Computer Security | Computer Security | Technical Solutions

Computer Security

IST Intrusion Prevention acts as a liason to the rest of campus for operational computer security issues and ensures that students and staff alike adhere to the University's computing policies and guidelines.  If you have concerns about the security of your computer, CCID, email, or any other day-to-day functions, please contact the our Computer Security Administrator at This email address is being protected from spambots. You need JavaScript enabled to view it. Remember, we will never ask for your password.

 

Protecting Yourself Online

You never know who may be lurking on the internet. Your information can be easily tracked and stolen if you aren't careful! The internet provides people with the oppotunity to do many common tasks, such as online shopping or online banking, from the comfort and privacy of their homes.  It is important to understand that personal information and privacy can be easily tracked and stolen if you don't exercise caution when using the internet.

  • Never use your real name... Be a super sleuth: Use an alias that cannot be traced back to you.
  • Never use your primary email address... Use a "throwaway" account instead when signing up for services.
  • Never use your real mailing address... If you are not purchasing anything from the site!
  • Think twice... Before giving out any personal information.
  • Clear your browser history, temporary files, cookies, and stored passwords
  • Use free cleaning software. Look to your right!  Run it regularly.

Remember—your computer tracks everything. Outsmart it!

Free Protection Software

Windows XP/Vista/7/8

Linux

Mac OSX

  • F-Secure offers an anti-virus suite for OSX but it is not covered by the existing site license agreement. A trial version of the software can be found on the F-Secure website.
  • Apple also provides free guides to enhance OSX security for experienced Mac users.

 

 


 

GlobalSign SSL Certificates

Linux, Mac, Unix, Windows

Through GlobalSign Inc. IST provides faculty and staff accessibility to SSL certificates at no cost for educational use on University of Alberta owned computers. GlobalSign SSL certificates allow full authentication and 256-bit encryption; this level of security establishes a trusted digital infrastructure essential to high-value e-commerce transactions and ensures secure access to applications, communications, and resources. To initiate a certificate download, please contact This email address is being protected from spambots. You need JavaScript enabled to view it. .

 


 

Social Networking

Facebook.  Twitter.  LinkedIn.  We all know of them, and most of us use them.  Social media sites focus on user-generated content, and they allow fo anyone to share their thoughts an opinions with a wide audience.  Whether you rely on these services to run a business, or use them on a personal scale, there are a wide range of security issues you need to be aware of.  Social engineering—not technical exploits—has become a primary method for gaining access to secure information.  Social engineering is the act of obtaining information by manipulating people through social psychology to achieve a goal.  Social networking websites have become a prime target for these types of attacks.


Never accept random invitations from people you do not know!


Never give out any personal information to view a fan page.


Assume that once it's posted online, it's online forever.

Don't install applications that require access to information like your phone number.

 


 

Email Security

Abuse of email systems is one of the most popular issues concerning computer security and it is vital that people understand the risks involved with email.  The purpose of this section is to provide information that can protect you from the most poplular types of email abuse.

 

Why would anyone care about my emails?

Many people view email as a tool for quickly sending or receiving information and fail to realise their email contains far more valuables then a few simple messages.  Consider this:

  • How many contacts do you have in your address book?
  • Do you store website logins and passwords in archived emails?
  • Do you receive eBills (electronic bills) for services such as Cable, Internet and Utilities?

All of these items contain information that is valuable and can be sold.  You may ask why others would care about the contents of a seemingly insignificant email account but that mailing address in your eBill is a possible answer.  All the contact information in your address book is a gold mine for spammers as it provides them with email addresses that are most likely active and being read on a regular basis.

 

Yes, but didn't that email say it came from you?

Email was not designed with security in mind which makes it incredibly easy to spoof addresses and trick you into thinking you're corresponding with someone who isn't who they claim to be.  Often times these emails contain 'phishing' content where the ultimate goal is having a user give up important information such as usernames and passwords.  Phishing emails contain 3 primary characteristics:

  • They claim to come from a source of authority (University Administrators, Police, Government etc.)
  • They request that you give up personal information such as usernames and passwords.
  • They imply something negative will happen if you don't provide these details.
By far, the most common types of phishing attacks seen at the University involve emails that claim your account will be deleted unless you reply to the sender with your username and password.  These emails look like they came from the Help Desk or someone in IT, they request you give up your credentials and they convince you to do so by making you believe your account will be deleted.  When someone falls for a phishing attack, often times their email address is then used by a third party to send large amounts of spam.
 
***Never reply to these emails no matter how believable they may sound***

 

Why did that link take me to the wrong site?

Links in emails and websites contain two pieces of information.  The first is the text you read on the screen and click on when you want to follow that link.  The second is the code running behind the scenes that determines where that link will actually take you.  Just because a link says it will go to a particular website, does not mean this is where you'll end up.

Here's a harmless example: http://www.ualberta.ca

Even though this link says it goes to the University website, clicking it actually takes you to Google.  Many phishing emails abuse this method and replace the code with links to a website that look very similar to the real one.  Many people won't catch this and will end up giving their important information away without knowing it.

 

So what can I do about all this?

The most important thing you can do is use caution when using email. Under no conditions should you give any information to anyone via email no matter who they claim to be.  A few simple steps you can follow are:

  • Never reply to phishing or spam emails.  Doing so validates your account exists and will likely INCREASE the amount of unwanted mail you receive.
  • Be cautious of links in strange emails.  If you hover the mouse over the link, most browsers will show you in the bottom left where that link will take you.  If the address has typos or looks strange, don't click the link.
  • Unsubscribe links in spam emails are a trap and WILL NOT unsubscribe you.  They simply validate that your account exists.
  • Use extreme caution when opening attachments regardless of who they are from.  Remember, addresses can be spoofed.  If it contains files ending in .exe, .vbs, .bat or .scr DELETE THEM immediately.

Remember that we are here to make your life easier.  If you're not sure about an email or question where it came from you can either forward it to This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us directly at (780) 492-1390.

 

Technical Solutions Sitemap

Deskside Support

N/A

Electronic Repair

N/A

Server & Application Hosting

Application & Web Hosting
Server OS Admin
Server: Physical & Virtual Hosting

Storage & Backup

AFS
Desktop
File
Infrastructure

Security

N/A

Identity Management (IMS)

N/A

Software

N/A