[auton-users] Data Security

Wed Oct 20 17:40:42 EDT 2010

Lab,

This mail is coming as a reminder of some basic security principles that 
you all should follow.  Remember that the lab works on a variety of 
projects from many different sponsors, and that security of the data 
that we are entrusted with is an important concern for all of us.

Please keep the following in mind at all times when using a computer 
that contains or has access to any project data.

1) Keep a secure password on ALL ACCOUNTS at all times.  Server 
accounts, local laptop accounts, etc.  
http://www.lockdown.co.uk/?pg=password_guide .  Look at this guide.  If 
you password sucks, change it NOW.  Don't wait!

2) Never enable any file sharing or guest accounts on your workstation 
or laptop.  If you think need to do this, _ Please run it by me first _.

3) Limit physical access to the computer whenever possible.  Lock your 
office.  Don't let your fathers, brothers, nephews, cousins, or 
roommates*, use the computer or laptop you use for work.  Their 
computing habits (like browsing for free lolcat or Jessica Alba screen 
savers online) could put your computer at risk for keyloggers, trojan 
horse viruses, or spyware - all of which could compromise the data on 
your machine or release it to a 3rd party.

3b) Don't visit seedy sites yourself using the computer you use for work 
(for the same reasons above).  If you think that the site you are 
thinking of right now could be seedy, it probably is!  Are you pirating 
any good software or movies lately?  Don't go there on a computer with 
sensitive data on it.

4) For personal machines, and laptops, be sure to have a firewall 
running on your machine at all times.  This is very important when you 
join untrusted networks such as CMU's wireless network (no, we don't 
trust a network with thousands of mobile and/or untraceable computers on 
it), or the network at any airport or coffee shop.

5) Run anti-virus software (Windows machines especially)

6) Keep your computer up to date with security updates from Microsoft, 
Apple, Ubuntu, Adobe, etc.

7) On Laptops, boot time encryption such as TrueCrypt, or MacOS 
FileVault is _ highly recommended _.  This guards your personal data and 
your identity, not to mention any sensitive data files if the computer 
is stolen, misplaced, or lost in transit.  If you want to secure your 
laptop, and are concerned that you might mess something up, it's ok.  
I'll gladly set this up for you, even on your personal laptop.

If you need to share or transmit sensitive data inside the lab and have 
any question on how to do this, please don't hesitate to contact me.

Additionally, if you need to send (or receive) sensitive data outside 
the lab, do not send it by Email.  We have various other ways of doing 
this securely.  We should be accepting sensitive data from sponsors by 
Email.  We have a both a secure FTP server, and a secure HTTPS file 
transfer for this.

Thanks for your time.  Please contact me with any questions.

Mike

* From #3, in all seriousness, I think it is wise to include former 
roommates, as well.