Apply
  1. U of R Home
  2. IS
  3. Information Security
  4. Security Resources

Security Resources

Phishing Information

  • Phishing is an email message where scammers attempt to get your login credentials.
  • They usually direct you to a false website that looks real, and request that you enter your username and password and submit them.
  • The phishing email message may appear to come from a legitimate uregina.ca email account, may have a copy of the U of R logo included, and may even direct you to a page that looks like other University of Regina web pages.
How can I tell if the message is real?
  • We will always send messages from a legitimate "@uregina.ca" email address.
  • We will never ask for your password in an email.
  • We would never require you to provide information in order to keep your email account. As long as you are a current student, faculty member, staff member, retiree or alumnus, you are entitled to have a working email account and we know your status.
  • We will always provide a contact person, including name, position, and phone number.
  • Legitimate messages will not ask for personal information.
  • Check the message header to see the actual address the email came from.
  • Trust your instincts. If the message seems strange and unexpected, it is likely spam.
  • Hover over any links in the message to ensure they go to reputable domains.
  • If you do inadvertently click a link from an email, always check the site that it takes you to, and watch for unusual additions to the URL.
What should I do if I suspect email phishing?
  • Disregard the message, and delete the email immediately.
  • If you do not deal with the bank the message appears to be from, it is definitely spam.
  • Never provide personal information via email. Email is not secure.
  • Never open attachments on messages you are not expecting, or are unsure about.
  • Never click a link in an email.
  • If you are concerned the message may be real, do not respond to the email, do not click any links and do not open any attachments. Instead, go directly to the company website first and log in as you normally do instead of using any provided link. You can also contact the company or bank directly to inquire if you are unsure.
  • If you are not sure about the legitimacy of a message, you can forward as attachment to report.phishing@uregina.ca to have the message evaluated.
  • If you know the message is not legitimate, you can report the message to Microsoft. This will allow the sender or type of emails to be blocked. Other recipients can also be notified. Report the message to Microsoft first  or alternately email report.phishing@uregina.ca (forward email as attachment).
If you clicked the link and entered your credentials, please change your password right away
  • Go to Information Services
  • Scroll down and find "Change Password"
  • Fill out the fields and click "Change Password".
  • Report the potential account compromise to IS Service Desk

Note: This changes your uregina password for everything your username and password is used for; uregina Outlook email, WiFi access on your phone, tablet or laptop, logging into university-owned computers, and UR Courses.

Why does this happen?

  • Spammers are getting more and more sophisticated in their use of technology, and are able to construct messages in such a way as to appear legitimate and get past our SPAM filters.
More Information on Phishing

For additional information on Phishing, please consult the following websites:

If you are unsure if an email is fraudulent or would like to report a phishing attempt to your @uregina.ca email account, please report the message to report.phishing@uregina.ca (forward as attachment) or contact the IS Service Desk:

  • FootPrints Ticket Webform (employees only)
  • Email: Service.Desk@uregina.ca
  • Phone: 306-585-4685
  • In person at ED137 or Archer Library

In your report, please include the email message you are reporting or inquiring about. This is most easily done by forwarding the message as an attachment to Report.Phishing@uregina.ca.

Computer viruses are programs which functions and spreads without the knowledge or cooperation without the user of the computer. Active and current protection from viruses is required for any network connected computer in order to lower the risks of threats from viruses. 

University-owned Computers

  • University-own 'Evergreen' computers have licensed Sophos Anti-Virus software installed automatically.
  • Personally-owned and Student computers also require Anti-Virus protection.
  • It is recommended that non-managed (personal) University computers have Sophos Anti-virus installed manually.
  • The Anti-Virus client should be configured to receive signature updates for detection of new viruses.   
Anti-Virus Sophos Download and Info for Windows and Mac

Windows

Mac

Anti-Virus Software Info for Windows
  • Depending on which operating system your computer is running, you can use either Windows Defender or Microsoft Security Essentials to get protection against malicious software and viruses.
  • If your home or personal computer is running Windows 10, you can use Microsoft Windows Defender. Windows Defender is built into the operating system, and does not require a seperate installation. However, it should be configured to ensure it is receving updates and is scanning frequently. For more information, please see Microsoft Windows Defender.
  • Another good option is Sophos Home which provides a free version of Sophos for Windows.
  • If your computer is running Windows 7 or earlier, most antivirus systems will not provide protection, as Windows 7 and earlier operating systems are no longer supported.
  • Windows XP and Windows 7 are no longer supported and should be retired.
Anti-Virus Software Info for Mac
  • Macs can be infected by a growing number of viruses and other malware.
  • All registered students and employees have M365 and can download Microsoft Defender if you wish to use this security feature on a personal device.
  • University-owned computers should only use Sophos (more info).
  • You can download the recommended Antivirus for Mac from Sophos, free of charge. Mac OS X 10.6 and up is supported.

Anti-Malware

While Anti-Virus software listed below, has malware detection included, specific Anti-Malware tools can assist. These tools do not replace your Anti-Virus software.

