University of Malta UNIVERSITY OF MALTA 
IT SERVICES 
Computer Security
 
Introduction

Over the past years, computing has become an integral part of the day-to-day activities of almost all staff and students at the University of Malta. Computers are used for e-mail communication, online research, the preparation of assignments, presentations, lecture notes, dissertations, record keeping etc. Undoubtedly, the most important benefits of today's computing are the communication and sharing of data.

Communication and sharing of data is possible because of the networking infrastructure that connects computers together. However, networking brings also new security risks. Among these there are risks that important data may be stolen, corrupted, or misused and that computer systems will be compromised. These risks raise concerns about:

  • Data confidentiality - Information can be read or copied by unauthorised persons.

  • Data integrity - Information can be modified as this is being transmitted over the network.

  • Data availability - Information and resources of the network can be made available to unauthorised persons.

Compromised computers and insecure networks may also be used by third parties to attack other users that are connected to the campus network and other computer networks.

Although some users may not consider their data or e-mail communications as 'top secret', they are uncomfortable if their data or e-mail is being read by other people. They are also uncomfortable if forged e-mails are being sent from their computer or their computer is being used to attack other computer systems. Computer security is what helps ensure the confidentiality, accuracy, availability and integrity of the information you use to perform your work or enhance your studies at the University.

It is in the interest of all staff and students that our networking infrastructure continues to operate reliably and that the confidentiality and integrity of your own and any University information is maintained secure at all times. IT Services takes all the necessary precautions to minimise security threats to computers that are connected to the campus network. However, like any other security system, it is not possible to achieve security unless the individual users take basic security precautions from their side. Each and every user should take adequate measures to maximise the security of his/her computer system.

Security will still be compromised if other less security-conscious users are allowed to use the same computer (e.g. a home computer being used by another member of the family).

EVERYONE should ensure that the security of his/her computer is maintained at the highest level possible.

IT Services requests all users to follow the underlying guidelines in order to maximise the security of their computers.

[1]  Use Anti-virus Software

A virus is a malicious program that infects and runs on a computer system without your knowledge or permission. There are different categories of viruses having different effects on computer systems. Some viruses may corrupt or delete data that is stored on the computer. Others may disclose your data to third parties without your knowledge. Some viruses may slow down your computer system. Others may use your computer to attack other computers.

You must prevent your computer system from viruses by installing anti-virus software. These programs are designed to detect and in most cases remove viruses from a computer. Members of staff are encouraged to use F-Secure anti-virus available from IT Services.

Apart from installing and running an anti-virus program, you must ensure that this program is regularly updated. This is because new viruses are being developed all the time. An outdated anti-virus program will therefore be unable to detect new viruses. Most anti-virus programs, including F-Secure, are automatically updated with latest virus definitions when you connect your computer to the Internet.

[2]   Install Software Patches

Computer programs such as operating systems, e-mail clients, browsers, media players and desktop applications (e.g. wordprocessors, spreadsheets, databases etc.) may have vulnerable defects through which intruders can gain access to your computer.

Software vendors usually release patches or hotfixes for their products when a security vulnerability is discovered. You must ensure that all programs on your computer are updated with the latest available patches. Also, whenever you install new software you should check for any available updates to this software.

Software patches can often be downloaded for free from the vendor's website. Some programs (e.g. MS Windows XP SP2) have utilities which automatically connect to the vendor's website and download any available patches. If there is no automatic update feature for any of your programs, visit the vendors' website regularly and download any available updates.

Click the underlying links for updates to the following software:

*The link works only if you are using Internet Explorer 5 or higher.

[3]   Use Personal Firewall Software

When you connect your computer to the Internet, it starts transmitting and receiving data from a wide range of sources. Some of the incoming data may be originating from trusted sources such as when your e-mail program receives messages or when your browser refreshes the weather forecast page. However, not all incoming data can be trusted. For example, the incoming data may have a Trojan horse that enables intruders to gain access to your computer system. Some network traffic can therefore modify, damage, or steal your data files and programs.

A personal firewall is a program that monitors the network traffic between the Internet and a computer. As network traffic passes through the firewall, the latter decides which traffic to forward and which traffic not to forward, based on rules that you have defined. All firewalls screen traffic that comes into your computer. Good firewalls filter both incoming and outgoing data by prompting the user each time a connection is attempted, and according to the user's response they 'learn' what Internet traffic can be received or sent from the computer system.

