With the growing computerization of services, even for our University, cyber security is a problem that is increasingly felt and guarded, in terms of equipment and information systems and user awareness.
Worms, Trojans, spyware, backdoors ... In one word, "virus", a term used since 1983 to indicate programs able to self-replicate.
Malware - more general - is a more appropriate term, and collects many software in circulation that have malicious intent and are spread in different ways (via email, web, file ...) and different purposes (once launched, the virus can open access to the system to other malicious people, or be exploited as a bridge to attacks on other machines or websites, or even generate unwanted spam campaigns from the email address of the unfortunate user). The feature that unites them is the ability to enter the host computer by infecting it and creating more or less serious damage, just like the biological viruses.
But computer security (sometimes also called cybersecurity) is much more than just protection against viruses and malware: in this era of increasingly pervasive digitization it is a complex question of technical, organizational, legal and human aspects. To assess security, it is usually necessary to identify the threats, vulnerabilities and risks associated with IT assets, to protect them from possible attacks (internal or external) that could cause direct or indirect damage (including reputation or image) to our institution.
UniTrento takes care of the computer security of its users, as regards local protection tools (antivirus, antispam) and perimeter (firewall), but the collaboration of the entire university population is essential, so that correct behaviour and best practices of the individual help reduce the negative impacts that fall on the entire community, in terms of resources, time and energy.
Here is a small glossary on the meaningful terms of the topic. For a more in-depth discussion, refer to the specific pages of ICTs.
CERT: what is it and how to contact him?
UniTrento has established the CERT service since the end of the 90s with the aim of collecting and managing the security problems that involve users and hosts connected to the University network. The service is managed by the Computer Emergency Response Team, composed of IT technicians who are experts in networks and telecommunications with training and experience in the field of security issues also.
Information Systems, Services and Information Technologies Department, in synergy with Training and Continuing Professional Development Office, CERT and the E-Learning services organizes and promotes courses and training sessions for UniTrento users and for CERT members themselves on cyber security topics.
To report computer security problems the address alert [at] cert.unitn.it or a specific support form are available. The report will be processed and tracked in a centralized ticketing and helpdesk system. For more details see the CERT service page.
To know the latest security news (threats, suggestions, warnings, etc.) subscribe to our cyber security bulletin.
Antivirus: software aimed at preventing, detecting and possibly reducing malicious code and malware for a computer. There are antiviruses integrated in the e-mail and antivirus programs dedicated to PC protection.
Antispam: software used by e-mail servers that allows you to block the indiscriminate sending of emails, often to an advertising and / or commercial nature
Vulnerability: weak point of a system or defect in design, coding, installation or configuration of software that compromises security
Spam: mass and unsolicited sending of the same message (advertisements or chains of St. Anthony), via e-mail or newsgroups
Phishing: is the illegal use of systems such as e-mails and websites to collect user data, with the aim of stealing personal information (ex. password or credit card number)
CERT: Computer Emergency Response Team; it is a point of reference in the University for security problems
Data breach: violation of personal data means the security breach that involves accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed [source: GDPR]
Firewall: software used to protect a server from attacks received through the local network or through the Internet. It allows the passage of only certain types of data, from certain terminals and certain users