Access Limitations

To ensure secure access of sensitive information, implement policies and best practices that can cover broad categories of devices (printers, USB drives, mobile devices, etc) as well as users (read-only access, super users, etc). Add some fine-grained control that allows administrators to grant limited, restricted exceptions to databases and the central storage of data (such as limiting access to a certain time of day, remote system management, logs and shadow copy so that in the event of data loss there is an easy way to determine what exactly was removed and when).

Check with your local IT support personnel or the Security and Resilience team on how best to implement these policies and best practices.

Securely Sending & Sharing Data

Due to the well-known security risks, IS&T does NOT recommend that you routinely share files from your own computer with other computers via the "File Sharing" options of the Macintosh or Windows operating systems. It is more secure to leave the "File Sharing" options in your computer's operating system turned off. 

Peer-to-peer services also come with their inherent risks due to DMCA (the Digital Millennium Copyright Act) enforcement. Anyone sharing files that are copyright protected may receive takedown notices (requests to remove the files from a shared network) from the copyright holder's agent. Learn more about copyright and file sharing. 

Instead of the above forms of file sharing, use one of the options below. 

Secure File Transfer

Do not use insecure connections on MITnet. You must transfer your files securely over the MIT network using a secure file transfer method. The secure file transfer programs supported at MIT include features like password encryption, which protects your password from being intercepted and abused by hackers on the Internet. 

Kerberized FTP programs are file transfer programs that run on Windows and Macintosh computers with Ethernet or PPP dial-up connections. Kerberized FTP provides secure authentication of your FTP sessions without passing your Kerberos password in the clear across the Internet. Every member of the MIT community has a personal MIT directory on Athena where you can upload and download files securely using Fetch or other secure file transfer method. Learn more about secure file transfer.

Email Security

Some email programs can be configured to encrypt or digital sign outgoing email messages. Because this is not easy to set up or use for the general computer user, we recommend you see your IT support person if you require this service enabled on your system.

VPN

VPN (Virtual Private Network) provides a secure "tunnel" between a private network and a remote machine connected anywhere on the Internet. When working off campus, using VPN enables users to securely transfer and fetch files from a server or computer on the MIT network. In affect, a VPN lets you work just as if your machine was physically plugged into the MIT network. Learn more about VPN.