Email Guidelines

Choose a strong password

Longer passwords are more secure than shorter ones because there are more
characters to guess, so consider using passphrases when you can. For example, "This
passwd is 4 my email!" would be a strong password because it has many characters and
includes lowercase and capital letters, numbers, and special characters. You may need
to try different variations of a passphrase many applications limit the length of
passwords, and some do not accept spaces. Avoid common phrases, famous
quotations, and song lyrics.

Don't assume that now that you've developed a strong password you should use it for
every system or program you log into. If an attacker does guess it, he would have
access to all of your accounts. You should use these techniques to develop unique
passwords for each of your accounts.

Here is a review of tactics to use when choosing a password:

 Don't use passwords that are based on personal information that can be easily
accessed or guessed
 Don't use words that can be found in any dictionary of any language.
 Develop a mnemonic for remembering complex passwords
 Use both lowercase and capital letters
 Use a combination of letters, numbers, and special characters
 Use passphrases when you can
 Use different passwords on different systems
 Use a Password which is difficult to guess

Important tips about password

You have to make sure not to leave it someplace for people to find. Writing it down and
leaving it in your desk, next to your computer, or, worse, taped to your computer, is just
making it easy for someone who has physical access to your office. Don't tell anyone
your passwords, and watch for attackers trying to trick you through phone calls or email
messages requesting that you reveal your passwords, make habit to change your
password time to time.

Also, many programs offer the option of "remembering" your password, but these
programs have varying degrees of security protecting that information. Some programs,
such as email clients, store the information in clear text in a file on your computer. This
means that anyone with access to your computer can discover all of your passwords and
can gain access to your information. For this reason, always remember to log out when
you are using a public computer (at the library, an internet cafe, or even a shared
computer at your office). Other programs, such as Apple's Keychain and Palm's Secure
Desktop, use strong encryption to protect the information. These types of programs may
be viable options for managing your passwords if you find you have too many to
remember.

There's no guarantee that these techniques will prevent an attacker from learning your
password, but they will make it more difficult.

Two step authentication for email

You may also use the Gmail feature to use two step authentications for email. Please
follow the steps to enable this.

Logon on your web based email account and Click on mail settings accounts 2 step
verification

Follow the online instruction to register your mobile number. This will enhance the
security of your email account.

To review or change your 2-step verification settings, visit:

https://www.google.com/accounts/SmsAuthConfig

To learn more about 2-step verification, visit:

http://www.google.com/support/accounts/bin/answer.py?answer=180744

If you have questions about how 2-step verification works or want information about
additional
steps to keep your account secure, you can learn more at the Help Center:
http://www.google.com/support/accounts/bin/answer.py?answer=180744&hl=en

Guidelines for Usage of E-Mail Services

 Please check your mail accounts regularly.

 As per policy, Users are not allowed to send any email
on institute@iimidr.ac.in group id.
 If you have received a mail containing an attachment, form an unknown sender
don't open it and please delete it.
 Please do not make any heavy transactions on email server.
 For safety purpose you can always use two step authentication system ( click
here for details )
 Change your password time to time and keep it safe.
 Always ensure that you have properly logged off from computer/system which is
in public place like cyber cafe / computer lab etc.
  Individual participants are not allowed to mail on the PGP group ID's. They can
use the PGP Newsgroup server to post matters of interest or forward the mail to
the committee that will post it.
 If you receive a mail containing an attachment, from a sender you know, but
without any mention regarding the attachment, don't open it. It may be caring a
virus, which gets automatically attached with mails. You can confirm from the
sender if he has sent you this attachment and only then open it.
 Please ensure that attachments sent by you are free from virus and worms.
 Please ensure that the size of attachments sent by you does not exceed 10 MB.
 Please do not send any attachment on group ids. this will avoid heavy data
transaction over the net
 In case you want to send a large file within the IIMI network, make it sharable and
let the other person access it at his/her PC through Network or google drive or
any other similar system.

