Private sign by Dayne Topkin/Unsplash

Privacy & Security

Once you are connected to the Wolfson network, you must take extra precautions to ensure that your computer is secure, for your own protection and for that of others.

Private sign by Dayne Topkin/Unsplash

Data Network Privacy Policy

Wolfson College respects your privacy. We do not record anything except an IP address, MAC address and the amount of data usage. Once the traffic leaves Wolfson, the University records more details. You can read more about this on the UIS Privacy page.

Once you are connected to the Wolfson network, you must take extra precautions to ensure that your computer is secure. Compromised machines can severely disrupt the functioning of the College's network connection and can cause us significant cost, both in terms of the network traffic we are charged and the time we spend on identifying and fixing the problem. It is therefore the responsibility of everyone connecting a computer to the Wolfson network to actively and continuously take care of its secure configuration.

In addition to the security tips below, the Computing Service security pages also contain valuable information.

Network Use

Any service that you provide to others from your computer must be both legal and in furtherance of the aims of the College and University.

Do not run a server offering services to anyone outside the Cambridge University Data Network, unless you have received a written permission from an IT Officer. 'Server' in this context refers to distributed games servers, ftp, web, mail, news servers, peer-to-peer file sharing software and other programs that might attract network traffic from outside the University network. Avoid in particular peer-to-peer file-sharing programs, such as:

  • eDonkey, KaZaA, Aimster, Bearshare, Gnutella, Grokster, Hotline, LimeWire, Morpheus, ToadNode, Xolox, Direct Connect, BCDC, Swapper, Phex, AutoNap, Crapster, Duskter, WinMX, iMesh, etc.

These programs are of particular concern, as they are often used to download and redistribute copyright-infringing music and video.

Avoid large regular data transfers ('mirroring') from outside the network, unless it is really necessary for your academic work. Remember that some large software packages are made available locally for download by the Computing Service. In particular, their Unix Support mirrors most Linux distributions. Downloading from there not only costs the College nothing, it is also much faster. (More tips on installing Linux ...)

Use of streaming audio/video software, Internet telephony, Internet radio services, or the mbone in moderation.

Do not run any network scanning software. Scanning software is anything that attempts to contact a very large number of other addresses, or a large number of different network ports on the same address. 

Do not run any DHCP server or similar infrastructure services on the network.

Use of the Wolfson College Computer Network is monitored by the University and by the operators of connected larger networks.

Security updates
If you use Microsoft Windows, then run Microsoft Update at least once every week. Ideally, configure it to install all critical updates for you automatically.

Third-party applications can contain security vulnerabilities and therefore also need to be regularly updated.

You may also want to join your operating system vendor's security-announcements mailing list. This will keep you informed about the availability of new security updates for your system. More information is available from MicrosoftAppleopenSUSEUbuntuRed HatFedoraDebianFreeBSDOpenBSD.

Firewall

A firewall is a software that provides additional protection against malicious attempts to connect to your computer through the network. We highly recommend to activate the firewall that comes with your operating system. 

Virus scanner

On Microsoft operating systems, use a recent virus scanner. You can download a virus scanner for free from the Computing Service virus page. Make sure the scanner is configured to automatically update its virus database over the network. More information ...

Make sure you have at least the version shown on the above web page.

Dealing with a virus infection

If you suspect your computer is affected by a worm or virus 

  • disconnect instantly from the network
  • remove the virus
  • apply all necessary updates to the operating system and virus scanner.
  • shutdown and reboot Windows after you have removed a virus or installed a security update
  • reconnect  to the network.

In case of doubt, ask the IT Manager.

Encryption

With ethernet technology every computer can in principle see the full data traffic of every other computer on a network. It is therefore important that you avoid software that sends your password unencrypted over the network. In particular:

  • Avoid telnet to connect to your departmental machine. If possible, use one of the many available secure shell (ssh) programs instead. The commonly recommended one for Windows is putty, which you can download freely. This program, along with equivalent ones for other operating systems, is also on the Unix Support SSH CD that is available from Computing Service reception.
  • If you use Linux, you are likely to find the ssh command preinstalled already. If you use the imap protocol to retrieve your mail (such as when you use Microsoft Outlook), then activate the SSL encryption option to make sure nobody can steal your password. Change your passwords after you started using encryption.
Passwords

When you connect your computer to the network, it could be be used remotely. It is therefore extremely important that you protect access to your computer with a carefully chosen password: 

  • Use a random sequence of letters and digits.
  • Never use common dictionary words or the names of persons, pets, brands, bands, literary figures, etc.,
  • Never use anything related in an obvious way to your own person to form a password, such as your initials, email address or date of birth.
  • Make sure that every user account on your computer is protected by a strong password, especially any administrator or root account.
  • Never type your password on anyone else’s computer if there is the slightest chance that this computer might not be secure.
Laptop Theft
  • Please lock your room each time you leave, even if you only leave for a minute. Do not hesitate to report any suspicious activity you see to the porters.
  • A convenient way to protect laptops is a Kensington security cable, available from various computer stores in Cambridge.
Email
  • Do not install or execute programs and attachments that you have received unexpectedly via email.
  • Also be very suspicious about any warnings or technical instructions sent to you unexpectedly, as many of these may be hoaxes or attempts of fraud.