilities and expertise for Irish researchers from all disciplines.

The Centre will be holding a Walk-In Workshop session on Friday 7th February between 12pm and 1pm.
Light refreshments of tea/coffee/biscuits will be provided.

This month’s workshop is focused on:

* All disciplines:

* Do you run large calculations on your desktop?

– We can help by getting them to run on our High Performance Compute clusters instead.

* Do you need help writing parallel code?

– You can get free access to support scientists who can help you. This scientist can be allocated to work with you or your research group on
projects for up to three months in duration.

* Do you need help visualising results?

– We can provide advice on software (including bespoke visualisation software developed at TCHPC) and facilities (3-D Visualisation Facility).

Researchers from all disciplines are welcome to come along.  Please let your colleagues know about the Workshop, as they may have some issue which turns out to be relevant for you.

Additional information
——————————–

This will be an open session for people to come in and ask questions and get help in an informal setting.

Please note that this is _not_ a formal training session – you can drop in at any time during the workshop with a question for 5 minutes and then leave (hopefully happy!).

TCHPC staff members will be on hand to discuss any problems with you.

See http://www.tchpc.tcd.ie/support/workshops/ for more details.

 

Venue Location & Time
——————————–

The TCHPC computer lab on the second floor of the Lloyd Building (room 2.12)
Time: 12pm – 1pm on Friday 7th February

Contact information: http://www.tchpc.tcd.ie/overview/contact/

We hope to see you there!

IT Security | Stay Secure and Protect your Privacy Online

The Internet can be a dangerous place with viruses, malware and spyware lurking at every click! Have a look at the tips below to ensure that your computing devices and your important personal information are properly protected.

Avoiding Viruses and malware:

– Make sure you are running anti-virus software on your computing devices and that it is up-to-date so it can detect all the latest viruses and malware.

– Regularly scan your computer for spyware and adware using an up-to-date tool to keep your computer clear of dangerous malware.

– Don’t let the software installed on your devices fall too far out-of-date, older software is often less secure and can be missing important security updates.

– Be selective about what software you download especially when it is “freeware” and “shareware” as these can sometimes be sources of spyware infections.

– Always browse carefully, certain sites are higher risk than others and dangerous links can be well disguised or hidden inside the text of a website.

– Don’t click on links within pop-up windows like the one below. Pop-up windows are often a product of spyware and clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the titlebar instead of a “close” link within the window.

Protect your Privacy Online
– Take care on public unencrypted Wi-Fi connections such as those in café’s, hotels and airports where your communications could be intercepted. Remember College staff members can use the College VPN which provides an encrypted tunnel to access the College network securely.

– Use strong passwords both for your College accounts and all your personal accounts such as Facebook, Twitter, Amazon, PayPal and remember don’t use the same password for everything. As this increases the likelihood of multiple accounts getting hacked at once potentially turning a small problem into a disaster!

– Think carefully about the information that you post about yourself online. Don’t make large amounts of data such as name, address and date of birth available publicly as these could be used by criminals involved in identify theft.

– When using social media sites such as Facebook, always use the privacy controls provided to restrict access to information about you to your friends only.

– Be aware that many free services and apps collect detailed information about you that allows them to sell highly-target advertising. When you download a “free” app always check the information it is asking to access, and make sure you are comfortable with allowing that information to be used for advertising and other marketing purposes.

– Be cautious about geo-location services, Smart phones, apps, and web services often tag and store information about your location. Sometimes this may be very useful in providing a service such as locating the nearest restaurant but just make sure you are comfortable with the amount of information which may be collected and consider turning off location services when you are not actively using them.

– Reduce your digital footprint by closing old accounts which you no longer use, these could be older social media services like MySpace or Bebo, or current services which you have stopped using.

IT Security | Spam, Scams and Phishing emails

Do you use the Internet regularly in the course of your studies or day-to-day College business as well as for personal transactions and leisure activities?  To stay safe you need to be alert to the possibility of scams and fraud online and in your inbox.

Take a look at the email below; have you ever received something similar?

This is an example of a common type of email scam which attempts to solicit your personal information on the basis that you have ‘won’ a competition.  There are many variations of these scams which may appear in your inbox.

These emails may attempt to induce you to:

  • participate in a contest or lottery;
  • purchase goods or services;
  • invest for financial profit;
  • Pay advance fees for services that are promised but generally not delivered

What is the purpose of these scams?

Most scams are designed to solicit payment from you or to obtain your personal details such passwords, bank account details, PIN numbers or internet banking login details.