Anti-Malware Software for Windows
  • Malwarebytes Anti-Malware for Windows is free Anti-Malware scanner software that detects and removes malware like worms, Trojans, rootkits, rogues, spyware, and more. 
  • Microsoft Safety Scanner is a free Anti-Malware utility that checks for and removes malware from computers running most versions of Windows.  
Anti-Malware Software for Mac
  • Malwarebytes Anti-Malware for Mac is a free Anti-Malware scanner that detects and removes malware like adware, and known Mac Trojans.
What is Malware?
  • Malware is short for malicious software.
  • Malware infections stem from a number of vectors such as emails, websites, and downloads.
  • Malware seeks to exploit vulnerabilities to capture personal information, user names and passwords, are used to take control of a computer or gain access to a network.
  • It includes viruses, worms, Trojans, rootkits, spyware and adware.
  • It can be used to steal information such as passwords and confidential data, corrupt files/data and, possibly, spread to other computers and the campus network.
How do I Prevent Malware?

Think before clicking

On websites

  • If you are unsure, open another tab and research the software you are being asked to install.

In email

  • Unless you completely trust the source, do not click on a link.
  • If undecided, hover the mouse over the link and the destination address will be displayed at the bottom of the window. 
  • Verify that it will take you where you expect.

In pop-up windows

  • Some pop-ups will try to persuade you to install software or perform a free “system scan.”
  • Often, they will use scare tactics to encourage you to use whatever they offer.
  • Close the pop-up without clicking on anything inside, including the X in the corner. Use the Windows Task Manager accessed by pressing Ctrl-Alt-Del or right-clicking the Task Bar.

In software installers

  • Some software installers will attempt to install malware with the intended product.
  • Pay close attention to what you are clicking and, if unsure, cancel the install.
What signs are there if I have malware?
  • Anti-virus software, such as Sophos, provides a notification or warning.
  • Anti-malware software, such as Malwarebytes, providing a notification or warning.
  • Slow system performance.
  • Web browser takes you to sites you didn't intend.
  • More than normal amount of pop-up ads.
  • The Home page of your web browser has been changed.
  • Toolbars appear that you didn't install or request.
  • You lose ability to access files to which you previously had access.
What do I do if I suspect malware on my device?
What if my computer is Infected?
  • Once a computer has been infected with a virus, the first step is to run an Anti-Virus program to clean, or disinfect the machine.
  • If the first option does not eliminate the virus, please contact the IS Service Desk. They can assist with virus removal.

Default Deny Campus Firewall

Enhanced Internet Firewall Posture better protects systems and data which resides on the University of Regina campus network, Information Services has enhanced its approach to external firewall protection.

Do you require hosting of publicly exposed services, such as websites?

  • Request a firewall rule exception (employee login only).
  • This process is only required for new firewall rules.
  • Existing service owners have been contacted, and ports which are required to remain externally exposed have been permitted.
  • This approach is supported by the Network Firewall Standard, which provides specific expectations around external network posture.
What does Default-Deny mean?
  • Default-deny means that network traffic, which is not specifically allowed, will be denied.
  • At the firewall level, it involves defining permissible ports and protocols and turning everything else off.
  • This change impacts the internet (border, edge, or perimeter) firewall, which stands between the University of Regina's internal network and the public internet.
  • Firewalls protecting the campus network control incoming network traffic. Firewalls use security rules to determine which traffic is allowed.
History and what it does for the U of R
  • Work began on this initiative in 2019, with completion occurring in mid-2021. 
  • Effective July 9, 2021.
  • U of R network-connected devices are subject to a strengthened border firewall poster, known as “default-deny.”
  • This best practice approach to securing enterprise environments means that only approved network services, such as applications or websites will be exposed to the internet.
  • This approach better protects endpoints from threats originate on the internet.
Why was this Firewall change made and what are the outcomes?
  • Secure network services are essential for the University's operational goals.
  • Firewalls are the first line of defense against cyber-attacks and are a critical component of information security.
  • Also, firewalls provide a point where security controls can be implemented across the campus computing environment.

The outcomes of this change include:

  • Reducing malicious and anomalous or unusual traffic, reducing information security risks and network/hardware utilization.
  • Many information security standards suggest alignment with border perimeter controls as a means to reduce the attack surface of internal systems.
  • Improving the ability to audit firewall rules and validate internet exposure to internal networks.
  • Provides clarity on how a service owner can submit a request for a network port to be exposed on the internet.

This initiative aligns with several prior changes to allow remote access services and applications only available on campus by default.

What are the Default-deny firewall rules?
  • Limit internet traffic into the campus network to traffic which an internal system has requested.
  • Unsolicited traffic of an external origin will not be permitted to cross the network perimeter to reach internal systems.
  • This approach helps protect internal systems from vulnerability exploits, denial of service attacks, and password guessing attacks. 
Is my service impacted on campus if I provide externally accessible service?
  • Owners of existing services have been contacted, and exceptions have been established to permit the service to remain accessible.
  • Existing services should not be impacted. 
Does this impact my ability to reach external services from my endpoint located on campus?
  • No, devices on the campus network can connect to the internet and are able to access external services as usual. For example, web browsing is not affected.
  • Most users will not notice anything.
  • This is thanks to the implementation of ‘stateful firewalling,’ which allows known active connections originating from a device connected to the campus network to pass the firewall.
What protocols are impacted by this?
  • Firewall posture impacts both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
Are services hosted in the data centre impacted?
  •  No, services located in the network zones corresponding to data centres are not impacted.
  • It impacts only subnets which provide connectivity to endpoints such as desktops and wireless.

How do I access my systems from off campus?

Off-campus access requires a connection the campus network via the University’s Virtual Private Network (VPN).

How do I configure VPN?

VPN Resource Information and configuration information

Who do I contact if I have Questions?

Please feel free to contact Information Services via the IS Service Desk.