Information Security

Answers

Do Macs need anti-virus software?

Macs are vulnerable to viruses and therefore need anti-virus and anti-malware software. McAfee antivirus software is available for free to all students, staff and faculty. 

How can I reduce the amount of spam emails I get?

Spam can be significantly reduced by using:

  • Our spam filtering
  • Our block/accept list to permanently block or accept specific email addresses
  • Setting up custom mail filters on your favourite email client

In addition, CCS has blocked attachments with certain file extensions to reduce the chances of spreading viruses via email. However, spammers are always finding new ways to bypass filters so it is very likely that some spam will make its way to your inbox.

How do I create a good password?

Information Security recommends using a password manager application to randomly generate and securely store unique passwords for all of your accounts and online identities.

When selecting your password, make sure it is:

  • Passwords should never be re-used. Always use a unique password for your University of Guelph account.
  • Hard to guess by someone else, but easy for you to remember so you don’t have to write it down
  • Not a word that can be found in the dictionary
  • Between 8 and 14 characters long
  • Changed regularly
  • A mix of characters from at least three of the following categories: capital letters, lower case letters, numbers and simple punctuation or special characters (e.g., $ ( ) ! + - _ . = { })
    •  Note that the following characters should not be used as they may be problematic for some applications: < > ‘ “ ; , @ \ % & `
How do I know if an email is a phishing scam?

If you have received an email that seems suspicious, read through the information on our web page outlining how to recognize a phishing scam. You can also check our listing of the most recent scams and phishing attempts.  

If you think you may have a received a phishing email:

  • Do not respond or open any links in the email until you have confirmed it is safe.
  • Never give your password to anyone.
How Does CCS Respond to Phishing Email Reports

Phishing emails are a reality in our current email landscape. The University of Guelph has made significant investments in technology to filter out these types of messages. On an average day, the University receives 3.8 million email messages. Of that number, 97% are automatically blocked and identified malicious.

However, attackers work tirelessly to circumvent our security controls, and no matter how much we invest, some phishing messages will get through. On a typical day, CCS receives many reports from clients like yourself.  We rely on these reports to help bolster our defenses and because we get so many of them, we have a standard way to address these reports. Not all actions will be necessary for all reports, but here are some of our standard responses:

  • Acknowledge the report and thank you for reporting it
  • Provide security awareness information as needed
  • Block future messages of this type for all users
  • Purge the message from all campus mailboxes to protect campus users
  • Update the “Recent Scams and Phishing” page to inform others 
  • Assess any additional risk posed by this message and investigate further

 

Due to the volume of phishing reports, we may not be able to provide a personalized response to all users when they submit a potential phishing message. However, we value every phishing report and appreciate your help in defending the University of Guelph from cyber attacks. 

Visit https://www.uoguelph.ca/ccs/phishing for more information.

Should I update my software?

Companies often release updates to improve security. Keeping your software up to date ensures hackers cannot exploit old vulnerabilities to steal your data. 

What do I do if I think my computer is infected with a virus?

To check for viruses, first run a scan with your anti-virus software.  If you do not have anti-virus software, the University of Guelph offers McAfee software for free.  If this does not clear up the problem, download MalwareBytes and run that scan.

If you continue to have problems, visit the CCS I.T. Help Desk on the first floor of the Library. 

What exactly is a Firewall and should I use it?

A firewall can either be a piece of software or hardware. Firewall software is used to determine what incoming traffic is allowed or needs to be blocked from your computer. In order for this to occur your firewall has to look at every piece of information that tries to enter or leave your computer. If a site is trying to contact your computer and is not recognized by your firewall it will be blocked. You can customize what sites you'd like to have blocked, allowed or filtered and what products are allowed to run, and for advanced users, what ports are open.

Windows 7 and Windows 8 computers have a built in firewall that is automatically enabled. It can be found in Control Panel -> Fire Wall.

What file types are blocked and cannot be uploaded or sent as attachments?

September 14, 2017

Beginning in August 2017, the Information Security team will be updating our mail filters to block additional potentially dangerous executable file types from reaching University mailboxes. We recognize that this may cause some disruption for email users, however we feel that the risk outweighs the end-user impact. 

Please note that if a file is blocked, the email will still be delivered and that attachment replaced with a text file with the following message "Dangerous file types are blocked for your protection. For any additional questions, please contact the administrator." If the file is required, please contact the CCS Help Centre for assistance (519) 824-4120 x58888 or 58888help@uoguelph.ca. 

Blocked Attachment File Types

File Extension to Be Blocked

File Type

Notes

.exe
.java
.mrc
.msi
.pif
.sys

Windows Executable
Java Source Code
IRC Script File
Windows Installer Package
Program Information File
Windows System File

 

Currently Blocked

.bat
.cmd
.dll
.dos
.js
.jse
.scr
.vb
.vbe
.vsmacros
.com
Batch file
Windows Command File
Windows Dynamic Link Library
MS DOS executable
JavaScript File
Jscript Encoded File
Windows Screensaver
Visual Basic File
Visual Basic Encoded Script
Visual Studio Binary
Microsoft Command

Currently Blocked
(As of August 17th 2017)

.ps1
.ps1xml
.ps2
.ps2xml
.psc1
.psc2
.msh1
.msh1xml
.msh2
.msh2xml
Powershell
Powershell
Powershell
Powershell
Powershell
Powershell
Powershell
Powershell
Powershell
Powershell
Currently Blocked
(As of August 31st 2017)
.ksh
.csh
.mshxml
.msp
.os2
.prg
.ws
.scf
.sct
Shell Script
Shell Script
MS Shell
Windows Installer Patch
System File or Shell Script
Program File
Windows Script
Windows Explorer Command
Windows Scriptlet
Currently Blocked (as of September 14th 2017)
What is encryption?

Encryption is the translation of data into a form that is unreadable to anyone without the decryption key. The intention is to ensure the data is kept private and hidden for anyone but the intended receiver with the key. Encryption is the most effective way to achieve data security, and encrypting your laptop and mobile devices is the most important step you can take to protect your personal information. 

 

View the Encryption FAQ here.

Where can I find help if I am having trouble with my laptop, phone or other device?

CCS provides central computing support to all members of the U of G community through a variety of help services, you may reach us through email, by phone, online or in person.

Contact us today!

Where can I get anti-virus software?

CCS licenses and distributes McAfee anti-virus software at no cost to all registered students, staff and faculty. When you install anti-virus software, you must also update the definition files or it may not detect new viruses.