Security

What are viruses, worms and Trojan Horses?

There are security terms that you should know. Go to the page linked above to learn what they are.

Two Factor Authentication

NC State students must be enrolled in 2-factor authentication to secure their accounts. The common factors associated with authentications are

  • What you know (passwords, security questions, pins)
  • What you have (phones, 2FA keys, photo IDs)
  • What you are (biometrics)

For all Shibboleth logins, the university uses “Duo” for 2FA.  With “Duo”, you have the option to input a passkey on a trusted device every 30 days, or enable push notifications to your mobile device. Get started with Duo.

For your NC State Google account, the university recommends “Google 2-Step Authentication.”  This system allows you to create a list of trusted devices to automatically log in, or send push notifications to your mobile device. Visit OIT’s “Two-Factor Authentication” page for more information.

DUO mobile is the recommended 2FA app on campus; for help on how to setup or re-install the app, please consult the OIT knowledge base articles:

  1. How do I enroll in Duo 2-Factor Authentication?
  2. Reactivate the Duo Mobile App

If you are ever in a position where you receive a Duo push notification when you have not requested one, change your password immediately and ensure that no other account uses that old password!

Securing your Device

Any security and compliance exemptions must be filed via the IT Exemption Request.

General Prevention Behavior1

  • Run updated software from trusted sources
  • Be wary of removable media from untrusted sources
    • Use blocklists like Google Safe Browsing
  • Avoid common platforms (Controversial)
  • This is helpful but not guaranteed to prevent infection

Notice: We could say “avoid sketchy places on the web, but plenty of legitimate websites get compromised and serve browser exploits that download and execute malicious code. NBC got hit some years ago; you could get malware reading the news.

Protecting Yourself from Malware

The most common way malware will enter your computer is phishing, followed by infected USB sticks and bundled with other software. You can learn about phishing here.

You must take the necessary steps to protect yourself from malware. This not only prevents its spread through campus networks but also safeguards your valuable data.2

Anti-Virus Programs

An anti-virus program is designed to protect your computer from possible virus infections. Virus protection programs search for, detect, and attempt to remove these viruses. Antivirus programs must be kept up-to-date in order for them to provide adequate protection. New viruses are being created every day and your antivirus program can’t always predict what they will be able to do or how they will work.

Requirements

University Policy requires the use of an approved antivirus product for all Windows and Macintosh computers connected to the NC State network. For further details on the policy please see the University’s Antivirus Software Requirements. OIT offers a list of anti-virus software approved by NC State Requirements.

Note: anyone found to be in violation of this policy can have their computer blocked from accessing the network and could face other disciplinary actions.

How to protect yourself from viruses

For Windows users, enable Windows Defender (or any other anti-virus from the approved list) and keep up to date with security updates for your operating system and programs. When it comes to attachments, avoid opening unrecognized attachments, especially those that do not come through a mail provider that screens for malware (NCSU’s gmail screens attachments for malware, though this is not a guarantee). By avoiding these types of files, you can significantly reduce the chances of getting a virus. For more information on setting up your e-mail to avoid viruses, spam, etc. see the “NCSU E-mail” tab in Chapter 1.

Before running a download from an unknown site, or opening an e-mail attachment, always be sure to scan it to ensure that it is not infected. If you do not know the source of a file, do not open it. If you know the person who sent you a file, but were not expecting it, you may want to contact them before opening it. Many viruses automatically send themselves out to addresses found in files on an infected computer.

Updating Your Computer OS

Every computer has a piece of software called an Operating System, or OS, that controls the internal hardware of the computer. The developers of these OS’s are constantly releasing updates and patches for their software to protect against new threats that may exploit vulnerabilities in their product. In addition you will also be able to download updates to major software components that accompany your OS.

Major OS developers have built in automatic updating software to keep the user from having to manually check for updates for their computer. Your responsibility is to make sure this is enabled on your system. While it is easy to enable automatic updates for your computer, it is also important that you occasionally perform a manual check to make sure your system is staying up-to-date. Many times viruses and spyware will attempt to disable automatic updates to further exploit your system.

For MacOS or Linux users, this means keeping their operating system and programs updated with security updates and not opening programs or files from unidentified developers. On macOS, you will be given a pop-up letting you know if a program comes from a developer Apple does not recognize. Though this does not indicate maliciousness, we advise being cautious of actors who insist on opening programs from unknown developers.

Additionally, for Linux, you can use Flatpak to install your software with a sandbox between your machine and the program. You may also use an atomic operating system like Fedora Silverblue, NixOS, or wrap unknown programs in a docker or podman container. If you run Linux, please keep your system up-to-date, do not run services you don’t use, and consider protecting your device with a firewall.

Security updates are key and also extend to your phones and tablets!

  1. Information in this sub-section from CSC 474 (Content Acknowledgements: William Enck, Brad Reaves, Micah Sherr, Nolen Scaife) ↩︎
  2. Much of this content written by Alex Nahapetyan, editing the previous version of textbook. Written June 2024. ↩︎