Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn


Sunday, March 18, 2018

  New Resources
Security Logging Service
Travel Tips for Data Security
Free Security/Privacy Training Resources
Two-step verification
Combating Malware
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Wireless Networking
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
  More in-depth information for
Local support providers
System administrators
  Security initiatives
Critical Component compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
  Related links
Electronic privacy
Worms, trojans, backdoors

National Cyber Security Awareness Month - October, 2013

National Cyber Security Awareness Month (NCSAM) is spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA) and takes place every October in an effort to raise awareness about information security issues.

2013 NCSAM Events at Penn

In conjunction with Penn's Privacy Office and several of the computing support operations in the various schools and centers across campus, the Office of Information Security will be hosting and coordinating a number of events to celebrate National Cyber Security Awareness Month:

October 1 - 31, 2013, on Twitter (@PennInfoSec)

31 Days of NCSAM tweets

Follow @PennInfoSec on Twitter throughout National Cyber Security Awareness Month for daily tweets (#NCSAM and #NCSAMPenn), or visit

October 1 - 31, 2013

NCSAM Posters Across Campus

Watch for posters (see "Penn Posters", below) across the Penn campus throughout October to remind and direct attention to NCSAM.

Thursday, October 10, 2013 - Noon - 1:30 pm, Bodek Lounge (Houston Hall)

Penn Employee Resource and Commuter Fair

As part of this annual event, staff members from both the Information Security and Privacy offices will be on hand to talk about security/privacy issues and answer questions - and maybe hand out some free stuff as well!

In addition, if you have data (paper or electronic) and/or old electronics (hard drives, monitors, TVs, etc) that need to be securely shredded or disposed of, there will be shredding trucks on hand at the Fair to do this at no charge!

Monday, October 14, 2013, 12:00 noon - Ben Franklin Room (Houston Hall 218)

Super Users Group

As part of the regular monthly meeting of Penn's Super User Group a presentation devoted to NCSAM issues and activities will be given by Penn Senior Information Security Specialist Melissa Muth.

Tuesday, October 15, 2013 - 8:30 am - 4:30 pm, 3401 Walnut St., Suite 230A

Webcast: University of Michigan "SUMIT_2013"

Penn will host a group viewing of this day-long event taking place at the University of Michigan in Ann Arbor. Speakers and topics will include:

  • Dawn Isabel & Jason Haddix , Hewlett-Packard: "Smartphones"
  • Anthony Bonkoski, University of Michigan: "IPMI"
  • Nate Anderson, Ars Technica: "Your Computer, the Spy: The Uses (and Abuses) of Remote Access Tools"
  • Jonathan Mayer, Stanford University: "Terms of Abuse"
  • Matt Bing, Arbor Networks: "Fort Disco"
  • David Schuetz, Intrepidus Group: "Protecting Data in iOS Devices"
  • Martin Fisher, WellStar Health System: "Defense In Depth"
  • Denis Foo Kune, University of Michigan: "Medical Devices: Electromagnetic Interference on Analog Sensors""

For schedule and more details, visit:

Thursday, October 31, 2013 - 10:00 am - 12:00 Noon, Woodland Walk & 34th Street

Security "Walk the Walk"

Information Security staff members will be cruising Levy Park interacting with the Penn Community - food, security materials, trivia and more.

Thursday, October 31, 2013 - 2:00pm, Bits & Pieces Room (306 Sansom West)


Led by Penn Senior Information Security Specialist Harry Hoffman, the bi-monthly meeting of the Information Security Special Interest Group (Security-SIG) will be devoted to a broad range of presentations and discussion revolving around National Cyber Security Awareness Month.

Additional UPENN Resources

Penn Posters

Your Readiness is Our Success

Your Readiness is Our Success

Download (11 x 17 in, 50mb, TIF)
Download (8.5 x 11 in, 25mb, TIF)

The term "cloud" as a computing service has now made it well past the IT community and into common parlance. Some are starting to recognize cloud services for their energy efficiency potential. Some are noticing cloud computing's potential to unlock new markets in developing countries. Most of us, though, are seeing cloud computing as simply making our lives easier - offering access from anywhere, large storage capacity, more computing power, and less to maintain.