One thing to be sure of: IT Dept. of IIM Indore will never ask you to provide any
user id / password or any other personal information in an email; if the message
asking for it claims to be from us, don't believe it.
IT Department of IIM Indore is neither responsible nor accountable for any type of
misuse of the compromised mail accounts. Gross misuse might be detected by
automated monitoring tools of Gmail Apps, which in turn will automatically
deactivate the account.

IT Etiquette
The Guidelines concerning usage of Computing Resources provided by IIM

IIM-Indore provides a robust information technology environment to support its students

and faculty in the pursuit of their research and instructional objectives. These resources
are to be used for educational purposes and to carry out the legitimate business of the
Institute.

Understanding that for the Institute to maintain an environment of open access to

networked computing resources is important, those who use these facilities must
comply with the written policies covering their use as well as the "spirit and
intent" of those policies. Appropriate use of the resources includes instruction,
independent study, authorized research, and the official work of the offices,
departments, recognized student organizations, and the agencies of the Institute. Any
activity that intentionally obstructs or hinders the authorized use of campus computing
 and network resources is prohibited. Examples of inappropriate activities include (but are
not limited to):

1. Interfering with system security or integrity by

Breaking into a system and/or accessing data files and programs without authorization
Releasing a virus or other program that disables system performance or hinders other
clients.
Exploiting security gaps
Hindering supervisory or accounting functions of the systems
Tapping network lines
2. Obstructing users from authorized services by
Monopolizing computing resources or computer access.
Obtaining, possessing, using, or attempting to use someone else's user account or
password without notification or permission.
Accessing, or attempting to access, another user's data or information without proper
authorization
3. Harassment
Sending unsolicited e-mail, junk mail, or propagating chain letters.
E-mail "bombing", "spamming", etc.
4. Offensive Material
Transmitting or storing / sharing offensive material like racial or religious hatred messages,
pornography etc.
5. Forging electronic information
Creating, altering, or deleting the attribution of origin (e.g., "From" in e-mail, IP address in
headers).
Sending messages under someone else's address (e.g., hoax messages, even if intended
as a joke).
DESCRIPTIONS of Sample Violations (Not Exclusive)

E-Mail: You must not overload the communications servers; do not abuse your
communications privileges. E-mail is a fast, convenient form of communication. This
makes it easy to send mail to multiple recipients and puts a strain on shared systems.
Users are not allowed to send any emails on group email ids.

Do not help propagate chain e-mail letters: Forwarding chain e- mail is a violation of
Institute computing policy. Phrases in the subject line can usually identify chain e-mail,
such as "Forward - do not delete," "don't break the chain," etc. Some chain e-mails
promise good luck, promise easy money, tell stories and ask for help, or warn of false e-
mail viruses. If there are a large number of addresses in the message, chances are very
good that it is a chain e- mail. "Get rich quick" schemes will invariably claim to be
"completely legal". Do not be fooled. Delete all chain e-mail from your account. User are
not allowed to spam on any group ids. Contact IT DEPT. for any clarifications.

Do not "bomb" e-mail accounts: Sending numerous or large e- mail messages to one
person is considered "e-mail bombing." This may or may not be done in an attempt to
disrupt the recipient's network services. Sometimes e-mail "bombs" are used as a
method of retaliation. Even if no harm was intended or it was simply a "harmless prank,"
a e-mail "bomb" can disrupt service to hundreds of users.

Forgery: You must not alter any form of electronic communication (especially via forged
electronic mail and news postings). Messages, sentiments, and declarations sent as
electronic mail or sent as electronic postings should meet the same standards for
distribution or display as if they were tangible documents or instruments. Forgery
includes using another person's identity. Forgeries intended as pranks or jokes are still
violations. Attempts to alter the attribution of origin (e.g., the "from" or "addressee" lines)
in electronic mail, messages, or postings, will be considered transgressions of Institute
rules. You are free to publish your opinions, but they should be clearly and accurately
identified as from you, or, if you are acting as the authorized agent of a group
recognized by the Institute, as coming from the group you are authorized to represent.

