Steps to secure a PC
7 Steps to Securing Your Computer
|Step 1. Keep your system patched and up to date|
|New security bugs are discovered almost every day. In order to keep your system secure it is critical that it be kept up to date with recent patches and software upgrades. Microsoft provides patches to fix these security bugs, but expects you to download and install these patches. By applying these patches regularly, you have a much lower chances of getting a virus, trojan, or worm as most of these exploit common known security holes in unpatched systems.|
|How to do it:
There are two ways that SU students, faculty and staff can keep their Windows 2000 or XP computers patched.
You may manually configure Windows Update to download the patches from Microsoft's website:
|Step 2. Use Antivirus Software|
|Most viruses will be caught by antivirus software as long as the antivirus is kept up to date. It is absolutely crucial that users run antivirus software on their computers. With that in mind, SU offers all faculty & staff with University-owned computers a copy of E-Trust Antivirus. Students are highly encourage to purchase their own antivirus software or download a free copy of antivirus software. This software is highly recommended for all users and is required for computers living in Residential Housing.|
|How to do it: IMPORTANT NOTICE: Before installing any antivirus, remove any other antivirus software from your computer. This is important because having multiple antivirus products on the same computer can cause serious problems.
For Students: We are currently suggesting Grisoft AVG Antivirus software for students without a antivirus program. Go to the Security Download Page for download.
For Faculty & Staff: If you have installed the latest preconfigured version of E-Trust on your machine, all the settings should be correct and your E-Trust should update hourly. To get the latest version of E-Trust, please contact the TNS office.
|Step 3. Use Strong Passwords (see also Password Policy)|
|Password enumeration attacks are becoming more common on Windows workstations.
Recent increases in computer hacking and viruses worldwide have caused many systems to become exploited. Hackers often attempt to gain access to a computer by guessing all possible combinations of passwords. Using a modern PC, a hacker can normally break a simple password remotely in less than 60 seconds. Once broken, your password may allow someone to access your files.
|Step 4. Share Files Correctly|
|a. Peer to Peer|
|There are applications for peer-to-peer (p2p) file-sharing applications such as KaZaa, Gnutella, BearShare, LimeWire and Morpheus, we do not ban them but we do encourage users NOT to use them on the SU network. However, we recognize that most p2p activity consists of copying copyrighted music and video files for personal enjoyment. If you participate in this kind of file-sharing activity, there are three things you should know:
How to do it
|b. Windows File Sharing|
|Be very careful with Windows file sharing. The default options for all versions of Windows are insecure and will let hackers into your computer unless they are disabled or fixed! Your best bet is to disable file sharing completely.
In order to use file sharing to access files from other Windows computers, while preventing access from hackers, you must enable shares that require accounts and passwords. This is not the default setting on any Windows version and can take a considerable amount of work to set up. You also need to synchronize the account names and passwords on both the 'server' Windows computer and the 'client' Windows computer, which requires a lot of work and is very time-consuming. Most computer users should keep file sharing turned off. You do not need to have Windows File and Print Sharing enabled if you access a Novell file server.
Assuming that you do not need to share the files on your computer with other computer users, you should completely disable the sharing feature. You will still be able to connect to servers, but no one (including hackers) will be able to connect to your computer.
How to do it:
To disable 'File and Printer Sharing' in Windows XP:
2. Double-Click Network Connections (under Network and Internet Connections in XP Category View).
3. Right-click on Local Area Connection and select Properties. In the middle of the properties window, you will see the list of networking components used by this connection.
4. If File and Printer Sharing for Microsoft Networks is listed, uncheck the item and click OK. This change goes into effect immediately.
To disable 'File and Printer Sharing' in Windows 2000/NT:
2. Right-click on Local Area Connection and select Properties. Under Components checked are used by this connection, look for File and Printer Sharing for Microsoft Networks. If it is not listed, you are not sharing.
If it is in the list.
3. Click in the check box next to File and Printer Sharing for Microsoft Networks to unselect it.
4. Click OK.
Note: File and Printer Sharing will not be enabled when you restart your computer. In order to re-enable it, you must go back and click in the check box next to File and Printer Sharing to select it.
|Step 5. Minimize Network Services|
|Windows in its various forms rank atop the list of the most exploited and vulnerable systems. Windows 2000 and XP both include many excellent tools for hardening, but are often left unused because many administrators do not know how to use them (or that they even exist!). By turning off unnecessary services and hardening the rest, you can close the largest and easiest way for an intruder to access your system. The follow steps will assist you in doing just this:
How to do it:
To disable this Remote Registry Service on Windows 2000 or XP, follow these steps:
|Step 6. Use some type of firewall|
|A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially harmful content on the Internet. It helps guard your computer against hackers and many computer viruses and worms. The SU IT Security Office suggests you install a firewall before connecting to the network.
How to do it:
You must have administrator access to your computer to install either of these options.
Windows XP includes the Internet Connection Firewall, which you can turn on:
Additional detailed instructions are at Microsoft Security Page.
|Step 7. Backup your important files|
|Even if you follow all of these recommendations, it is still possible that your computer could be compromised by a hacker. In 'a worst case scenario', a hacker's programs or virus will corrupt, infect, or erase your computer files. Or your hard drive could simply fail, causing the loss of all your data. Also it is becoming more common that a computer that has been infected with a virus may need to be formatted and have all of the software reinstalled.
By backing up your files to a burnable CD, Floppy disk, Zip disk, or a workgroup file server, you can save yourself a lot of trouble if your computer gets a virus.
How to do it:
A computer backup involves placing a duplicate copy of your data onto a secondary medium, such as floppy disks, a recordable CD, or a workgroup file server. Then when your hard drive fails or you accidentally delete a file, you can rely on the backup to recover any files. The most important elements to backup are documents like essays, thesis and e-mail. You might also consider backing up your operating system, software and settings since reinstalling them can be a lengthy process. An essential part of any computer security procedure is to make regular backups of your essential files.
Probably the best back-up solution is a CD writer. This is a CD-ROM drive that allows the creation or burning of Compact Discs. It uses blank CDs that are either CD-Recordable (or CD-R) or CD-Rewriteable (CD-RW). The CD-R means the CD can only be burned only once, but can't be erased, while CD-RW can be recorded and erased and re-recorded. They are reusable up to 1000 times.
Most CD-R and CD-RW drives come with software that will do data backups as well as audio CD creation. This software is capable of backing up both the entire computer system as well as single files. For most people simply copying your important directories of files every few days would provide substantial protection. However, only you can determine how critical your data is and how often you should back it up. Be sure to use at least two sets of backup disks, rotate them, so you are always overwriting the oldest.
If you do not own a CD-R or CD-RW you can still backup your data using a Zip drive or even a floppy. If you do not need to backup on a very frequent basis, you probably don't need any special backup software, and can instead use your file manager (Windows Explorer) to copy files to a removable medium. (i.e., drag and drop your files to a floppy or zip disk.).
Make sure that any backup files you may have are kept in a safe and secure location such as a file server. In the case of CD-RW and floppy disks we recommend a locked file cabinet or safe.