Zuckerman Institute Research Computing: Computer and Data Security
Protect Your Research Data!
We strongly recommend being aware of and implementing the following security best practices, in order of importance: |
1. Keep an Offline Backup of Your Active Data. Archive data that is no longer actively used.
Create a backup of data, and make sure that backup is not connected to your computer. Contact us atĀ support@zi.columbia.eduĀ to discuss options for selecting the best backup option for your file servers, desktops and laptops.
Archiving old data not only removes it out of reach of hackers, but also frees up space on the primary storage and speeds up backups of your primary data.
Replication (syncing) solutions do not protect against ransomware.Ā Ransomware is a type of malicious software that perpetually blocks access to data unless a ransom is paid. If your data gets encrypted, syncing will replicate the encryption across to the destination device. Tape backup is the only data protection technology that protects your data against ransomware.
2. Be aware: There are No Firewalls for Columbia's Manhattanville and Morningside campus network
The Jerome L. Greene Science Center (JLGSC)Ā network is part of Columbia's Manhattanville/Morningside (aka downtown) campus network. The campus network here is configured differently than at CUMC. In general, when you plug your computer with an Ethernet cable into a network jack in the wall (Columbia's wired network), your computer will be assigned a public IP address. Public IP addresses are visible and reachable by the entire world.
3. Use the Wired Network or, if Using Wi-Fi, Use Columbia's Secure Wi-Fi Network
If using a wireless network (Wi-Fi), use the network called "Columbia U Secure". It requires UNI authentication and is encrypted. The "Columbia University" network is wide open and anyone can connect to it.
Instructions on how to connect to the "Columbia U Secure" network:Ā CUIT Wireless NetworkĀ (and then see "Secure Wireless" section).
4. Install Anti-Malware/Anti-Virus Software
The Institute provides free access to anti-malware called Malwarebytes for MacOS and Windows. Contact support@zi.columbia.edu for details.
(Another solution is Avira free antivirus software.Ā You can also purchase a premium version.)
5. Install All Security Updates
Install all security updates (patches) for your computer. Do not wait. When your operating system and application software releases new security updates, install them immediately.
6. Use Strong Passwords That are Hard to Guess
Don't store passwords in an Excel sheet or a web browser, instead use a password manager likeĀ KeePassĀ (Windows),Ā KeePassXĀ (Mac/Linux) or other.
7. Disable Remote Assistance, Remote Desktop, Secure Shell (SSH), VNC
...and any other remote access if you do not need to manage your computer remotely. If you really need to manage your computer remotely, do the following:
1) If your computer has a public IP address, you should firewall it, connect to the Columbia University VPN, and then use the remote desktop to connect to your computer.
2) If your computer has a private IP, it is already unreachable from the Internet. You can connect to the Columbia University VPN and then use the remote desktop to connect to your computer.
8. Consider Switching Your Computer from Public to a Private or Controlled IP Address
The Zuckerman Institute in JLGSC has private or controlled IP addresses available for use. Computers using these options cannot be seen or accessed from outside of the University network.
They can still be accessed through the Virtual Private Network (VPN) connection.
To request a private or controlled IP address for your computer please send email to support@zi.columbia.edu.
9. Configure a Firewall on All Devices
Most computers, NAS devices and printers have a firewall that can be configured to protect the device. If your computer/NAS/printer is using a public IP address you should configure it with a firewall.
10. Create Separate System Accounts for Users and Do Not Share Logins
If you must share an account on a computer, for example on an instrument PC, then after you are done using the computer, disconnect your Engram network storage shares and log out from the computer.
Also see CUIT's Security and Privacy page.
Ā
Please contact IT Ops and Research Computing at support@zi.columbia.edu so we can help you to secure your computing environment. |