Southern University and Agricultural and Mechanical College

Search!
Share Print Page Decrease Type Size Increase Type Size TEXT SIZE:

7 Steps to Securing Your Computer

 
Step 1. Keep your system patched and up to date
New security bugs are discovered almost every day. In order to keep your system secure it is critical that it be kept up to date with recent patches and software upgrades. Microsoft provides patches to fix these security bugs, but expects you to download and install these patches. By applying these patches regularly, you have a much lower chances of getting a virus, trojan, or worm as most of these exploit common known security holes in unpatched systems.
 
How to do it:
There are two ways that SU students, faculty and staff can keep their Windows 2000 or XP computers patched.

You may manually configure Windows Update to download the patches from Microsoft's website:
  • Go to Start and select Control Panel.
  • Double-click on System.
  • Click on the Automatic Updates tab. Make sure that the "Keep my computer up to date" box is checked. If it is not checked, check it by clicking once on it.
  • Click on the "Automatically download the updates and install them on the schedule that I specify" selection. Select the frequency with which you want the updates to be downloaded and installed. We suggest daily.
  • Select the time at which you want the updates to be downloaded and installed. This should be a time when your computer is turned on and connected to the Internet.
  • Click on the OK button.
 
Step 2. Use Antivirus Software
Most viruses will be caught by antivirus software as long as the antivirus is kept up to date. It is absolutely crucial that users run antivirus software on their computers. With that in mind, SU offers all faculty & staff with University-owned computers a copy of E-Trust Antivirus. Students are highly encourage to purchase their own antivirus software or download a free copy of antivirus software. This software is highly recommended for all users and is required for computers living in Residential Housing.
How to do it: IMPORTANT NOTICE: Before installing any antivirus, remove any other antivirus software from your computer. This is important because having multiple antivirus products on the same computer can cause serious problems.
For Students: We are currently suggesting Grisoft AVG Antivirus software for students without a antivirus program. Go to the Security Download Page for download.

For Faculty & Staff: If you have installed the latest preconfigured version of E-Trust on your machine, all the settings should be correct and your E-Trust should update hourly. To get the latest version of E-Trust, please contact the TNS office.

We recommend that all users download the installation documentation prior to installing any antivirus software.

 
Step 3. Use Strong Passwords (see also Password Policy)
Password enumeration attacks are becoming more common on Windows workstations.

Recent increases in computer hacking and viruses worldwide have caused many systems to become exploited. Hackers often attempt to gain access to a computer by guessing all possible combinations of passwords. Using a modern PC, a hacker can normally break a simple password remotely in less than 60 seconds. Once broken, your password may allow someone to access your files.

Network Security Services suggest these requirements to ensure a good password:
• The password should be at least 8 characters long
• The password should contain at least one non-alpha character (a number, period, space, comma etc)
• The password should contain at least one uppercase and one lowercase letter
• Not begin with a number
• Not be an alphabetic series, either forwards or backwards (i.e., ABCDEF or FEDCBA)
• Not be a numeric series, either forwards or backwards (i.e., 123456 or 654321)
• Not be a string of all identical letters or numbers (i.e., AAAAAA or 111111)
• Not be a common keyboard key sequences (i.e., ASDFG or QWERTY)
• Not be an easily guessed word such as your name, userid, or any variation thereof (backwards, changing case, etc.)
• Not be a word(s) referring to anything noticeable about you, such as the name of your spouse, child, pet, favorite football team, or literary character
• Not be a word that appears in a dictionary

 
Examples:
There are many ways to help you remember your password. A common way is to make up a sentence and use letters from it to build your password. Dictionary words should be avoided as the most common form of password cracking involves trying common word combinations.
  • Best: iL2eAwPb! "I like to eat apples with peanut butter!" (no dictionary words, all cases and a special character)
  • OK: 88Ffchamps "1988 Final Four Champions" (good but uses a dictionary word)
  • Bad: Password01 (no complexity, uses a dictionary word)
  • Terrible: 1234 or abcd or a BLANK password
 
Step 4. Share Files Correctly
a. Peer to Peer
There are applications for peer-to-peer (p2p) file-sharing applications such as KaZaa, Gnutella, BearShare, LimeWire and Morpheus, we do not ban them but we do encourage users NOT to use them on the SU network. However, we recognize that most p2p activity consists of copying copyrighted music and video files for personal enjoyment. If you participate in this kind of file-sharing activity, there are three things you should know:
  • Music file-sharing consumes a disproportionate amount of network resources, which could lead to your connection being limited to a slower connection speed.
  • Music and Video's are copyrighted. You must not violate copyright laws. Unsure whether a shared file is copyrighted or not? Assume that it is!
  • File-sharing may put your personal computer data at risk of getting spyware.

