- What is a computer security incident?
- What can I do if I think my account has been compromised?
- What activities constitute cracking (commonly known as hacking)?
- What if someone is port scanning my machine?
- What do I do when I receive spam and what can be done about it?
- How do I send sensitive or confidential email to recipients outside the School of Medicine or UNC Health Care System?
- What is encryption?
- What are your responsibilities for protecting sensitive information as required by HIPAA?
- How can I protect myself from a virus?
- How do I clean my system if it’s infected?
- Am I allowed to experiment with security-related software using School of Medicine resources?
- Can I let a friend use my School of Medicine account password?
- Are there any rules about peer-to-peer sharing?
- Can I use my own router, hub, or switch on campus?
A computer security incident is an instance where a computer has been used as a tool to perform an act that violates UNC School of Medicine policy or the law. Examples include account compromises, cracking/hacking, and port scanning.
Notify the Office of Information Systems at (919) 966-1325. Change all of your passwords IMMEDIATELY. Please keep notes and report any unusual behavior or contact.
Cracking includes breaking into computers or computer systems without authorization and copying, altering, deleting or destroying files or existing data or to the system. These activities are illegal under the North Carolina Computer Crimes Statutes and may constitute a felony.
If you detect that someone has attempted to access, probe, or “break into” a computer without authorization, please send the logs of the access attempts to firstname.lastname@example.org.
For assistance in obtaining the logs call the OIS Help Desk at 966-1325. Once the information is received, an email will be sent to the authorized contacts and/or ISP from which the attack originated.
A copyright infringement is when you download, store, use, copy, and/or share something created by someone else without the permission from the person or entity who created it. Violating a copyright is against UNC policy and Federal/State law. Title 17, Chapter 12, Section 1202, of the United States Code and the DMCA (Digital Millennium Copyright Act) of 1998 criminalizes and heightens the penalties for copyright infringement on the Internet.
For more information on UNC’s copyright policies, see http://www.lib.unc.edu/copyright/policies.html
Do not retaliate against senders of chain mail or unsolicited mailings. This will only aggravate the situation and complicate your position by making you a party to the policy violation.
UNC School of Medicine actively filters for spam on our email systems. In 2006, OIS’ email systems blocked an average of 200,000 spam messages per day. To set up additional filters on your local mail (for spam or organizational purposes), see http://www.med.unc.edu/help/site/pubs/faqpubs/emailfilter.htm
How do I send sensitive or confidential email to recipients outside the School of Medicine or UNC Health Care System?
Tumbleweed is a software system used to protect outgoing confidential email messages leaving the School of Medicine network. More information: http://help.med.unc.edu/pubs/faqpubs/tumbleweed.htm
OIS Recommends that you use a local junkmail filter in addition to the server SPAM filtering provided by OIS. Mozilla Thunderbird provides an excellent junkmail filter and other email programs have similar features.
It is recommended that you use an anti-spyware program such as Spybot Search & Destroy to protect your computer against spyware infections. Similar to an anti-virus program, you will need to update the definitions of these programs to maintain their efficacy.
Encryption is the process of obscuring information to make it unreadable without special knowledge. There are many legitimate uses for encryption (e.g., sensitive data on mobile devices should be encrypted). However, use of encryption tools for purposes of violating policy or law is prohibited.
The UNC School of Medicine is designated as an “affiliated covered entity” for HIPAA purposes as one entity that comprises the UNC Health Care System. As such, we are obligated to safeguard individually identifiable health information (Protected Health Information or PHI) against disclosure or use by unauthorized individuals. The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its accompanying regulation (HIPAA) have specific requirements regarding policies and procedures relating to patients’ rights with respect to their PHI. More information: http://intranet.unchealthcare.org/site/w3/policies/UNCHCpolicies_pdf/p19.pdf
You must have antivirus software. Symantec Antivirus is available free for all UNC students and faculty. To download Symantec, go to http://help.med.unc.edu/pubs/downloads.htm
Please contact the OIS Help Desk at 966-1325.
UNC School of Medicine’s Office of Information Systems (OIS) promotes campus-wide network security and coordinates response to security incidents. This includes working with local supporters, computer users and our Internet Service Provider to protect the school from network intrusions, denial of service attacks and other unauthorized or inappropriate activities that impair network access and use.
Under no circumstance shall security-related software tools be experimented with using UNC School of Medicine resources, including the network. Doing so may impair network access or cause problems for the entire campus community.
It is against school policy and HIPAA regulations to use another’s account. Failure to comply may result in suspension of the UserID or other action as outlined in policy or federal/state law.
Peer-to-Peer file sharing programs come in many flavors and are used for a wide range of purposes, from legitimate sharing of academic information to illegitimate sharing of copyrighted music and movies. Any workstation connected to the School of Medicine network must comply with the UNC Health Care System Information Security Policy Peer to Peer-Attachment 2, which prohibits the use of Peer to Peer applications unless specifically approved by the School of Medicine Information Security Officer. More information: http://www.med.unc.edu/hipaa/uncpolicies.htm
These and other devices allow multiple computers to connect to a network jack. They are not allowed to be used on campus, and ITS will disable any unauthorized devices that are found to be disrupting network service. More information about acceptable use: http://www.unc.edu/policy/aupol.htm
Before you use your computer at the local coffee shop or any public Wi-Fi hot spot, be aware that your transmissions are being sent over the Wi-Fi network “in the clear” (which means a hacker can capture that information). Connections to the School of Medicine network from public unencrypted wireless networks *MUST* use an alternate means of end-to-end encryption such as Virtual Private Network (VPN) or Secure Socket Layer (SSL). For questions regarding VPN or SSL, please contact the OIS Help Desk at 966-1325.
Wireless connectivity is not offered everywhere on campus; wireless coverage maps can be found at http://help.unc.edu/?id=849