How can I avoid them?

To avoid these types of scams you need to be vigilant and cautious, always take your time and consider the validity of what you are being offered.

ü  Make sure you can confirm the identity of the company or individual with whom you are engaged in a transaction

ü  Never agree to provide money up front for services

ü  Never provide sensitive personal information by email or on unfamiliar websites

ü  Be suspicious of unsolicited communications, if you did not enter the lottery it is unlikely that you have won!

As a general rule if an offer sounds too good to be true it probably is.  The best course of action is to treat all these communications as spam and delete them!

What is Phishing?

Phishing is a form of online fraud which we experience regularly in College.  In a typical phishing attempt, you may receive an email or pop-up message that claims to be from IS Services or another business or organisation that you may have previously dealt with, for example eBay or Bank of Ireland.

How can I recognise a phishing email?

Always trust your instincts, and don’t be tempted to respond hastily to an email which threatens to disable your account. Check the IS Services website or give the helpdesk a call if you are unsure whether an email is genuine or not.

What should I do when I receive a phishing email to my College email account?

Staff members who suspect that they have received a phishing email, and have not clicked on any links in it or acted on it in any way should report it to our anti-spam service by forwarding it to abuse@frontbridge.com. Emails sent to this address will be considered for addition to the list of known sources of SPAM, and so will no longer arrive into College. When forwarding an email to this address please ensure to include the email headers.

What do I do if I think I have responded to a phishing email in College?

If you have replied to a phishing message or clicked on any links within the email body and entered your College username and password please immediately change your password and report this to the Helpdesk (+353 01 896 2000).

Finally remember..

IS Services will never ever ask for your username and password via email and you can confirm any communications from us with our website isservices.tcd.ie or the Helpdesk.

IT Security | Is your password on the list of worst Internet Passwords?

Is your College password on the list of worst Internet Passwords for 2014?

You might recall during last year’s IT Security week we looked at the list of the Internet’s most commonly used and therefore ‘worst’ passwords. The list has been updated for 2014 As you can see below there has not been much of an improvement! Do you see any passwords similar to those you may be currently using for accounts which provide access to important information about you? These could include your College network or email account, or your iTunes, Amazon, PayPal, LinkedIn, or Facebook account?

If so it may be time to consider a change!

Rank Password Change from 2013
1 123456 No Change
2 password No Change
3 12345 Up 17
4 12345678 Down 1
5 qwerty Down 1
6 123456789 No Change
7 1234 Up 9
8 baseball New
9 dragon New
10 football New
11 1234567 Down 4
12 monkey Up 5
13 letmein Up 1
14 abc123 Down 9
15 111111 Down 8
16 mustang New
17 access New
18 shadow Unchanged
19 master New
20 Michael New

What makes these passwords so bad?

The passwords on this list demonstrate many of the common features which make a password weak and easy for an attacker to guess or crack:

  • They use dictionary words like dragon, football & monkey
  • They use common sequences or repeated characters like 111111 & 12345678
  • They use adjacent letters on the keyboard like qwerty

How can I create a secure password?

The key ideas to think about when creating a password are:

  • Length – Make your passwords long with 8 or more characters.
  • Complexity – Include letters, symbols, and numbers and a variety of upper and lower case characters.
  • Obscurity – Good passwords are randomised combinations of characters, don’t use dictionary words or words with personal connections to you or the service the password is for.

Test it online When you think you have come up with a secure password you can check it with an online password checker.

How can I manage all my passwords?

The best idea is to use separate passwords for all your important accounts which provide access to important information about you like your College account, iTunes or Facebook account. However remembering many different complex passwords is a challenge, one useful way to manage you passwords is to use an application like Keepass.

This is a small application which you can install on your computer and use to store your password information. The application is encrypted and password protected.  Obviously you should choose a really strong password to protect this application and remember to transfer and delete all information when you buy a new computer.

What if I forget my College Password?

Everyone forgets their password occasionally, you can save yourself a trip to the helpdesk by signing up today for the automated password reset services provided by IS Services below:

  • Password Manager

Password manager is a web-based application which allows staff and students to manage and reset their network login password. For a complete set of instructions on how to get started using Password Manager as a member of staff please see staff information, and as a student please see student information

  • TCD Password Recovery Service

Students can reset their email and network login password and have details sent to their mobile phone. Sign up today at mypassword.tcd.ie by providing a mobile phone number and, optionally, an alternative email address.