Skip to:Main Content

Washington and Lee University

Washington and Lee University
Information Technology Services

Security

Phishing

Beware of any e-mail purporting to be from Information Technology Services asking for your W&L password. Any such e-mail is “phishing”: an attempt to steal personal information. ITS staff will never ask you for your password, via email, phone, or any other means. Remember, your password is your secret.

Never respond to e-mails asking for your W&L password or other personal information, such as bank account or social security numbers. Instead, please forward such phishing attempts to spam@wlu.edu, and then delete the email.

Try this quiz to see how well you can identify a phishing attempt

Please protect yourself: 

  • If you disclosed your W&L password in response to a phishing email, change your password immediately
  • Never disclose your password to anyone. 
  • Your W&L password should not be used for any service outside the University.

E-mail and viruses

W&L uses constantly updated filters that eliminate most viruses. But newly hatched viruses sometimes slip through our system, so it's important to follow some important rules:

  • Be wary, as always, of any e-mails with attachments, especially those you aren't expecting. This includes e-mails from people you know, since many viruses can "spoof" the sender's e-mail address.
  • Be particularly suspicious of e-mail attachments with file extensions such as ".exe" and ".scr"
  • When you receive an e-mail attachment you are not expecting, delete it without opening the attachment.
  • Report spam (unwanted e-mail) to Digitar, a service that screens W&L's incoming e-mail, by forwarding the message to spam@wlu.edu

Students should be sure they have installed anti-virus software, and that the most current virus definitions have been added. Anti-virus software is automatically installed and configured on University-owned computers in labs, offices and other settings.

If you suspect that your computer is infected with a virus, contact the Information Desk (call x4357 or use Web Help Desk.

Recommended software

The University recommends the use of security-related software.

Spyware

Spyware (also known as Adware) can also hinder the proper functioning of your computer. It can also be used to sell your personal information without your knowledge. Here are some rules of thumb to help avoid infection:

  • Web browsing. Don't install software when prompted "Install and run this:..........."
  • If a website demands that you install a plugin, click no. Most sites will work without installed plugins. If it does require the plugin, judge how reputable the source is before installing. For instance, Adobe Acrobat and Macromedia Flash are both acceptable programs to install.
  • Close pop-ups and if prompted with choices, never click "Yes" or "Okay."

Passwords

Select a hard-to-guess password, and don't share it with anyone, including those who purport to represent W&L (see Phishing section, above). W&L network passwords must meet the following requirements. These requirements are enforced when passwords are changed or created:

  • May not contain the user's account name or parts of the user's full name that exceed two consecutive characters
  • Be at least eight characters in length
  • Contain characters from three of the following four categories:
    • Upper case characters (A through Z)
    • Lowercase characters (a through z)
    • Numbers (0 through 9)
    • Non-alphabetic characters (for example, !, $, #, %) 

You can use mnemonics to create a password that meets those requirements, and is still easy to remember. Try song lyrics, rhymes or common expressions. For instance, the nursery rhyme "Mary had a little lamb, her fleece was white as snow..."  with the addition of some additional characters, could yield the password:

Mhallhfwwas&52

If your password becomes known to anyone, change it immediately. Your W&L network password should be different from any other password you use.

Identity theft

If you follow the guidelines on this page, you'll help to avoid identity theft. This resource from the Federal Trade commission explains identity theft, and what to do if your identity is stolen:

Data security on smart phones

Certain types of advanced cell phones, such as Blackberries, iPhones and phones using the Windows Mobile operating system, can be configured to automatically retrieve e-mail and other data from W&L's Exchange (Outlook)  server. When the devices are configured in this way, ITS enforces minimum security settings to protect potentially sensitive University data stored on the devices:

  • A password must be used to secure access to the phone, at least four characters in length
  • After seven failed attempts to enter a password, data on the device is erased
  • After a period of inactivity on the device (can vary from 15 minutes to an hour, depending on the device), a password must be re-entered in order to access the device

These settings may function somewhat differently than described here, depending on the device. If you are a W&L faculty or staff member and would like to configure your smart phone to automatically retrieve e-mail and other data from your Exchange/Outlook account, please contact W&L's Telecommunications Manager at dcamper@wlu.edu

Firewall policy, inbound network traffic

ITS operates a "default deny" inbound perimeter firewall as the first level of defense against security threats to the University's network and IT resources. Outbound traffic is "default allow." This means inbound computer traffic from off-campus is blocked - unless the communication originated from a computer on campus or unless there is an exception to allow the traffic.

Additionally, there are firewalls dividing the interior network into separate zones based on the role of the IT resources within each zone. For example, web servers have distinct and separate roles from database servers.

If you have an academic or work-related reason for un-blocking a specific computer port, please request an exception by completing a Web Help Desk request; go to https://helpdesk.wlu.edu and select request type "Network" then "Incoming Firewall Exception."

Other resources on safe computing