 Please check your mail accounts regularly

 If you have received a mail containing an attachment, form an unknown
sender don't open it, you need to scan the attachment through Anti virus, if
you found virus with the attachment then please delete it.
 If you receive a mail containing an attachment, from a sender you know,
but without any mention regarding the attachment, don't open it. It may be
caring a virus, which gets automatically attached with mails. You can
confirm from the sender' if he has sent you this attachment and only then
open it.
 Please ensure that attachments sent by you are free from virus and
worms.
 In case you want to send a large file within the IIMI network, make it
sharable and let the other person access it at his/her PC through Network
Neighborhood.

Copyright Infringements: For your use, the Institute provides many software and data that
have been obtained under contracts or licenses stating that they may not be copied
cross-assembled, or reverse-compiled. You are responsible for determining whether or
not programs or data are restricted in this manner before copying, cross assembling, or
reverse-compiling them in whole or in any part. If it is unclear whether or not you have
permission to do so, assume that you do not have permission to do so. IT DEPT. will
assist with any questions regarding software usage and licensing issues. User should
not engage IIM Indore's IT infrastructure to share/distribute/store any form of illegal
material.

BitTorrent Restrictions: Transferring files using the BitTorrent protocol is not allowed over
IIM Indore network. Restriction of BitTorrent activity protects the campus community and
ensures that everyone using IIM Indore network receives the fastest, most reliable
internet connection possible.

Understanding Illegal File Sharing: BitTorrent is a type of file sharing protocol that is
often used to illegally distribute copyrighted material, such as movies and music. Using
BitTorrent to share copyrighted files has multiple negative effects:

 Security risk: Use of BitTorrent protocol is done with a "torrenting" client,

which creates connections with hundreds of other users all over the
internet and can leave your computer vulnerable to attack from outside
parties.
  Unfair use of internet bandwidth: Torrenting files is typically a large,
constant drain on a network. This negatively affects the speed and
reliability of everyone else's internet connection on campus.
 Penalties for illegal activity: Illegal file sharing is a violation of IIM Indore
acceptable IT usage Policy (please refer point no. 8 of IT Usage Policy).

The most common type of torrenting activity at IIM Indore occurs unintentionally, when
someone does not turn off their torrent application before bringing their laptop to
campus, causing it to reconnect as soon as they open it and connect to IIM Indore
network.

Technically it is very difficult to block bittorrent traffic or any P2P traffic. Because
BitTorrent type application can run on any port, can be wrapped inside SSL, so blocking
by ports or traffic data isn't going to get you anywhere.However, we request all of you to
follow the IT usage policy of IIM Indore.

Interfering With a User's Authorized Services: Any activity that causes disruptions in
service to other users is considered interference. In some cases, using more resources
than you are entitled to can also be considered interference (e.g., using excessive
storage space on the shared systems, flooding chat channels or newsgroups). More
importantly, you must not monopolize computing resources for nonacademic activities
such as game playing and other trivial applications locally or over an affiliated network;
printing excessive copies of documents, files, images or data. You should refrain from
using unwarranted or excessive amounts of storage; printing documents or files
numerous times because you have not checked thoroughly for all errors and corrections;
or run grossly inefficient programs when efficient alternatives are known to be available.
You should be sensitive to special needs for software and services available in only one
location, and cede place to those whose work requires the special items.

Sharing Resource Accounts and Passwords or Sharing Objectionable material on IIMI : Your
network login and password are for your personal use. If you share your login and
password with your friends or roommates, then you are giving them access to services
they are not authorized to use. They may embarrass you by sending e-mail, posting
messages, or even chatting with people while posing as you. Do not share your account
or password with anyone. If you suspect that someone may have obtained your
password, change it immediately. If you suspect that someone has repeatedly accessed
your login and password, notify IT DEPT. or send e-mail to IT DEPT. Conversely, using
someone else's password to access services or data is also a violation of policy,
regardless of how the password was obtained. Do not use anyone else's password,
account, or e-mail.

Further, sharing any form of objectionable material (pornography, religious hatred mails
etc.) on your PC hard-drive on IIMI Network is strictly prohibited.

