As an information security officer, Zach Jansen works week in, week out to protect the Calvin computer network from attacks by cyber-malefactors. In recognition of October as National Cybersecurity Awareness Month, Jansen shared his wisdom on viruses, phishing, spam and other internet snares. He also talked about keeping your computer safe.

What systems does Calvin already have in place to protect its network?

[photo here]

Zach Jansen, an information security officer with Calvin's information technology office.

We have anti-virus software installed on faculty and staff machines that are monitored by Calvin Information Technology, and we give that to students and require them to install it when they connect to ResNet (the high-speed ethernet service that connects dorms and apartments to the internet.) Another one that directly affects (the network) is the spam firewall that blocks spam and viruses in e-mail. Between 80 and 90 percent of e-mail is spam that we block. It just gets blocked at our border. Other systems that we have people probably aren’t so aware of. We run internal firewalls here that keep the malicious traffic off the internet from coming here. We also run intrusion detection systems which look for known attack patterns in the network.

Why do you have to update Calvin’s anti-virus software?

We update Symantec because the bad guys, in general, update their malware (malicious software) daily. They change it so that the old signatures Symantec was looking for are no longer valid … It’s a bit of an arms race, and it goes back and forth. So, we have to keep that up-to-date to be effective.

Do dangerous e-mails have shared characteristics?

They come through supposedly from the HelpDesk or another official entity asking you for your username and passphrase. They (phishing e-mails are a good example) want your username and password for some malicious purpose. … They’ll often claim a high sense of urgency. So, they’ll claim that your account will be cancelled in 24 hours if you don’t respond … When someone is asking you for your username and password,  that should set off a red flag right there. Poor spelling and grammar is another one … I will say this: the IT department doesn’t need your password and will never ask you for it.

What are spyware and adware?

Spyware and adware are simply programs from companies that are not reputable companies … They install on your computer and monitor your activities in order to capture information about you and target ads to you or capture information about you such as usernames and passwords or banking information. A lot of times you’ll go to a Web site, and they will pop up a little box that looks very real, and it says, “Your computer is at risk,” and a lot of people download it … It’s very easy to click those and fall into that … That’s one of the pop-ups that we often see.  Once it’s installed on your computer it will look for things you’re looking for.

Why is a passphrase better than a password?

Mostly because it’s longer, and it’s easier to remember. Those would be the primary characteristics. The speed of computers doubles approximately every two years which means passwords that were effective a few years ago are trivial to crack now. We’ve countered this by moving to a longer passphrase. And there’s two methods to password cracking, and one is to use dictionaries and add permutations … The other method is the brute force method … to try every possible permutation of letters to crack the password. We want to make the password longer so that it becomes exponentially harder to crack the password.

What makes a passphrase safer?

It’s good to use different character sets, so having different numbers and letters in there helps. The best way is to increase the length of the password.

Why shouldn’t you share your password?

Your password is for you, so it identifies you as a unique user—so there’s that accountability there.  Sharing your password gives somebody else the ability to access your personal and confidential information, to use your account for malicious purposes and to access the college’s confidential information.

What are you five top cyber-safety tips?

1) Use a strong passphrase.
2) Never provide your passphrase to anyone. Not even IT.
3) Lock your computer with a screen saver passphrase.
4) Lock up your laptop to help prevent laptop theft.
5) Be wary of links sent in emails.

If you’re not sure about something, contact the HelpDesk.  We have people here in CIT that have a good understanding of the common threats and how they play out.