Appropriate Use and Responsibility

The university's computing resources are for the use of UCD faculty, staff, and students enrolled in classes at UCDHSC. Departmental LAN administrators do not support the use of computing resources that does not contribute to the academic, research, or administrative work of the university.

All faculty, staff, and students are required by UCD to take the proper precautions in avoiding the misuse and abuse of departmental computers.

Read more at IT Services

Data Backup and Recovery

Backups of all critical data should be made at least once per working day. The backup routine should meet the following criteria:

• Enable recovery to at least the start of business on any weekday of a failure.
• Provide at least one more level of backup to a previous time, to cover the case of the failure of the primary backup media.
• There should be offsite storage of backup media to enable a full data recovery to no earlier than one working week.
• There should be an audit of backup media at least once every six months.

For reasonably sized data/document sets, IT services provides network storage space which meets all of these criteria for a monthly fee.

Data Security

• Ensure that only authorized individuals are allowed access to data residing on your computer systems.
• If your workplace is a high-traffic area, be careful about the information you leave accessible on computer screens, printers, desks, walls, and bulletin boards.
• Choose passwords that are easy for you to remember but difficult for others to guess.
• Ensure that you have a proper firewall configured and turned on.

Data Storage Management

Keep an eye on the amount of available disk space on your computer systems, including desktop computer hard drives, file servers, and network drives to insure that you always have adequate storage space.

ITS network file server accounts have limits on the amount of available disk space. It is the responsibility of the account owner to stay within that amount of disk space. Exceeding the regularly allotted space on the ITS server will result in additional monthly charges for the service.

Password Use and Computer Account Security

If you use a computer system at UCD with a Stargate logon, you will be required to change your password every ninety (90) days. Since potential computer hackers use a variety of methods to obtain passwords, users who change their passwords regularly will decrease the likelihood of an unauthorized person accessing their accounts.

Passwords may be obtained a number of ways. The most common methods involve using familiarity with the person to guess their password, checking near a computer for written passwords, or by simply overhearing or being told the account owner's password.

In addition to regularly changing their passwords, users should do the following to ensure their passwords are secure:

• Don’t use something found in a dictionary (in any language or jargon)
• Don’t use a dictionary word or name with a single character or repeating pattern attached either before or after the word or name (1JoeBlow or balOOns123)
• Don’t use a name (including spouse, parent, child, pet, fantasy character, famous person, location, sports teams, job title)
• Don’t use any variation of a personal or account name
• Don’t use accessible personal information (birthday, phone number, license plate, SSN)
• Don’t use a simple pattern (1234, ///, 1111, aaaa, abcabc, etc)
• Change passwords often; IT recommends customers change their passwords at least once a month to discourage hackers. Remember, an expert hacker may eventually discover your password given enough time to work on it.
• The Stargate domain server makes minimum complexity requirements for passwords. They are:
• Minimum length 8 characters
• Maximum length 14 characters for Windows, 13 characters for Mac OS X, 8 characters for Mac 9 and below
• Passwords must contain three of the following four complexity elements:

• lowercase alpha (a, b, c, etc)
• uppercase alpha (A, B, C, etc)
• number (0, 1, 2, 3, etc)
• special character (!, @, #, $, etc)

• No embedded dictionary words longer than 4 characters
• Cannot re-use passwords used during the last twelve (12) password cycles

Good password examples:

• Pick a phrase and use the first letter of each word – When I stub my toe I say !@#$ 5 times
• WismtIs!@#$5t
• Intersperse uppercase with lowercase letters to increase the number of possibilities
• ~aIH4b/,
• Use a phrase and change the characters to something it sounds like
• too late to change: 2L82chanj
• All for one and one for all!: All41&14all!         
• Pick a word and change letters to characters those letters look like – Tomatoes
• T0mat0eZ (note that the o’s were changed to zeros)
• Pick a password you like and increment or change in some way, so that each change makes it different
• BigBadWolf~
• Big!BadWolf
• BigBad@Wolf
• #BigBadWolf

The idea for your password doesn’t have to make sense, it just has to have meaning for you.

If you have reason to believe an account has been tampered with, change your password immediately and contact the IT Help Desk at 4-HELP (4357) so ITS can take action to protect you.

Never share a password with anyone, and avoid writing passwords down. Account owners are personally responsible for their accounts and will be held liable for any misuse. Passwords do not appear on the screen when you type them.

Viruses

Protecting yourself

Install and use anti-virus software. UCD has a site license for McAfee VirusScan for Windows and Virex for Macintosh. While there are many anti-virus and anti-malicious code products on the market, we highly recommend the use of the university’s enterprise-lever virus scanner. Your LAN administrator can install and configure it for you.

Keep the virus definitions (sometimes known as "DAT files" or "virus defs") up-to-date. Although this process should occur automatically for computers joined to the Stargate domain, it is still a good idea to insure that the software is up to date by right-clicking on the system tray red, white and blue shield icon and choosing “Update now…” from the fly-out menu. Do this procedure at least once a week. If you have a laptop or other computer not joined to the domain, you should do the manual update procedure at least twice a week (daily is better).

Be cautious and skeptical. Credulous trusting computer users are the ones who get snagged by malicious software.

Scan all removable media

CDs, flash drives, computer disks, and other types of removable media can transmit viruses. If you receive removable media, scan it before use.

Beware of e-mail attachments

Customers need to be aware of the danger of unexpected e-mail attachments. E-mail attachments serve as the primary means of virus and worm transmission. Because many new viruses attach themselves to and send messages automatically, an infected message may come from a trusted source.

Only open e-mail attachments after confirming the source of the file with the sender. Though no method for avoiding infection is absolute, confirming the source of attachments will greatly reduce infection risks.

Before opening an attachment, make sure to scan the attachment for viruses. Virus definitions must be kept up to date for this to be effective.

The following instructions will also help e-mail users to make sure they have increased protection from viruses.

1. If you receive any e-mail messages that are suspect,
1. Do not open the message or launch the attachment,
2. Delete the message immediately, and
3. Empty your trash or deleted items folder.
2. Delete any remaining messages that contain the suspected subject heading or suspicious attachments. Some of these messages are left over from old message queues that processed earlier. You may see some with attachments and some without attachments. This is normal.
3. Change your passwords as soon as a technician has completed disinfecting your system.
4. As a general rule, do not open attachments that are from unknown parties or are unexpected.
5. Check the version of the anti-virus software to be sure it is the latest version and is using the latest virus definitions.
6. If you even suspect that your computer might be infected, turn it off and call the LAN administrator.

What to do if your computer gets a virus

If you receive a virus through e-mail:

1. Make a note of the sender's name, e-mail address, and the subject line of the message.
2. If you have not opened the message and you know it contains a virus, delete the message and empty the Deleted Items folder or Trash can.
3. Notify, by phone or e-mail, the person(s) who sent it to you.
4. Notify, by phone or e-mail, the person(s) you sent it to, if you sent it out.
5. Use anti-virus software with up-to-date virus definitions to get rid of the virus.

Spam, Spoofing and Phishing

Spam is generally defined to be unsolicited commercial e-mail (UCE). However, some people regard any unwanted messages as spam, including:

• Fraudulent e-mail that attempts to scam the recipient,
• Chain letters or urban legends that circulate unsubstantiated stories alleged to be true,
• Unwanted professional e-mail from organizations or colleagues,
• Spoofed e-mail, which is e-mail with a false return e-mail address, and
• Windows pop-ups, which can contain unsolicited advertisements.

Although unsolicited bulk e-mail has existed for years, over the past several months, it has become more pervasive, more offensive, and more expensive to deal with.

There a few things you can do to help reduce the amount of unwanted e-mail you receive:

• Use e-mail filters that allow you to reroute suspect e-mail into a trash or spam folder that you can check before deleting its contents.
• Never respond directly to junk mail, unless you know your unwanted messages are coming from a reputable source, and you are certain your request to be removed from the mailing list will be honored (this situation is exceedingly rare despite any promises to the contrary contained within the email).
• Avoid indiscriminate publication of your email address.