Disruption of System Security or Integrity: Tampering with the operation of any server or
network resource is prohibited. Any such activity constitutes a threat to the normal
operation of that resource and can potentially effect hundreds of users. Any attempt will
be regarded as malicious in intent and will be pursued in that perspective. Users are not
allowed to install any networking devices ( including wi-fi router,wi-fi access point,
network hub/switch etc.). Users are also not allowed to install any server /software
which can disturb the Institute's IT infrastructure and services. IIM Indore authorities
reserve the right to disconnect any device(s) or disable any account if it believed that
either is involved in compromising the information security of IIM Indore. Please note
that any use of IT infrastructure at IIM Indore that constitutes a violation of IIM Indore
Regulations could result in administrative or disciplinary procedures. IT Dept. is
authorized to remove such devices or disable the network port for smooth IT services.
Please note that you are not allowed to share your internet connection by any method.

Unauthorized access: Legitimate use of the Institute computer systems does not extend to
what one is capable of doing on that system. In some cases, there may be security
loopholes through which people can gain access to a system or to data on that system,
a network, or data. This is unauthorized access. If a student accidentally permits access
to his or her files through the network, you do not have the right to access those files
unless you have been given explicit authorization to access the material. This is similar
to accidentally leaving your door room unlocked. You would not expect your neighbor to
use that as an excuse for entering your room.

Backup of Data: It is user's responsibility to take their backup on regular basis to avoid
any kind of data loss situation. IT Dept. of IIM Indore will not be liable for the loss or
corruption of data on the Institute servers / individual user's computer as a result of the
user and /or misuse of his/her computing resources ( hardware / software) by the user or
from any damage that may result from the advice or action of IT dept. member in the
process of helping the user in resolving their network/computer related problems.
Although IT Dept. make a reasonable attempt to provide data integrity and privacy, the
user accepts full responsibility for backing up files in their own storage device / DVD /
Pen-drive / external HDD/Google Drive etc.

As per present practice, All the department/office(s) takes backup of their data on every
15 days to external hard disk provided by the Institute. Now, they are advised keeping
their external HDD in a different safe place. The same data backup will also upload to
the cloud data storage. It will ensure the backup of data is stored in three different
layers. (1) local PC (2) External HDD (3) Cloud storage. Institute has provided 1 TB
cloud storage to all the department in-charge to store their data on cloud. Officer/in-
charge of the department will be responsible for ensuring backup of their data. In case,
he/she is not available then responsibility should be given to another personnel. All staff
must be made aware of the disaster recovery plan and their respective roles.

Contents on Website/ Intranet : The content included in the IIM Indore Website and
Intranet has been compiled from a variety of sources and is subject to change without
any notice. The contents provided by different department / user are uploaded "as it is".
All users/department are requested to check their content before sending for uploading
for any spelling /grammatical mistake/, copyright /content piracy etc. IT Department will
not be responsible for any type of contents which are displayed on our website and
Intranet.

Consequences of Misuse: Infractions of this shared use policy will result in loss of system
and network privileges and will be referred either to the Dean, the chair of concerned
Program or the chair ISC.

When ISC has reason to believe a user has violated the shared system policy, it may
suspend the user's account(s) pending the outcome of an inquiry into the matter. ISC will
notify the student of the alleged violation and the facts on which the alleged violation is
based. The student will have an opportunity to respond to the alleged violation. After
gathering and considering all the facts available, and in consultation with the chairperson
ISC, the user's privileges to the shared use systems may be withdrawn for the remainder
of the term.

If, in addition to withdrawing privileges, ISC believes the violation is sufficiently serious to
warrant more severe disciplinary action, including restitution, they may refer the matter
to the Dean, Programme Chair for appropriate disciplinary action.

Conclusion: The ISC recognizes that IIMI's Information System users are extremely
diverse in their needs and requirements. Providing this large range of services for
research and instruction necessarily entails providing a relatively unrestricted and
flexible system and network organization. To this end, we expect that our users practice
considerate and responsible computing and adhere to common sense standards.

When problems arise, they will be dealt with to insure the unimpaired operation of our
systems and network, but we request that all users are considerate and prudent in their
use of the resources.

The shared systems are an extremely important and ever-changing resource for the IIMI
community. As a member you are responsible for staying informed about the policies
and procedures updates.

that you've developed a strong password you should use it for every system or
program you log into. If an attacker does guess it, he would have access to all of
your accounts. You should use these techniques to develop unique passwords for
each of your accounts.

