Skip to end of metadata
Go to start of metadata

IU maintains a secure computing environment requiring things like 15+ character passphrases and DUO 2-factor authentication.  There are also some additional security measures you can implement that are either required or recommended for everyone at the school.  This page provides details on how you can enable these security features.

Account Login Activity Monitoring

UITS manages login records for your account.  We encourage you to go to the Login Activity & Subscription Options Page and check out the options there.  If you are not frequently logging into IU systems from outside of the US we strongly recommend you enable this option:

  • Send emails for non-US logins - If you select 'Yes', you will receive notices when your account is logged in from a non-US location.

If you want to keep closer watch on all logins to your account, then you can enable this option:

  • Send Daily Emails - If you select 'Yes', you will receive daily notices about your login activity.

If you select either of these options, please do NOT select the option to CC departmental IT staff.

Email Encryption and Digital Signing

If you use the IU Exchange system, we recommend you set up the ability to send encrypted email as well as digitally signed email.  Note that digitally signed messages are NOT encrypted in any way but it does provide a way for the recipient to verify that the email was actually sent by you and not some spammer/imposter which might be the case in a phishing scam.  The Luddy School recommendations are as follows for all IU Exchange users:

  • Set up digital signing of all email you send as the default
  • If you must email sensitive data as part of your job, it MUST be encrypted.

The following pages describe the process of setting this up:

Secure Your Mobile Devices

Please see the KB page Mobile Device Security Standards for information about securing your mobile devices (phones, tablets, laptops) so you are in compliance with IU security policies.

SSH Key Security

If you use OpenSSH keys (common in the Linux environment) you should follow these guidelines:

  • Use key passphrases that meet the IU Passphrase Guidelines.
  • Limit the scope of access for any keys you add to your authorized_keys file as much as possible.  For example, you can proceed the key with from="*,*" to limit access to systems in those 2 domains.  You can also use the command= directive to limit to a specific command.
  • You are encouraged to avoid using password-less keys at all cost.  When you create your keypair, you can create a password-less key by just hitting enter at the passphrase prompt.  This allows anyone who gets your private key to have access without the need for a passphrase.  Granted, there are some very limited cases where this is needed for unattended ssh operations (eg. via cron) but in such cases you must use the from= or command= directives to limit the scope of this key.
  • Protect your private key as you would a password.  You will likely have your public key in various locations and authorized_keys files, but limit the distribution of your private key file as much as possible.  The private key should only be needed on the local system you are coming from and not remote systems you are logging into.

Understand Sensitive Institutional Data and Manage It Properly

One of the most important things you can do within the IU computing environment is understand what is, and isn't, sensitive institutional data and manage it properly.  Sensitive data is classified as detailed in the Classifications of Institutional Data document.  The classifications range from public information (eg. Names) to critical data (eg. Social Security Numbers, Health Information, etc).  Here are some good starting points for understanding this important issue:

  • No labels