Hardware token (sometimes called an authentication or security token) is a physical object, usually a small hardware device, that the owner carries to authorize access to a restricted resource. The user's interaction with a login system proves that the user physically possesses a token specific and unique to that user. Examples include plugging a security token into the workstation or using a key fob or identity badge to swipe or hold up to an authentication device.
Highly sensitive data (HSD), as defined in the UVA Policy IRM-003: Data Protection of University Information, are: data that require restrictions on access under the law or that may be protected from release in accordance with applicable law or regulation, such as Virginia Code § 18.2-186.6. Breach of Personal Information Notification. Highly Sensitive data (HSD) currently include personal information that can lead to identity theft. HSD also includes health information that reveals an individual’s health condition and/or medical history.
Specific examples include, but are not limited to:
- Any store or file of passwords or user-ids and passwords on any multi-user system or computer.
- Personal information that, if exposed, can lead to identity theft. This may include a personal identifier (e.g., name, date of birth) as well as one of the following elements:
- Social security number;
- Driver’s license number or state identification card number issued in lieu of a driver’s license number;
- Passport number;
- Financial account number in combination with any required security code, access code, or password that would permit access to a financial account;
- Credit card or debit card number, including any cardholder data in any form on a payment card: or
- Military Identification Number.
- Health information is any information that, if exposed, can reveal an individual’s health condition and/or history of health services use, including information defined by Health Insurance Portability and Accountability Act (HIPAA) as protected health information (PHI).
- Cardholder Data (CHD): Primary cardholder account number that identifies the issuer and a particular cardholder account, which can include cardholder name, expiration date and/or service code.
Note that credit card numbers can never be stored either alone or in combination with any other identifiers.
Also considered HSD are any form of personally identifying information in combination with social security number (SSN), driver’s license number, passport number, financial account number and required security code, and/or military ID number. For example, computing ID and driver’s license number, or home address and SSN.
A host-based firewall is firewall software that is installed directly on a computer (rather than a network) that controls incoming and outgoing network traffic in order to decide whether to allow that network traffic into the computer. Sometimes called an "application-based" firewall. Macintosh and Windows computers include host-based firewall protection as part of their operating system. This type of firewall is a granular way to help protect the individual device from viruses and malware, and to control the spread fo these harmful infections throughout the network.
Report an Information
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.