You are strongly advised to install a firewall program on your computer. Some operating systems (e.g. MS Windows XP SP2) have an integrated personal firewall. Users who do not have such operating systems are strongly advised to install a personal firewall. Sygate is a firewall program which is free for personal use.

[4]   Use Anti-spyware Software

Spyware is a category of software that collects and reports information without your knowledge or consent. The information collected by spyware can range from the websites that you visit to sensitive information such as passwords and credit card details. Spyware can also alter some settings on your computer, for example your browser's homepage changes without your knowledge.

You can get spyware on your computer when you visit certain websites. For example a pop-up message may prompt you to download a software utility that you 'need' or else a software program downloads automatically without your knowledge. The spyware then runs on the computer, tracking your browsing activities and reports these to third parties, such as advertisers. Spyware also uses memory and processing capacity, and can slow or crash the computer.

Spyware cannot be detected by anti-virus software. You should therefore install and run a spyware removal program to get rid of spyware. It is important to update the anti-spyware program regularly in order to maintain the confidentiality of your data and stability of your computer system.

MS Windows 2000/XP users may download freely the Microsoft Windows Antispyware (Beta). Alternatively users may download freely the Spybot Search & Destroy (S&D).

[5]   Treat all E-mail Attachments, File Downloads etc. with Caution

Treat ALL files attached to incoming e-mails with caution. Just because a mail originated from an address that you recognise does not mean that the file is safe or that the supposed sender has anything to do with it. Some file types particularly those carrying the extension .EXE, .COM, .PIF, .JS, .VBS, .SHS, .SCR, .DOT are potential viral infections*. Double file extensions e.g. 'readme.txt.vbs', should always be treated with suspicion.

Similarly you need to be very cautious about files that you download from Internet. Avoid downloading files from bulletin boards or public newsgroups. These are potential sources of viral infections.

Before opening email attachments or downloaded files, it is always good practice to first save files to your hard disk and to scan these for viruses before opening. However, do appreciate also that anti-virus software only detect known viruses. There is therefore still the risk that an attachment or downloaded file may still contain malicious programs.

Software updates e.g. drivers, multimedia players, should be downloaded from the manufacturer's official website or trusted sites. The same applies for any other new software that you may wish to install on your computer, even if you are installing this from CD or other media. It is important to verify that the source of the software is from a trusted source e.g. original software manufacturer media or website.

*By default, MS Windows operating systems do not display any file extensions. It is therefore recommended that MS Windows users should follow the underlying instructions in order to have the file extensions displayed:

  1. Double-click My Computer icon on MS Windows desktop.
  2. Click Tools menu.
  3. Click Folder Options...
  4. Click the View tab.
  5. Scroll down to the line Hide file Extensions for known file types and uncheck the box next to it.
  6. Click OK button.
    7.

[6]   Make Regular Backups & Remove Sensitive Data

Regular data backups enable you to restore your computer to an operational state following corruption of your filing system by a virus or your hard disk is damaged. Also data backups facilitate the recovery of a single file or set of files when these are accidentally deleted or corrupted.

You are encouraged to make regular backups of your data files on removable media preferably on CD or DVD. In particular you are encouraged to backup any sensitive or critical data and, as much as possible, remove sensitive data from your computer hard-disk and instead store it on offline media such as CD's or DVD's.

[7]    Use a Strong Password

The use of a strong password enhances the security of your computer system. Your password should be at least 6 characters long. It should consist of both upper- and lower-case letters and also one or more numerical digits. Your date of birth, phone number or any word that can be found in a dictionary do not make a strong password.

Never share or disclose your password to any other person including colleagues, family members etc. Do change your password if you suspect that somebody knows it. You are also advised to change your password regularly say every 2 months.

Last updated: 08-Jun-08
[ UNIVERSITY HOME | IT SERVICES | SEARCH ]
[ WHAT'S NEW | TRAINING COURSES | ACCOUNTS | SOFTWARE | OTHER | FEEDBACK FORM
E-mail us at support@its.um.edu.mt http://www.its.um.edu.mt/
Copyright © IT Services, University of Malta.
All Rights Reserved.