Return to: U of M Home
What do I do if I think I'm being attacked by hackers or have some other computer security problem?
See Reporting Violations in the University's Acceptable Use of Information Technology Resources at http://www.policy.umn.edu/groups/ppd/documents/procedure/rept_violations.cfm After reporting the incident, wait for OIT Security to work with you to discuss the next steps. If a specific computer is involved, it must remain powered on, but disconnected from the network until OIT Security can review and assess next steps. See the Incident Response page on this web site for more information.
How do I choose a good password?
There are a lot of factors involved in choosing a good password. See the Tips for Choosing a Password for more information.
How and why do I configure SSH: Secure Shell?
A good explanation of SSH set-up and information is available in the SSH article on the Computer Science department and OIT Security Web site. Also check out the information at the SSH Communications Security Web site and SSH Presentations from the monthly Computer Security meetings.
How do I install "sendmail"?
Go to the Configuring and Administering Mail tutorial information from Indiana University.
Are there any University guidelines on installing servers securely on the U of M network?
Yes. The University has standards and guidelines available on the Policies- Standards & Guidelines page
What is the difference between a University policy, standard, and guideline?
See the Terminology page on this Web site.
There are so many places to look for security information. What are some of the better places to start?
Good sites for general background information are the CERT, SANS, or COAST sites under the Resources/Links section of this site. Other good sites for more specific vulnerability information are:
How can I tell if my server is vulnerable to attack from the Internet?
Unless you have taken active measures to improve your security from the product the vendor shipped, you are likely vulnerable. Keeping in mind that there is no such thing as absolute security (or a totally safe car), there are definitely things you can do to reduce risk.
Consult the information on this and other Web sites and particularly the guidelines for securing a server under Policies- Standards & Guidelines Web page. Apply security patches regularly and maintain an up-to-date knowledge of vulnerabilities. If you would like further information or want to discuss your situation in more detail, send us an e-mail.
Where can I send links/suggestions/feedback on security issues?
We can use all the help we can get! Please send us an e-mail!
Where can I get an anti-virus program for my network?
Academic and Distributed Computing (ADCS), which is part of the Office of Information Technology (OIT), has a site license for antivirus software. The antivirus software is free for personal or for department use.
Where can I find some information on different firewall products?
Purdue University has a lot of excellent background information and product information at www.cerias.purdue.edu/coast/firewalls/
Are there any meetings at the University concerning server and network security?
Yes. On the second Thursday of the month at 9:30 a.m., there is a security session breakout group from the monthly NetPeople meeting.
Where can I get information on how to administer a UNIX system?
Visit the USAIL (UNIX System Administration Independent Learning) web page.
There are UNIX training courses available through the University Technology Training Center (UTTC).
Is the University protected by a firewall?
No. The U of M is an extremely large and complex computing environment with varied needs. Firewalls filter out certain types of traffic (i.e., "services"), but in a University environment someone needs almost every available service (e.g., FTP for file transfer or Telnet for remote access). Any firewall would need to be at the lowest common denominator that would have everything allowed. In many cases this will require a firewall, intrusion detection, and other security measures at the local level.
What e-mail discussion groups/listservs are available at the University for server and network security?
|
List
|
Name Restrictions
|
Purpose
|
|
comp-sec |
U of M Full-time Staff
|
Potentially sensitive security alerts and announcements. May include in-progress IT Security attacks & compromised hosts. All members vetted by OIT Security staff. |
|
List
|
Name Restrictions
|
Purpose
|
|
net-ops |
None
|
Report network outages and maintenance |
|
net-people |
None
|
General purpose networking discussion & announcements |