INFORMATION SECURITY - E-MAIL SECURITY
E-mail is not secure. Although many people think of it as being an “electronic letter,” it is actually more like a postcard that can be read by any number of people along the route between the sender and recipient. It can be easily forged and does not afford privacy.
Generally, computer system administrators at OLLU make every effort to respect email privacy. However, despite precautions, e-mail may not always remain private. Unless you take special precautions, such as encrypting your e-mail (see “PGP & GPG Encryption” below), be careful not to discuss sensitive matters that you would not want disclosed. If necessary, put “CONFIDENTIAL” in the subject line to indicate to anyone who reads your sensitive note that it is to be treated as confidential information according to University security policy.
Be aware of the consequences of saving old e-mail messages and consider routinely deleting them. Even though you deleted a message, it may still exist on your hard drive or on a backup copy. Disclosure of such copies may be required in connection with judicial or administrative proceedings or government investigations. OLLU’s email systems are backed up to tape for system recovery purposes, but are subject to legal disclosure. Individual mail box recovery is not available as a routine service.
If you receive threatening or otherwise abusive e-mail, the sender can often be identified and is often surprised that his or her activities are traceable, even when messages are anonymous. If you would like help in tracing such messages, do not delete them. Contact postmaster (at) lake.ollusa.edu for assistance. If necessary, we will work with University Police to investigate.
If you believe that your safety is in jeopardy, call University Police from an on-campus phone (ext. 2360) or (210) 431-4022 from off campus. For emergencies only, call University Police at ext. 0911 from an on-campus phone, or (210) 433-0911 from off campus.
PGP & GPG Encryption
PGP (“Pretty Good Privacy”) is software that can be used to digitally sign and encrypt any computer data – e-mail, text documents, spreadsheets, database files, etc. It is particularly useful for sending e-mail that cannot be decoded if intercepted by anyone other than the intended recipient, and can also be used to apply a “digital signature” to any message. PGP software is available for Windows, Macintosh and Unix/Linux platforms. Be aware, both you and the recipients of your messages need to be aware that you are using PGP, and you have shared your “public key” with anyone who will be receiving encrypted e-mail messages. Many versions include plug-ins for popular e-mail clients such as Eudora and Outlook, making confidential, signed and/or encrypted e-mail easy to send.
For more information and instruction on PGP and its use, visit:
Commercial PGP - Commercial
The GNU Privacy Guard - Freeware
Information Security - Certificate Services
Secure web servers use secure socket layer (SSL) protocol to provide assurance that web servers are legitimate and that the conversation is encrypted to prevent network eavesdropping. In order to run a secure web server, system administrators must obtain a digital certificate which is signed by an external third party (a certificate authority). This process is similar in concept to obtaining a notarized document.
When you visit a web page where you are required to enter personal information, you should make sure that server has a valid “certificate.” In IE 6 or 7, you’ll see a yellow lock icon in the bottom or top status bar. If you click on that lock, you will get a pop-up window that displays information about the site’s certificate status. The icon also assures you that the information you key in will be encrypted over the Internet between your system and the server.