The Internet exposes your computer to dangers from every corner of the globe. Learn what you can do to protect yourself and Stanford from these threats and to safeguard all of our information resources.
Latest Security Announcements
New Risk Classifications and Minimum Security Standards
- New Risk Classifications are now in effect
- Minimum Security Standards
Endpoint encryption initiative links
- August 5, 2014 letter regarding encrypting employee laptop and desktop computers
- Recommended backup service: CrashPlan PROe (provided by IT Services)
- Stanford Device Enrollment questionnaire (aka Device Identification Application) and screenshots
- Whole Disk Encryption
- Self encryption instructions
- Request Temporary Security Exception
- February 13, 2014 Endpoint Compliance memo
- Properties Retrieved by BigFix
Windows XP
- 292 users still running Windows XP after its end-of-life date
- Computers on campus still running Windows XP
See the General Security Announcements page for more details.
If you've just come from watching our security awareness video, you can find follow-up information on the welcome page.
Attackers scan computers accessible to the Internet approximately one million times/day in order to break into them. As an open research and education organization connected to the Internet, Stanford's network is accessible to almost anyone, including attackers.
If your computer is not properly secured or has weak passwords, attackers can:
- Delete, change, and/or steal your data
- Install spyware to monitor your keypresses, emails, IMs, or anything else (sometimes even microphone and camera)
- Use your computer as part of a 'botnet' to recruit other compromised computers and perform mischief like sending spam or attacking other computers (making you look like the attacker)
- Steal enough information to impersonate you for fun or profit (i.e., identity theft)
The front line defenses include:
- Strong passwords
- Proper security configuration(s) on your computer
- All security updates for your computer
The steps below will help you have a safe and happy computing experience at Stanford.
The Three A's of Computer Security
Awareness
- Time-Sensitive Security Alerts
- General Security Announcements
- Communications from Senior University Management
- Computer Security FAQ
- Computer Security Myths
- Phishing: How hackers use social engineering to get your data
- About harassing emails
- Security training
- Advanced: Formal Stanford Policies
- Advanced: Other Security Policies
Analysis
Action
- Set a strong password
- BigFix: Configuration and Patch Management
- Bit9: Application Control
- Duo: Two-Step Authentication
- Securing your desktop
- Securing your smart phone and tablet
- Essential Stanford Software (antivirus, patch management, and so on)
- Whole Disk Encryption
- Endpoint Compliance Requirements
- Third Party Security Requirements
- International Travel: ISO Recommendations
- Secure email
- Requirements for Email servers and clients at Stanford
- OSSEC: File Integrity Monitoring
- Qualys Network and Web Application Vulnerability Scanner
- Splunk Operational Intelligence
- Computer equipment transfer and disposal guidelines
- More services from University IT