Security and Ethics

2-Factor Authentication

NC State students must enroll in 2-factor authentication (2FA) to secure their accounts. The common factors associated with authentications are

  • What you know (passwords, security questions, pins)
  • What you have (phones, 2FA keys, photo IDs)
  • What you are (biometrics)

For all Shibboleth logins, the university uses “Duo” for 2FA. Get started with Duo.

For your NC State Google account, the university recommends “Google 2-Step Authentication.”  This system allows you to create a list of trusted devices to automatically log in, or send push notifications to your mobile device.

DUO mobile is the recommended 2FA app on campus; see these articles for help on how to setup or re-install the app:

  1. How do I enroll in Duo 2-Factor Authentication?
  2. Reactivate the Duo Mobile App

If you receive a Duo push notification when you have not requested one, change your password immediately and ensure that no other account uses that old password!

Lecture Video: User Authentication and Security →

Learning Outcomes

Operate engineering software on personal and lab computers
Identify central tenets of professional and ethical use of computers
Send and receive e-mail and use other campus computing services

Chapter Learning Outcomes

  • Differentiate software distribution models such as shareware, proprietary software, freeware, and open source software.
  • Use multi-factor authentication (e.g., Duo) as part of secure access to university systems, and explain its role in protecting user data.
  • Explain how to back up files and the importance of backing up
  • Explain the importance of, and how to use, antivirus and spyware software
  • Explain the importance of regularly scheduling operating system updates
  • Summarize ethical and legal responsibilities related to software piracy and plagiarism, and explain their implications.

Securing your Device

General Prevention Behavior to Protect Your Computer1

  • Run updated software from trusted sources
  • Be wary of removable media from untrusted sources
    • Use blocklists like Google Safe Browsing
  • Avoid common platforms (controversial)
  • You must take the necessary steps to protect yourself from malware. This not only prevents its spread through campus networks but also safeguards your valuable data.2

Notice: We could say “avoid sketchy places on the web, but plenty of legitimate websites get compromised and serve browser exploits that download and execute malicious code. NBC got hit some years ago; you could get malware reading the news.

Anti-Virus Programs

Antivirus software helps protect your computer from viruses, malware, and other malicious programs. It scans files, detects threats, and tries to remove harmful software before it causes damage. Per University policy, you must have an approved antivirus product for your Windows or Mac computer, and you must keep it updated. See Antivirus Software Requirements. Here are some antivirus suggestions:

  • Windows: Windows Defender (and it comes with your computer automatically).
  • Mac: Macs also come with built-in protection, but it is a bit more hidden (you likely have XProtect).

If you aren’t sure if you have anti-virus protection, contact OIT.

Updating Your Computer’s Operating System (OS)

OS developers constantly release OS updates and patches to protect against new threats and vulnerabilities that may exploit vulnerabilities in their product. Updates also include major software components that are part of your OS installation.

You must ensure that your OS has automatic updates enabled. Besides automatic updates, you should occasionally manually check to make sure your system is up-to-date. Many times viruses and spyware will attempt to disable automatic updates to further exploit your system.

MacOS or Linux users should keep their operating system and programs updated with security updates and not open programs or files from unidentified developers. On Mac, you will be given a pop-up letting you know if a program comes from a developer Apple does not recognize. Though the program may not be malicious, you should be cautious of opening programs from unknown developers.

Check if your OS is up-to-date: Windows | Mac OS

Additionally, for Linux, you can use Flatpak to install your software with a sandbox between your machine and the program. You may also use an atomic operating system like Fedora Silverblue, NixOS, or wrap unknown programs in a docker or podman container. If you run Linux, please keep your system up-to-date, do not run services you don’t use, and consider protecting your device with a firewall.

Security updates are key and also extend to your phones and tablets!

Virtual Private Network (VPN)

If you’re off campus and need to access university systems, you may need to use the NC State VPN. Instructions are available at oit.ncsu.edu.

Instructions for installation and use of the Cisco AnyConnect SSL VPN client software are here: https://oit.ncsu.edu/campus-it/campus-data-network/vpn/.

Note: The use of VPN software may be illegal in certain countries and could subject the user to criminal prosecution. Always check local laws.

Exercises

  1. Describe one method of multi-factor authentication that you have experienced and discuss the pros and cons of using multi-factor authentication.
  2. How diligent are you in keeping your own information secure? Review the steps listed in the chapter and comment on your security status.
  3. How would we know if malicious spyware has been installed on our computers?
  4. Provide a specific example of something that would be considered what-you-know factor (i.e., inherence factor) for authentication purposes.

  1. Information in this sub-section from CSC 474 (Content Acknowledgements: William Enck, Brad Reaves, Micah Sherr, Nolen Scaife) ↩︎
  2. Much of this content written by Alex Nahapetyan, editing the previous version of textbook. Written June 2024. ↩︎