January 2009

Security Safeguards Review
You may ask "Why should I bother ? I don't have anything important to protect."

Answer: To protect your account from being hijacked allowing the hijacker to send inappropriate emails.
A hijacker might send emails from your account and many other accounts simultaneously thereby overloading the target site's servers.

This is the way CCIL was attacked in December 2008.

Lax security in one account can be enough to crash CCIL or some one else's site.

1. Protect your password


• Use a secure password. We issue an initial password that is a combination of eight UPPERCASE letters, lowercase letters, and numbers.
  If you change your password, then create a new one that is also a combination of eight UPPERCASE letters, lowercase letters, and numbers.
  
  Or you can use an online password generator such as,  [Click here to view an online password generator]
  
  
• Do not use a proper name (e.g. Joe) or any word that appears in the dictionary as these are far too easily cracked.
(Our system should reject a password like this but currently does not.)


• Solicitation of your password will never occur. CCIL will never send you an unsolicited email asking for your password.
  We will never ask for various contact information that includes your password.  [A Help Desk note]
  
  CCIL users were targeted at least twice in the Fall of 2008 with these phishing emails.
  
  
2. Your non-password information
• If CCIL ever asks all users to verify/update their contact information then there will probably be a notice on our web page stating that we are asking our users to update their information.
• If we ever ask you individually to update your information you can email help@ccil.org to confirm that the request was from CCIL.




3. Use an anti-virus program
One program is AVG 8.0 from AVG Technologies USA, Inc.  [Click here to view the download site]
This is available free for personal use but be advised that AVG makes every effort to sell you (trick you into buying ?) an expanded version and/or other programs.

There are many anti-virus programs - you can search online to find others.


4. Acceptable Use Policy (simplified)
• Do not post anything on your personal web page that might trigger an attack on the entire CCIL site such as a DDOS attack.
• Do not send mass emails or emails addressed to a list of users with content that might trigger an attack on the CCIL site such as a DDOS attack.

CCIL experienced a DDOS attack in December 2008.


5. Operating system updates
• Either check for and install O/S updates as they become available or,
• better yet, set up automatic O/S updating.
For example, Mac O/S, Windows XP & Vista all offer automatic updating at no charge.

Contact us at help@ccil.org with any questions you may have.