How to do it
Once again, the IT Security Office suggests that you do not run these types of programs. If you feel you must do so, please at least disable the uploading features. Click here for more information.

 
b. Windows File Sharing
Be very careful with Windows file sharing. The default options for all versions of Windows are insecure and will let hackers into your computer unless they are disabled or fixed! Your best bet is to disable file sharing completely.
In order to use file sharing to access files from other Windows computers, while preventing access from hackers, you must enable shares that require accounts and passwords. This is not the default setting on any Windows version and can take a considerable amount of work to set up. You also need to synchronize the account names and passwords on both the 'server' Windows computer and the 'client' Windows computer, which requires a lot of work and is very time-consuming. Most computer users should keep file sharing turned off. You do not need to have Windows File and Print Sharing enabled if you access a Novell file server.

Assuming that you do not need to share the files on your computer with other computer users, you should completely disable the sharing feature. You will still be able to connect to servers, but no one (including hackers) will be able to connect to your computer.

How to do it:
To disable 'File and Printer Sharing' in Windows 98/ME:

1. Right-click on the Network Neighborhood icon on your desktop.
2. Select Properties from the pop-up menu.
3. Click the File and Print Sharing button.
4. If I want to be able to give others access to my files is checked, you have enabled file sharing. Uncheck it.
5. If I want to be able to allow others to print to my printer is checked, you have enabled print sharing. Uncheck it.
6. Click OK.
7. Insert your Windows CD if prompted.
8. Click OK.
9. Restart your computer.
10. File and print sharing is now off.

To disable 'File and Printer Sharing' in Windows XP:

    1. Open Control Panels from the Start Menu.
    2. Double-Click Network Connections (under Network and Internet Connections in XP Category View).
    3. Right-click on Local Area Connection and select Properties. In the middle of the properties window, you will see the list of networking components used by this connection.
    4. If File and Printer Sharing for Microsoft Networks is listed, uncheck the item and click OK. This change goes into effect immediately.

To disable 'File and Printer Sharing' in Windows 2000/NT:

    1. Right-click on My Network Places on your desktop and select Properties.
    2. Right-click on Local Area Connection and select Properties. Under Components checked are used by this connection, look for File and Printer Sharing for Microsoft Networks. If it is not listed, you are not sharing.
    If it is in the list.
    3. Click in the check box next to File and Printer Sharing for Microsoft Networks to unselect it.
    4. Click OK.
    Note: File and Printer Sharing will not be enabled when you restart your computer. In order to re-enable it, you must go back and click in the check box next to File and Printer Sharing to select it.
 
Step 5. Minimize Network Services
Windows in its various forms rank atop the list of the most exploited and vulnerable systems. Windows 2000 and XP both include many excellent tools for hardening, but are often left unused because many administrators do not know how to use them (or that they even exist!). By turning off unnecessary services and hardening the rest, you can close the largest and easiest way for an intruder to access your system. The follow steps will assist you in doing just this:

How to do it:
To disable this Messenger service on Windows 2000 or XP, follow these steps:

Open the list of services running on your computer.
1. Open Control Panels from the Start menu (under Settings in Windows 2000).
2. Double-click on Administrative Tools (inside Performance and Maintenance in Windows XP)
3. Double-click on Services.

Scroll down the list of services on the right until you find Messenger.
1. Double-click Messenger; a Messenger Properties window opens.
2. The General tab window should be selected.
3. Click the Stop button under Service Status if the service is currently running.

In the center of the window, there is a Startup Type drop-down menu. By default, the menu is set to Automatic. Instead, Select Disabled so the service will never start again.
1. Click the OK button in the Messenger Properties window.
2. Close the Services window.
In Windows 95/98, use the Add/Remove programs Control Panel to see if WinPopUp is installed; if so, remove it. Windows 2000 and XP users should also disable the built-in Remote Registry Service. This service can allow hackers to modify your registry remotely.

