Safe and secure computing

This is required training for all faculty and staff. This link will take you to your training console, and allow you to complete the topics assigned. There are currently 7 required sections, each with approx. a 3-4 minute video, and a brief review at the end.

Security basics

Below is a basic set of software tools for fighting viruses, doing secure file transfer and terminal sessions, and other common tasks. All of the tools linked to on this page are available at no cost to you, either because they are freeware or because the UW has paid for the right for you to use them.

 

Anti-virus software

Sophos Endpoint Security and Control is the UW's centrally-licensed anti-virus/anti-malware software product. Sophos offers encryption, endpoint security, web, email and network access control solutions.

Sophos is the UW licensed anti-virus software. 

 

Secure file transfer

If you need to transfer files between your computer and UW central systems (or other systems elsewhere on the Internet), the following secure file transfer products are recommended. These free products have been determined to work well and provide good password security.

  • PuTTy for Windows
  • FileZilla Client FileZilla offers several types of secure file transfer (SFTP, FTPS) and is available for Windows, Mac and Linux.
  • Fugu for Macintosh OS X

 

Secure terminal

Connecting to systems with "plain text" terminals is less common than it used to be, but still sometimes necessary for using administrative systems or for some kinds of website work. UW central systems require use of a secure (encrypted) communications methods to protect IDs and passwords. In addition, special configurations may be needed to work with UW central administrative systems. Programs that meet these criteria include the following:

 

Follow secure computing practices

The following are good security practices that will help protect you and your computer.

 

Do backups regularly

No matter how carefully you work to protect your computer, bad things can happen. Regularly making backups is one of your best defenses against loss caused by viruses, worms or software and hardware failure.

  • Settle on one method for doing backups, such as using the backup utility that comes with your operating system. Other excellent utilities are also available. The point is to pick one, learn about its features and use it in a consistent manner.
  • Do your backups on a regular schedule. How often you do backups depends on how much your files change, but once a week or once every other week is a good interval for many people.
  • Keep copies of the backups off-site. Your diligence in doing regular backups is wasted if you keep them next to your computer and you have an office fire.
  • Important note: Backups, which are usually done to support recovery in the event of an accident, attack, or disaster, do not meet the requirements for records retention. University staff should have an additional systematic process for copying records to a secure yet readily accessible location and a schedule for eliminating records that are no longer needed.

 

Quit your browser

Browsers remember your ID and password until you completely quit the browser. Simply closing the window you used to log in to the service will not clear its memory. You must close all windows of the browser program and quit the program itself.

Otherwise, after you leave your computer, someone could open a new window, go to the service, and get in without being prompted for an ID or password. The browser will thoughtfully provide the ID and password from its memory.

In a related situation, any time you have to give your UW NetID and password to get into a computer, such as in a computer lab or when using a kiosk, you should go through the complete logout and exit process before leaving the computer. Do NOT just walk away from your session.

 

What you need to know about spyware

Spyware is software that collects personal information from you without first letting you know that this is happening. This information is then transmitted to the spyware author and may include a list of the websites you've visited as well as your usernames and passwords. Spyware is often associated with "adware" — software that displays advertisements. These unexpected advertisements may clutter your desktop and some may contain pornographic or other material that you might find inappropriate.

 

What happens if spyware gets on my computer?

The following are common symptoms of spyware:

  • Your computer may get generally "sluggish."
  • You may see an increase in advertisments on pages where you've never seen them before.
  • Your web browser may open to pages you've never seen before, either as the "home" page or when doing searches.
  • You may find that you can't use web pages you've used successfully before. For example, you may not be able to log in to MyUW.

 

How can spyware get on my computer?

Most often spyware is installed concurrently with some other software that you intentionally install. For example, if you install a "free" music or file sharing service or "free" games, it may also install spyware. Some Web pages will attempt to install spyware when you just visit the page. Sometimes, having the spyware installed may be a condition of using the software. For example, a "free" Internet service may require that you accept their adware in order to use the service. In this case, removing the spyware may prevent the desired service from working.

 

How can I protect myself against spyware?

  • Do NOT open the web links found in email "spam" or other similar unsolicited messages.
  • Only install software from web pages you trust.
  • If you do install "free" software, carefully read the fine print in the license for any reference to collecting information from your computer and sending it elsewhere. (Be ESPECIALLY wary of popular "free" music and movie file-sharing programs.)
  • When you open a web page, if a dialog box appears unexpectedly asking you to accept a download, the safest response is to click the red "X" in the upper corner of the box to close the window (clicking "no" may not close the box).
  • Install software to detect, remove and prevent the installation of spyware on your computer (see next section).

 

Information security

Ensuring the confidentiality and integrity of UW information while at the same time making it available for use is a constant challenge requiring careful strategic, tactical and operational planning. The Office of the Chief Information Security Officer (CISO) works with UW units to develop management strategies, manage incidents and assess risks. The CISO also maintains a UW Information Security Facebook site with frequent posts about information security topics.

Please promptly report information security or privacy incidents.

The Privacy Assurance and Systems Security (PASS) Council promotes a collaborative approach to information security and privacy at the UW.

 

Comply with rules and laws

As part of its effort to provide quality and reliable technology services, the University of Washington is required to comply with a broad range of federal and state laws and regulations related to management of public records, use of public resources, privacy protection, copyright protection, ethics rules and criminal behavior.

Beyond mandatory compliance requirements, the UW maintains its own high standards and commitment to the preservation and protection of privacy, intellectual property and quality technology-related services for all students, faculty, staff and citizens who become involved with the institution.

Everyone who enjoys the privileges and use of the UW's computer and network services is expected to help uphold UW's high security standards and to comply with all necessary state and federal statutes. The following are UW guidelines and policies as well as state and federal statutes and regulations that directly or indirectly affect the University of Washington's information systems security program.

More information can be found on the UW Seattle IT Connect page: