Hackers
Why are hackers interested in my computer?
So, your computer doesn't have anything a hacker would be interested in. There aren't any credit card numbers, no national defense secrets, nothing that a hacker could find useful. Does this mean that your computer won't be a target? Unfortunately, no. Even if there is nothing that a hacker might find directly useful, your computer can still be a target for several reasons:
1) If you have an email address, a computer, or internet access to your bank account, you are worth money to hackers.
2) Duke University has a very high speed network. A hacker who gets access to a computer on our network can use that computer to launch attacks from our fast network.
3) Hackers will make use of our systems to hack into other systems. By establishing a long chain of computers which the hacker has access to, the hacker can attack a commercial, government or military site without being caught. For example, if the hacker attacks a military computer, the military will see the attack from computer A, the owners of computer A might look and see that they were hacked by computer B, the owners of computer B were hacked from computer C, and so on. If any computer along the way can not establish where they were broken in from, the authorities will be unable to track the hacker back to the original computer.
4) Another common motivation for hacking into a computer system is to set up services on the system (such as IRC servers) for the individual's own use. By stealing resources in this way, the hacker does not affect any one particular user, but degrades service in a way that affects the system as a whole, and by extension all users.
How do hackers get into a computer system?
Hackers can use malware to record keyboard strokes, then send that account and password information to themselves. They can sometimes get your account and password information by hacking sites which store those details, such as retail websites.
Hackers can also get into a computer system by exploiting a weakness or hole in the computer's operating system or applications installed on the computer.
Computers used to access Duke resources must be patched regularly and user accounts must have strong passwords to reduce the chances of compromise in these ways.
How do I know whether I as an individual have been affected by a hacking incident?
First, be aware that if the administrator of your system suspects that you have been affected, you will be notified. (Remember that a system administrator will never assign you a new password, only tell you that you should change your old one) Even if you are notified of such a suspicion, there is only one way to know for certain that the hacker actually did anything to you: by detecting changes to your files you know you did not make yourself.
How do I change my NetID password?
To change your NetID password, go to www.oit.duke.edu/selfservice.
How often should I change my password?
You have just stumbled into one of the great arguments amongst system administrators. There are two schools of thought:
1) A good password is a good password. The only reason to change a good password is if you think that it has been compromised. If you make a user change his or her password more frequently then he or she will pick a password that is easy to guess, or the password will be written down.
2) By changing a password every 3 to 6 months, you minimize the risk of a hacker getting the password file and finding current passwords.
What's a good password?
Here are some basic guidelines for the most secure passwords:
Avoid names or words found in the dictionary.
Use a combination of numbers and letters.
Include a non-alphanumeric character (such as #, @, or $) in the middle of the password.
Use eight or more characters.
If you're interested in a more thorough discussion of passwords, including strategies for selecting yours, go to the University IT Security Office's Password Security page.
What can a hacker do to me (and others)?
There are three primary ways a hacker with access to your account can cause trouble:
by tampering with or stealing your data,
by impersonating you (sending email that appears to have been sent by you, logging into systems to which you have access, etc.)
by attacking other computer systems from your account or computer
These activities can range from the nuisance level to something much more serious. You definitely want to do all you can to avoid letting anyone access your account.
Could I be held responsible for anything?
Potentially, yes. The legal aspects of computer security issues are still be worked out, so it's hard to say what could happen. To date, no one has been held liable for negligence.
Don't panic, but do be cautious.
What are my points of exposure?
Local system weakness
Many people use a local system, such as a departmental or home network, to connect remotely to a Duke account. In this case, your account is only as secure as the least secure system you're using.
Anyone who has control--legitimate or not--over a computer you're using to access a remote system can see what you're doing. If the computer or network you're using to connect is improperly installed or administered, you could be exposed.
Downloading and executing software from the Internet
One of the ways hackers collect userids and passwords is by distributing software that collects this information for them. Similar to a computer virus, you could unknowingly install one of these insidious programs if you're not careful.
As a general rule, you should never execute software about which you are uncertain. This includes software that you have received as an email attachment from someone you don't know or that you've downloaded from an Internet site you don't know and trust.
How do I report a security incident?
Employees should contact their local systems administrator. Students should report any incidents to the OIT Service Desk (684-2200).
Help! I'm a new departmental IT staff member; what can I do to keep my network and my users safe?
You should be aware of and participate in the campus alliances for network administrators. These include the Campus LAN Administrators Consortium (CLAC), the CSL LAN Information Forum (CLIF) in DUHS, and the various operating system groups on campus (Linux@Duke, Mac@Duke, and Windows Admins). Contact the University IT Security Office about joining the campus security liaisons group.
Where can I find Duke's policies on this topic?
Duke's current list of policies is maintained at http://web.duke.edu/policies.