Last Update:2024/07/10

Security

 Under construction

1. Basic Security Measures

Please keep the security issues in mind whenever you make use of the information services, on-campus or not. Here are several examples of the basic security measures which we can take by ourselves.

1. Apply Security Patches

When some potential or evident security risk of the operating system (OS) or application softwares, apply the patch programs provided by the software venders to fix the security vulnerability and to block the potential attack.

2. Introduce Anti-Malware Tools

It is one of the basic countermeasures for the security risks which we can take by ourselves to introduce the anti-malware tools. Tohoku University provides an anti-malware and total prevention tool for our members. For detail, please visit the website of Cyber Science Center.

3. Encryption

Any information traveling through the Internet is not protected as long as some countermeasure such as encryption is not implemented. Unprotected information can be seen by anyone including malicious attackers. It is very risky to communicate secret information through the Internet without any protection because the information is exposed to serious risk of eavesdropping.

You should pay attention to the communication protocol; websites which demand significant secret information, such as your ID and Password or other personal information, should implement the https protocol for encryption. Note that the http protocol does not implement encryption and every information is handled without any protection.

SRP’s login page implementing the HTTPS.

4. Verify the Identity

In the Internet, there is no guarantee that the communication partner of you is indeed the one who you intend, which means that there is always a potential risk that you may communicate with some “fake” one. Especially, you may send your secret information to a fake site without noticing that it is a fake, and it may cause a significant information-leakage incident. Before communicating, you should verify the other party’s identity by digital signatures and so on.

Verification of the server identification by digital signatures (SRP’s login page)

There are certificates which are issued by some untrusted authority or even the attacker. Do not trust such certificates.

5. Do NOT Carelessly Upload Significant Information

Information on the Internet can be seen by anyone. For example, it can cause a severe consequence to upload information to SNS in a careless manner, because the information may leak some significant information on your identity in a way that you do not intend.

6. Be Wary of Malicious Emails

Unfortunately in many cases cyberattack comes through the emails. We should be wary of suspicious emails, such as those with unknown sender or suspicious attachement files or URLs. The “targetted attack mails”, emails which disguise legitimate identities and have specific targets of the attack, are now of significant risk. You are strongly recommended to check not only the “From” header of the emails but the validity of the contents or digital signatures if possible.

It is better for us to keep in mind that the “From” header of the emails can be forged by the sender, and so the “From” header does not necessarily prove the identity of the sender.

7. USB Devices

The USB devices can be also a gateway of various malware attack. It is very risky to connect unknown or unidentified USB devices to your PC or tablet. On the other hand, the USB devices may cause a significant incident of iformation leakage, please certainly bring your USB devices with you when you leave PC rooms such as the ICL laboratories. It is a wise way to protect your devices by means of passwords, encryption and so forth in order to prevent information leakage incident.

8. Printers

Whenever you use the printers in PC rooms, you should certainly know through which printers you are going to print your documents, especially if you are going to print documents which include some significant secret information.

2. Contact

Whenever you are exposed at a risk of leakage of significant information such as ID and Passwords, or you find something suspicious about the information services, please contact the following addresses as soon as possible.

3. Other Remarks

  • The user accounts may be suspended by our system administrator for security reason, if suspicious behavior such as hijacking or other attack is detected, without notification to the users.
  • Do NOT use any software which is no longer supported (especially in the security issues) by the software venders. If you have to use such software due to some reason, you must use it by isolating your device from the network.
ページTOPへ戻る