Skip to main content

For UNC School of Medicine Faculty, Staff, and Students.

Computer Security Incidents

Copyright Infringement

Email Security

Junkmail Filter

Spyware

Protecting Sensitive Information

Security Software

Acceptable Use

Wireless Security

Computer Security Incidents

What is a computer security incident?

A computer security incident is an instance where a computer has been used as a tool to perform an act that violates UNC School of Medicine policy or the law. Examples include account compromises, cracking/hacking, and port scanning.

What can I do if I think my account has been compromised?

Notify the Office of Information Systems at (919) 966-1325. Change all of your passwords IMMEDIATELY. Please keep notes and report any unusual behavior or contact.

What activities constitute cracking (commonly known as hacking)?

Cracking includes breaking into computers or computer systems without authorization and copying, altering, deleting or destroying files or existing data or to the system. These activities are illegal under the North Carolina Computer Crimes Statutes and may constitute a felony.

What if someone is port scanning my machine?

If you detect that someone has attempted to access, probe, or “break into” a computer without authorization, please send the logs of the access attempts to sominfosec@listserv.med.unc.edu.

For assistance in obtaining the logs call the OIS Help Desk at 966-1325. Once the information is received, an email will be sent to the authorized contacts and/or ISP from which the attack originated.

[top]

Copyright Infringement

What is copyright infringement?

A copyright infringement is when you download, store, use, copy, and/or share something created by someone else without the permission from the person or entity who created it. Violating a copyright is against UNC policy and Federal/State law. Title 17, Chapter 12, Section 1202, of the United States Code and the DMCA (Digital Millennium Copyright Act) of 1998 criminalizes and heightens the penalties for copyright infringement on the Internet.

For more information on UNC’s copyright policies, see http://www.lib.unc.edu/copyright/policies.html

[top]

Email Security

What do I do when I receive spam and what can be done about it?

Do not retaliate against senders of chain mail or unsolicited mailings. This will only aggravate the situation and complicate your position by making you a party to the policy violation.

UNC School of Medicine actively filters for spam on our email systems. In 2006, OIS’ email systems blocked an average of 200,000 spam messages per day. To set up additional filters on your local mail (for spam or organizational purposes), see http://www.med.unc.edu/help/site/pubs/faqpubs/emailfilter.htm

How do I send sensitive or confidential email to recipients outside the School of Medicine or UNC Health Care System?

Tumbleweed is a software system used to protect outgoing confidential email messages leaving the School of Medicine network. More information: http://help.med.unc.edu/pubs/faqpubs/tumbleweed.htm

[top]

Junkmail Filter

OIS Recommends that you use a local junkmail filter in addition to the server SPAM filtering provided by OIS. Mozilla Thunderbird provides an excellent junkmail filter and other email programs have similar features.

[top]

Spyware

It is recommended that you use an anti-spyware program such as Spybot Search & Destroy to protect your computer against spyware infections. Similar to an anti-virus program, you will need to update the definitions of these programs to maintain their efficacy.

[top]

Protecting Sensitive Information

What is encryption?

Encryption is the process of obscuring information to make it unreadable without special knowledge. There are many legitimate uses for encryption (e.g., sensitive data on mobile devices should be encrypted). However, use of encryption tools for purposes of violating policy or law is prohibited.

What are your responsibilities for protecting sensitive information as required by HIPAA?

The UNC School of Medicine is designated as an “affiliated covered entity” for HIPAA purposes as one entity that comprises the UNC Health Care System. As such, we are obligated to safeguard individually identifiable health information (Protected Health Information or PHI) against disclosure or use by unauthorized individuals. The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its accompanying regulation (HIPAA) have specific requirements regarding policies and procedures relating to patients’ rights with respect to their PHI. More information: http://intranet.unchealthcare.org/site/w3/policies/UNCHCpolicies_pdf/p19.pdf

[top]

Security Software

How can I protect myself from a virus?

You must have antivirus software. Symantec Antivirus is available free for all UNC students and faculty. To download Symantec, go to http://help.med.unc.edu/pubs/downloads.htm

How do I clean my system if it’s infected?

Please contact the OIS Help Desk at 966-1325.

Am I allowed to experiment with security-related software using School of Medicine resources?

UNC School of Medicine’s Office of Information Systems (OIS) promotes campus-wide network security and coordinates response to security incidents. This includes working with local supporters, computer users and our Internet Service Provider to protect the school from network intrusions, denial of service attacks and other unauthorized or inappropriate activities that impair network access and use.

Under no circumstance shall security-related software tools be experimented with using UNC School of Medicine resources, including the network. Doing so may impair network access or cause problems for the entire campus community.

[top]

Acceptable Use

Can I let a friend use my School of Medicine account password?

It is against school policy and HIPAA regulations to use another’s account. Failure to comply may result in suspension of the UserID or other action as outlined in policy or federal/state law.

Are there any rules about peer-to-peer sharing?

Peer-to-Peer file sharing programs come in many flavors and are used for a wide range of purposes, from legitimate sharing of academic information to illegitimate sharing of copyrighted music and movies. Any workstation connected to the School of Medicine network must comply with the UNC Health Care System Information Security Policy Peer to Peer-Attachment 2, which prohibits the use of Peer to Peer applications unless specifically approved by the School of Medicine Information Security Officer. More information: http://www.med.unc.edu/hipaa/uncpolicies.htm

Can I use my own router, hub, or switch on campus?

These and other devices allow multiple computers to connect to a network jack. They are not allowed to be used on campus, and ITS will disable any unauthorized devices that are found to be disrupting network service. More information about acceptable use: http://www.unc.edu/policy/aupol.htm

[top]

Wireless Security

Before you use your computer at the local coffee shop or any public Wi-Fi hot spot, be aware that your transmissions are being sent over the Wi-Fi network “in the clear” (which means a hacker can capture that information). Connections to the School of Medicine network from public unencrypted wireless networks *MUST* use an alternate means of end-to-end encryption such as Virtual Private Network (VPN) or Secure Socket Layer (SSL). For questions regarding VPN or SSL, please contact the OIS Help Desk at 966-1325.

Wireless connectivity is not offered everywhere on campus; wireless coverage maps can be found at http://help.unc.edu/?id=849

[top]