Carnegie Mellon University School of Computer Science

Security and Computing

Threats to computing infrastructure evolve daily. Awareness of these emerging threats is vital to building a safer and reliable computing experience in any organization. CMU (and more specifically SCS) leverages a network connection to the internet that does not utilize a traditional firewall as would be expected in many enterprise scale networks. While some specific groups may implement additional security on their local networks and we do block some common ports (as well as some common Windows ports), there is no traditional firewall implementation between the SCS network and the internet (Why?).

As a result, our network gets scanned several hundred times per day. Every year, there are numerous break-ins to SCS hosts. The vast majority of these break-ins happen because of the following, mostly preventable, causes:

  • Unpatched software. Unpatched hosts are often quickly (meaning within minutes/hours of being placed on the network) broken into.
  • Poor passwords.
  • Passwords that are sent over the network unencrypted and get sniffed.
  • Viruses/worms on Windows hosts.
  • Poorly configured software (open shares on Windows hosts, unrestricted NFS exports, etc).
  • People not recognizing phishing attacks, and thus typing their credentials at phishing sites.

As stated above, one of the most important elements of computer security is users being aware of customized, social or phishing attacks that leverage practices of redirection, sending/executing malicious code and focus on obtaining access via compromised credentials.


Carnegie Mellon University's Information Security Office (ISO) strives to keep all University affiliates informed about the latest cyber security threats, safe computing practices and relevant information security policies and compliance issues.  

In addition to being proactive in testing our network infrastructure and monitoring the CMU network, ISO offers guidelines and training resources for all of the CMU community. Visit their security training website for more information at