One Step Ahead: Computer Security – Free & Easy initiatives at Penn |
|
March 17, 2015, Volume 61, No. 26 |
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Privacy
As information security remains a top priority at the University, there are a growing number of resources available to help. The list below provides information about security measures and tools available today for little or no cost to Penn Schools and Centers.
• SafeDNS proactively prevents your computer from connecting to the thousands of servers known to be malicious. For more information see: http://www.upenn.edu/computing/dns/safedns
• The newly launched Security Logging Service pilot helps to monitor critical servers and applications for signs of attack or compromise. This service is offered at no charge until the end of 2015. For more information write to lan@isc.upenn.edu
• Penn’s Two Step Verification is an optional, easy to use feature, that provides another layer of protection on PennKey. A ‘must-have’ in an era of phishing and stolen passwords. See http://www.upenn.edu/computing/weblogin/two-step/
• Critical Components is a central registry of all Penn computers and applications whose compromise could result in significant financial, reputational or operational harm. Critical components receive priority during incident handling and threat notifications, as well as regular vulnerability scanning. See http://www.upenn.edu/computing/security/crithost/
• Centralized endpoint management solutions ensure computers remain up to date and patched. If your organization does not currently have a solution, ISC runs a service centrally for thousands of campus clients. For more details see http://www.upenn.edu/computing/isc/lts/PennEM/
• ISC provides best practices and training to help secure web applications. Contact security@isc.upenn.edu for a free training session on the OWASP Top 10. Application developers and owners can review the published Application Security guidelines. See http://www.upenn.edu/computing/security/swa/
• Customized “Top 10 Security Tips” are available for faculty, staff and students: http://www.upenn.edu/computing/security/checklists/Top10/. ISC Information Security is available to present to groups of any size about these recommendations as well.
• Lastly, for local support providers there are several tools, provided at no charge, to help scan computers and applications for vulnerabilities (e.g. Nessus, Web-Inspect). Contact ISC Information Security for more information.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/ |