Here is a review of tactics to use when choosing a password:

Don't use passwords that are based on personal information that can be easily
accessed or guessed.

 Don't use words that can be found in any dictionary of any language.
 Develop a mnemonic for remembering complex passwords.
 Use both lowercase and capital letters.
 Use a combination of letters, numbers, and special characters.
 Use passphrases when you can.
 Use different passwords on different systems.
 Use a Password which is difficult to guess

Important tips about password

You have to make sure not to leave it someplace for people to find. Writing it down
and leaving it in your desk, next to your computer, or, worse, taped to your computer,
is just making it easy for someone who has physical access to your office. Don't tell
anyone your passwords, and watch for attackers trying to trick you through phone calls
or email messages requesting that you reveal your passwords, make habit to change
your password time to time.
Also, many programs offer the option of "remembering" your password, but these
programs have varying degrees of security protecting that information. Some
programs, such as email clients, store the information in clear text in a file on your
computer. This means that anyone with access to your computer can discover all of
your passwords and can gain access to your information. For this reason, always
remember to log out when you are using a public computer (at the library, an internet
cafe, or even a shared computer at your office). Other programs, such as Apple's
Keychain and Palm's Secure Desktop, use strong encryption to protect the
information. These types of programs may be viable options for managing your
passwords if you find you have too many to remember.

There's no guarantee that these techniques will prevent an attacker from learning
your password, but they will make it more difficult.

Two step authentication for email

You may also use the Gmail feature to use two step authentications for email.
Please follow the steps to enable this.

Logon on your web based email account and

Click on mail settings accounts 2 step verification

Follow the online instruction to register your mobile number. This will enhance the
security of your email account.

To review or change your 2-step verification settings, visit:

https://www.google.com/accounts/SmsAuthConfig

To learn more about 2-step verification, visit:

http://www.google.com/support/accounts/bin/answer.py?answer=180744

If you have questions about how 2-step verification works or want information about
additional
steps to keep your account secure, you can learn more at the Help Center:
http://www.google.com/support/accounts/bin/answer.py?answer=180744&hl=en

One thing to be sure of: IT Dept. of IIM Indore will never ask you to provide any
user id / password or any other personal information in an email; if the message
asking for it claims to be from us, don't believe it.
IT Department of IIM Indore is neither responsible nor accountable for any type of
misuse of the compromised mail accounts. Gross misuse might be detected by
automated monitoring tools of Gmail Apps, which in turn will automatically
deactivate the account.
Phishing
Treat your passwords with as much care as you treat the information that they protect.

Use strong passwords to log on to your computer and to any site including social networking
sites where you enter your credit card number, or any financial or personal information.

1. Never provide your password in an email or in response to an email request.

Internet "phishing" scams use fraudulent email messages to entice you to reveal your
user names and passwords, steal your identity, and more. Learn more about phishing
scams and how to deal with online fraud.

2. Do not type passwords on computers that you do not control, such as those in Internet cafes, kiosk
systems, and airport lounges etc.

Cyber criminals can purchase keystroke logging devices that gather information typed on
public computers, including passwords. If you need to regularly check email from a public
computer, consider using Hotmail, which allows you to obtain a single-use code. To get
a single-use code, click Sign in with a single-use code, and Hotmail will send a one-
time use authentication code to a mobile phone. You can opt to use the one-time code,
instead of your password, to access your account on a public machine.

3. Don't reveal your passwords to others.

Keep your passwords hidden from friends or family members (especially children), who
could pass them on to other, less trustworthy individuals.

4. Protect any recorded passwords.

Don't store passwords on a file in your computer, because criminals will look there first.

Keep your record of the passwords you use in a safe, secure place.

5. Use more than one password.

Use different passwords for different websites and services.

What is a phishing scam?

Phishing is a type of deception designed to steal your valuable personal data such as credit
card numbers, Windows Live IDs, and other account data and passwords. Phishing is also
known as identity theft and is a type of social engineering.

