Network Security

ITS has added an additional layer of antivirus protection for our on-campus users.  Network based antivirus looks at Internet traffic entering and leaving the campus network.  If a virus is detected while a file is being downloaded, the download will be blocked before the malicious file reaches the computer.

Things to consider

Network based antivirus will only detect viruses coming in and out of the BGSU network, so when a computer is used off-campus, it will not have this additional layer of protection.

The network based antivirus protection is not designed to replace host based antivirus software (Windows Defender, McAfee, Symantec etc) on your computer.  Each of these are separate layers of protection that supplement each other to provide greater overall security.

The BGSU Information Security Team periodically monitors the administrative network to identify vulnerabilities and risks. This helps protect the confidentiality, integrity, and availability of information systems necessary for the academic mission of BGSU. The following drop-down menus provide additional detail and information regarding secure administration of these services.

Securing SSH

What is SSH?

SSH is a secure network protocol that is used to create a secure connection between two systems. By default the service runs on TCP port 22 and provides encryption capability.

Unfortunately attackers on the Internet constantly scan for this service and when detected may focus more attention on this and other available services running on the system. As with other protocols vulnerabilities (weaknesses) are discovered that can allow attackers to compromise systems advertising the SSH service. Once compromised, these systems can be used for cyber criminal activity such as spam, identity theft & as botnets.

SSH can also be subject to "brute force" attacks. This continual process guesses usernames & passwords until access to the service is met. Although monitoring logs and adding additional layers of protection could help avoid these attacks they may go unnoticed. 

In April 2009 SANS reported a sharp rise in SSH server attacks and the importance of being vigilant regarding SSH services.

Recommendations to help secure the SSH service

  • Enable SSH service only when necessary.

  • Use strong usernames & passwords. Change them often.
    Reconfigure SSH to only use password protected SSH keys and not permit plain passwords.

  • Configure firewall to only allow necessary systems to connect to SSH service. This prevents strangers from brute force attacks.

  • Monitor SSH logs on regular basis to see who is trying to get in.

  • Disable root log-ins & limit user logins only necessary users.

  • Strongly recommended to disable SSH version 1 protocol. This protocol is older and less secure.

  • Move service from TCP port 22 to higher unused port. Although this relies more on obscurity than security, it may help deter SSH attacks.

Securing FTP

What is FTP?

FTP (File Transfer Protocol) is a network protocol for transferring files between a client and server. Unfortunately FTP is was not developed with security in mind and can reveal personal information and file contents to unauthorized users.  It is strongly recommended to examine other secure file transfer technologies that are available.

Security issues with FTP
  • Usernames and passwords are transferred in plaintext. These can be intercepted by unauthorized users.
  • FTP login screens can reveal server information versions and other information. This can lead to directed attacks to gain unauthorized access.
  • Anonymous logins can lead to information exposure and system compromises if not properly maintained, logged and periodically updated to address vulnerabilities.
Recommendations to secure FTP
  • If FTP is required, only enable when necessary & disable immediately after user.
  • Change banner message not to show FTP software version.
  • Disable anonymous user access.  Often attackers will look for this to hijack server.
  • Enable logging to determine account is being used as expected.
  • Enable Access Control Lists (ACL’s) if available
  • Set up FTP as “blind put.” This allows user only to place files if needed and does not display the file directory.
  • Enable disk quotas.
  • Enable logon time restrictions.
  • Restrict access by IP. This will greatly reduce exposure to unauthorized access.
  • Audit logon events.
  • Enable strong password requirement.
  • Enable account lockout and account lockout threshold.
  • Install SFTP – Secure FTP that applies encryption on messages between client and server.
  • Configure FTPS – FTP over SSL (Secure Sockets Layer)

Protecting your personal computer online means securing both your computer's internet connection and the internet browser you are using. 

Securing Your Internet Connection

To make sure your internet connection is secure, we suggest the following steps:

  1. Make sure your Firewall is setup. (Windows Computers) (Mac Computers)
  2. Know who provides the wireless you are connecting to. 
  3. Faculty and Staff connecting to a public network should consider using the VPN.

Securing Your Browser

Web browsers like Chrome, Firefox, Safari, Edge, etc., have all evolved to be very secure tools as long as you are using the most up-to-date version of the software. However, this security can be compromised through the use of third party add-ons, extensions, or tools. While these tools can provide enhanced functionality, only trusted tools should be used. Keep these tips in mind:

  • Avoid visiting un-trusted web sites and consider using the Web of Trust add-on to be sure. 
  • Keep your operating system and browser up to date.
  • Avoid installing any third party add-ons or extensions unless you are sure they are safe. 

For more information on keeping your browser secure, visit the government's website on browser security. 

Updated: 07/06/2021 10:42AM