This all makes cloud computing sound like very good news. And it mostly is. But please be cautious about the following:

  1. Cloud computing is not the solution for everything. Indeed, cloud services should usually be avoided if sensitive information or regulated information is involved and you are signing up through a consumer, or "click through" agreement rather than through a Penn negotiated service. See Penn's Cloud Computing Guidance.
  2. Not all cloud services are alike. Many cloud providers do not offer strong security, privacy, or other protections under their standard consumer agreement. Penn has negotiated much more protective agreements with:

    and there are more to come under Penn's trusted portfolio of cloud vendors. Take advantage of these services to enjoy the benefits and greatly cut down on the risks.

  3. Smart practices still depend on you. Whatever service you are using, don't forget about the important role you play in keeping data private and secure. For example, if confidential data is involved, only access services from secure devices and use secure connections. If accessing via smartphones or tablets, review and implement Penn's Top 10 Tips for Securing Your Smartphone or Tablets. Consider the security of your device and whether to enable or disable data downloads from the cloud.

They Want What You've Got. Don't Give It To Them

They Want What You've Got. Don't Give It To Them

Download (11 x 17 in, 50mb, TIF)
Download (8.5 x 11 in, 25mb, TIF)

"Phishing" refers to fraudulent e-mails that appear to be legitimate messages from Penn or an outside institution. Phishing e-mails ask you for your user-name, password, credit card numbers, or other sensitive information, or direct you to a website, in hopes of capturing your credentials.

Recently we have seen a rise in phishing attacks and other scams intended to capture sensitive information and/or distribute malware. The University of Pennsylvania is also seeing an increase in targeted phishing attacks.

Below are some tips to help you identify these scams and avoid disclosing personal or private information:

  1. No organization at Penn will ever ask you for your username and password via e-mail. If you get an e-mail asking for this information, assume it is a scam and do not respond.
  2. Always check the "FROM" address of a message that solicits information or prompts you to login, to see if it originated from a foreign or otherwise illogical address. For example, the latest round of Penn-directed phishing attacks came from a sender whose address ended in "" ("de" is Germany).
  3. Double-check the URL of any websites you are being told to click on in e-mail messages, especially if once directed there, you are asked to login. We recommend typing any URLs directly in to your browser rather than clicking on links. On a related note, be suspicious of URLs that take you to locations that don't make sense (such as a website that claims to be associated with Penn, but ends in .com, .org, .net, etc.)
  4. The Office of Information Security attempts to catalogue Penn-specific phishing attempts at This list can help you quickly and confidently identify a scam. When in doubt, don't respond to the e-mail - instead, contact your Local Support Provider (LSP) for assistance.
  5. If you believe you have mistakenly clicked on a link or otherwise disclosed private information in a phishing attack, immediately change your e-mail and PennKey passwords, contact your LSP, and notify Penn's Information Security office by e-mailing

Who's Your Guru?

Who's Your Guru?

Download (11 x 17 in, 50mb, TIF)
Download (8.5 x 11 in, 25mb, TIF)

Your "guru" is your Local Support Provider, and that person (or in some cases, group) is the one to help you with all aspects of your IT life!

Get to know your Local Support Provider (LSP) today.

For more information see:

Something You Have. Something You Know.

Something You Have. Something You Know. (Two-factor Authentication)

Download (11 x 17 in, 50mb, TIF)
Download (8.5 x 11 in, 25mb, TIF)

Your PennKey username and password are required to access many of the University's electronic services, and are therefore often the most important credentials you'll have while at Penn.Now there's a new way to protect the security of your PennKey, by using both your password and a code generated on your smartphone.

Here's how it works:

Once you've enrolled in the pilot for two-step verification:

  1. You enter your PennKey and password as usual.
  2. When prompted, enter a code from your phone or other device.
  3. Make your browser trusted (optional). If no one else uses that browser, you only need to enter a code every 30 days.

For more information on this optional, easy-to-use security service, please talk to your Local Support Provider or visit here:

Posters: Stop. Think. Connect

Stop.Think.Connect poster Stop.Think.Connect - Backup poster

Stop.Think.Connect - Online Citizen poster Stop.Think.Connect - Online Presence poster

Stop.Think.Connect - Passwords poster

  • Download "Stop.Think.Connect" posters!! (click on images to download)
  • The School of Arts & Sciences has a website dedicated to NCSAM and securing PII here

Other NCSAM Resources

Last updated: Thursday, October 3, 2013

Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania