Frequently Asked Questions
Q: What is a compromised host?
A: A compromised host is a computer that is no longer under full control of its owner or administrator. There are a variety of reasons why a system might become compromised.
Please refer to the chart below for common avenues of compromise along with tips for protecting your computer.
|Viruses, Worms, Trojans
||Sophos Endpoint, Palo Alto Networks Traps, Windows Firewall, Windows Update
||Security flaws in your OS and software are periodically discovered and published
||Windows Updates, Vendor Updates
||Misconfigured systems and services exposed to the Internet
||MBSA, Best Practices, Windows Firewall
|Insecure Network Protocol
||Plain text protocols like telnet, ftp, http, rlogin expose end user credentials
||Use sFTP, scp, https instead
||Easily guessable passwords based on dictionary words, names, and patterns.
||Practice strong password creation policy.
||End-users provide credentials to unscrupulous parties via Phishing schemes and social engineering.
||Drexel University will never ask you for your password. Never give your personal or account information to anyone.
Drexel Operational Security requires all Drexel owned compromised hosts to have their operating systems reinstalled. Please contact your local Systems Administrator or the Drexel IT Help Desk for assistance. Please note that users re-installing a personal computer will need a licensed copied of their operating system. All Macs and most PCs ship with a recovery partition that contains the necessary software to allow re-installation.
Q: What is a compromised account?
A: A compromised account is one that is no longer under exclusive control of its assigned user. Accounts become compromised when an unauthorized party gains access to the account holder's username and password.
Please change your password and email Drexel IT Computer Accounts immediately if you suspect your Drexel University account has been compromised.
Q: Who should I contact if I find my computer has been stolen?
A: Stolen computing equipment can jeopardize the confidentiality of University data. Computer thefts must be immediately reported to both Drexel Department of Public Safety: 215.895.2822 and Drexel Information Security: 215.895.1984 or by emailing InformationSecurity@drexel.edu.
Q: I received an unsolicited communication from Drexel requesting my username and password. What should I do?
A: Reputable institutions, including Drexel University and IT, will NEVER request personal information such as passwords or account numbers. DO NOT send such personal information via unsolicited email to anyone. Contact IT immediately if you have divulged your password to anyone.
Q: What is a MAC Address?
A: A MAC (Media Access Control) Address is a unique 12 digit alphanumeric identifier assigned to every computer networking device. MAC Addresses take the following format 00:00:00:00:00:00.
Q: How does IT utilize MAC address information?
A: IT utilizes MAC address information when resolving network connectivity issues, provisioning ResNet and Dragonfly wireless network access, and revoking network access in response to abuse and DMCA Copyright Violations
Q: How do I locate my MAC address?
A1: MS Windows: Start > Run > CMD > OK > ipconfig /all > Physical Address
A2: macOS: Apple > System Preferences > Network > Ethernet (or Wi-Fi) > Advanced > Hardware
A3: Linux shell: /sbin/ifconfig > Eth0 > HWaddr
Q: Can I use my personal wired or wireless router on the Drexel Network?
A: No. You may not extend the Drexel University computer network without the express written permission of IT. Please refer to the Drexel's Acceptable Use Policy. Users disregarding the AUP will find their Drexel Network access revoked.
Q: What steps should I take before transferring or disposing of Drexel computer hardware?
A: Before transferring or disposing of Drexel equipment, all hard disks in the device must be sanitized. Sanitization refers to the process that renders access to target data on the media infeasible for a given level of effort per NIST SP 800-88. This is achieved by overwriting all data on the disk multiple times or using a disk's secure erase function if one exists.
To sanitize mechanical hard disks, Darik's Boot and Nuke (DBAN) performs the operations necessary to effectively overwrite data on the disk. For systems equipped with solid state drives, Parted Magic can utilize the drive's secure erase functionality to appropriately sanitize the disk.
For assistance with disk sanitization, contact your local IT support or reach out to firstname.lastname@example.org.