Common phishing scams:

Spoofs of businesses that you know and trust. These are e-mail messages that purport to be from
companies or services that you know and trust such as your bank and could contain
urgent messages with threats of account closures or other alarming consequences.
 Lottery scams and other advanced fee fraud scams. For example, an e-mail message might request
your help in a financial transaction such as the transfer of a large sum of money into your
account. Or a message might contain a claim that you have received a large inheritance
from someone you do not know or that you have won a lottery that you did not enter. For
more information, see Scams that promise money, gifts, or prizes.

Rogue security software scams. These are e-mail messages, Web sites, or pop-up windows that
tell you that your computer is unsafe. If you download the software they offer so you can
receive help, you could damage your system or waste money on software that you don't
need.

You might see a phishing scam:

In e-mail messages, even if the messages appear to be from a coworker or someone you
know.

On social networking Web sites.

On Web sites that appear to accept donations for charity.

On Web sites that spoof familiar sites but that use slightly different Web addresses.

In your instant message (IM) program.

On your cell phone or other mobile device.

Six signs of a scam

1. Generic greetings such as "Dear Customer," which indicate that the sender does not
know you and should not be trusted.

2. Alarming or urgent statements that require you to respond immediately.

3. Requests for personal or financial information, such as user names, passwords, credit
card or bank account numbers, social security numbers, dates of birth, or other
information that can be used to steal your identity.

4. Misspellings and grammatical errors, including Web addresses. The Web address
might look very similar to the address of a legitimate business, but with a minor
alteration. For example, instead of http://www.microsoft.com the scammer might
use http://www.micrsoft.com

5. The text of the link in the e-mail message to you is different from the Web address that
you are directed to when you click the link. You can identify the actual Web address
in a link by hovering over the link without clicking it. The Web address appears in a
text box above the link.

6. The "From" line in the original e-mail message to you shows a different Web address
than the one that appears when you try to reply to the message.

How can I help prevent a scam from happening to me?

The following suggestions could help you avoid online fraud.

1. Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list.
When you reply, you confirm to the senders that they have reached an active e-mail
account and make yourself vulnerable to further abuse.

2. Use caution when you click links in e-mail messages, text messages, pop-up windows,
or instant messages. Instead, type Web addresses in a Web browser, or use your
online Favorites or bookmarks.

3. Do not open e-mail attachments or click instant message download links unless you
know who sent the message and you were expecting the attachment or link.

4. Be cautious about providing your personal or financial information online. Do not fill out
forms in e-mail messages that ask for personal or financial information.

5. Create strong passwords and avoid using the same password for your bank and other
important accounts. To test the strength of your password, use our Password Checker.
For more information, see Creating a strong password for your e-mail account: why
you should and how to do it.

6. Check your bank and credit card statements closely to identify and report any
transactions that are not legitimate.

7. Never pay bills, bank, shop, or conduct other financial transactions on a public or shared
computer or over a public wireless network. If you do log on to public computers, look
for computers on networks that require a password, which increases security.

Password phishing

Some spammers send fraudulent mass-messages designed to collect personal

information, called 'spoofing' or 'password phishing.'

Here are a few ways you might recognize these messages:

They ask you to provide your username and password or other personal information (e.g.
Social Security number, bank account number, PIN number, credit card number, mother's
maiden name, or birthday). Even if they appear to be from a legitimate source, or contain
an official-looking webpage, be careful. Spammers often ask for this information in an
attempt to steal your email address, your money, your credit, or your identity.

You should always be wary of any message that asks for your personal information, or
messages that refer you to a webpage asking for personal information.

One thing to be sure of: IT Dept. of IIM Indore will never ask you to provide any user id
/ password or any other personal information in an email; if the message asking for it
claims to be from us, don't believe it.
IT Department of IIM Indore is neither responsible nor accountable for any type of
misuse of the compromised mail accounts. Gross misuse might be detected by
automated monitoring tools of Gmail Apps, which in turn will automatically deactivate
the account.
Here's what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor
over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the 'show
details' link in the right hand corner of the email, and make sure the domain you see next
to the 'mailed-by' or 'signed-by' lines matches the sender's email address. For more
information on email authentication