To disable this Remote Registry Service on Windows 2000 or XP, follow these steps:

Open the list of services running on your computer.
1. Open Control Panels from the Start menu (under Settings in Windows 2000).
2. Double-click on Administrative Tools (inside Performance and Maintenance in Windows XP)
3. Double-click on Services.

Scroll down the list of services on the right until you find Remote Registry Service.
1. Double-click Remote Registry Service; a Remote Registry Service Properties window opens.
2. The General tab window should be selected.
3. Click the Stop button under Service Status if the service is currently running.

In the center of the window, there is a Startup Type drop-down menu. By default, the menu is set to Automatic. Instead, Select Disabled so the service will never start again.
1. Click the OK button in the Remote Registry Service Properties window.
2. Close the Services window.

 
Step 6. Use some type of firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially harmful content on the Internet. It helps guard your computer against hackers and many computer viruses and worms. The SU IT Security Office suggests you install a firewall before connecting to the network.

How to do it:
You must have administrator access to your computer to install either of these options.

Windows XP includes the Internet Connection Firewall, which you can turn on:

1. Click on the Start button.
2. Select Settings then Network Connections.
3. Inside the Network Connections window, right-click on one network connection.
4. Select Properties.
5. Select the Advanced tab and check the box about protecting my computer.
6. Click OK and return to step 3 until all connections have a firewall.

Additional detailed instructions are at Microsoft Security Page.

Hardware Firewalls
Hardware firewalls are a good choice for versions of the Windows operating system prior to Windows XP. Most home-networking hardware, like wireless access points and broadband routers come with built-in hardware firewalls. These help protect most home networks.
Hardware firewalls are available from several vendors, including: ***Note SU does not endorse any specific Hardware Firewall.

 

  •  
    • Linksys
    • Netgear
  • • Microsoft

Software Firewalls
Software firewalls are available from several vendors, including:
***Note SU does not endorse any specific Software Firewall.

  •  
    • BlackICE PC Protection
    • Symantec
    • Tiny Software: Tiny Personal Firewall
  • • McAfee Security
    • ZoneAlarm

     

This article, Checklist: Install a Firewall, from the Microsoft Security Web site provides information about software firewalls made by other companies, as well as hardware firewalls and network routers. This information can help you select a firewall solution if you use an earlier version of Microsoft Windows, such as Windows NT, Windows Millennium Edition (Me), or Windows 98.
 
Step 7. Backup your important files
Even if you follow all of these recommendations, it is still possible that your computer could be compromised by a hacker. In 'a worst case scenario', a hacker's programs or virus will corrupt, infect, or erase your computer files. Or your hard drive could simply fail, causing the loss of all your data. Also it is becoming more common that a computer that has been infected with a virus may need to be formatted and have all of the software reinstalled.
By backing up your files to a burnable CD, Floppy disk, Zip disk, or a workgroup file server, you can save yourself a lot of trouble if your computer gets a virus.

How to do it:
A computer backup involves placing a duplicate copy of your data onto a secondary medium, such as floppy disks, a recordable CD, or a workgroup file server. Then when your hard drive fails or you accidentally delete a file, you can rely on the backup to recover any files. The most important elements to backup are documents like essays, thesis and e-mail. You might also consider backing up your operating system, software and settings since reinstalling them can be a lengthy process. An essential part of any computer security procedure is to make regular backups of your essential files.

Probably the best back-up solution is a CD writer. This is a CD-ROM drive that allows the creation or burning of Compact Discs. It uses blank CDs that are either CD-Recordable (or CD-R) or CD-Rewriteable (CD-RW). The CD-R means the CD can only be burned only once, but can't be erased, while CD-RW can be recorded and erased and re-recorded. They are reusable up to 1000 times.
Most CD-R and CD-RW drives come with software that will do data backups as well as audio CD creation. This software is capable of backing up both the entire computer system as well as single files. For most people simply copying your important directories of files every few days would provide substantial protection. However, only you can determine how critical your data is and how often you should back it up. Be sure to use at least two sets of backup disks, rotate them, so you are always overwriting the oldest.

If you do not own a CD-R or CD-RW you can still backup your data using a Zip drive or even a floppy. If you do not need to backup on a very frequent basis, you probably don't need any special backup software, and can instead use your file manager (Windows Explorer) to copy files to a removable medium. (i.e., drag and drop your files to a floppy or zip disk.).

Make sure that any backup files you may have are kept in a safe and secure location such as a file server. In the case of CD-RW and floppy disks we recommend a locked file cabinet or safe.