|
Security: At home and at work
Keeping your computer secure will protect you against viruses, worms, spyware, hacking attempts, and password theft. Security is often neglected, but keeping a computer secure requires just a few straightforward concepts: · Stay on top of Windows Security Updates · Always have a Virus Scanner with Updated Definitions · Every account on the computer should have a password · Never give out your password · Never login for someone else using your username and password · Always run an updated Software Firewall · Don't click on suspicious links and attachments · Avoid and remove SpyWare What happens if I don't keep my computer secure?A computer that is not constantly kept secure and up to date is vulnerable to many different attacks. The most common is an automated hacking attack called a worm. Worms hack into computers that have security vulnerabilities, then use those computers as slaves to hack into every other computer on the network. Whenever you are vulnerable to a worm, you are also vulnerable to a manual hacking attempt. The main objective of a worm or hacking attempt is usually to hack into more computers. It appears to anyone on the network that the infected computer is attempting to hack into their computer directly. SAIT and ITS takes all hacking attempts seriously and will block network access for any computer that appears to be attempting to hack into other computers. ITS will only enable these ports after the worm or problem is fully removed and all relevant security patches have been applied. There are other serious implications of hacks and worms. Some attacks aim to steal passwords, software license keys, and credit card numbers. Some attacks turn the computer into a slave computer of the hacker, possibly filling up the hard drive and utilizing your entire network connection. What are some of the latest threats?Some of the latest security threats and instructions specific to those threats can be found on www.usc.edu/its/alerts, http://www.microsoft.com/technet/security/default.mspx, and www.cert.org. Keep on top of Security UpdatesSecurity is a proactive process. It is much easier to keep a computer secure and up to date than it is to repair the catastrophic damage caused by leaving a computer vulnerable to attack. All versions of Windows ship with critical security vulnerabilities waiting to be discovered. Historically, every time a critical vulnerability is discovered, Microsoft releases a patch for Windows to fix the problem well before the vulnerability is heavily exploited. They post these updates to the website http://windowsupdate.microsoft.com. For your home computer, it is your responsibility to install these updates as soon as they are posted. At work, SAIT has configured workstations to automatically download and install the updates for users. Soon after a critical security update is posted to Windows Update, viruses and worms are quickly written to hack into computers that are missing this patch. Vulnerabilities in Windows or some Microsoft software are discovered and patches are written approximately once per week. You can configure windows to install these Windows updates automatically. On Windows XP, the functionality is automatically included. On other versions of Windows, it is available as an update from the Windows Update website. The configuration for the automatic updates can be found in the Control Panel. On most versions of Windows there is an Automatic Updates icon. If you have XP service pack 2, your Automatic Updates should look like this:
If you have Windows XP and your Automatic Updates does not look like this, you are already behind on security updates unless you’ve been manually checking the windows update site at least once per week. The recommended setting is to have the computer automatically download and install updates whenever you are online. Install a Virus scanner and keep it up to date: Any virus scanner that is kept up to date should be fine. If you currently have McAfee Antivirus, Sophos, Norton, Symantec, or others, you do not need another antivirus product. Generally, you can only have one antivirus program on a computer at a time. Make sure that the antivirus program you have installed has up to date virus definitions and is allowed to download updates. If you do not already have an antivirus program, or your program is no longer licensed to receive updates, you may download Symantec Antivirus from the ITS Software Website. Please see the ITS Virus webpage for more details on Symantec Antivirus. Make sure that your virus definitions are up to date. The virus definitions for Symantec Antivirus are shown on the main Symantec window as shown below. Because new viruses come out every day, if your definitions are more than a few days old, the antivirus program is useless. You can update the definitions by clicking on the LiveUpdate button.
Another useful antivirus tool is the Stinger Tool from McAfee. Stinger is a standalone antivirus tool that does not require an install. It is a specialized tool that scans for the latest and most common virus threats only. Therefore, it should not be relied upon as your only virus protection, but it can be a useful tool to supplement your current antivirus program. Stinger can be downloaded from http://vil.nai.com/vil/stinger/ Every account should have a passwordEvery account on the system should be password protected. It doesn't matter whether or not you are the only person who uses the computer or if the computer is in a secure locked office. The same password you use to log into the computer is effectively the same password someone would use to log into the computer via the network. Creating an account without a password is an invitation to hackers and worms. These passwords should be strong passwords that follow rules similar to the ITS password rules. Most hackers and worms will try to hack into a computer by rapidly trying a list of passwords, including dictionary words and common passwords. In many password schemes, it is easy to test all approximately 200,000 English words in a matter of seconds. Conversely, testing all arbitrary 8 character passwords with non-letter characters takes thousands of years. This is why it is so important to make sure the passwords you choose are secure passwords. Use a Software FirewallMost versions of Windows run server-level services that allow network users to connect and login to the computer. Most people would never use these services, but many of them cannot be turned off. To protect your computer against possible security vulnerabilities in these services, you should run a firewall program which protects these services from unauthorized access. Windows XP comes with a simple software firewall. This firewall was extended significantly in Service Pack 2. To turn on the firewall, go into the Control Panel, then click on Windows Firewall. It should look like this:
If you have Windows XP, but you do not have a Windows Firewall Control Panel icon, you are behind on your security updates, and should download Service Pack 2. If you are running other versions of Windows, such as Windows 2000, it is recommended to use a third-party firewall, such as Symantec Client Security, Symantec Personal Firewall, or Zone Alarm. ITS provides the Symantec Client Security Firewal at software.usc.edu for free download, however, the ITS Customer Support Center does not support creating custom rules in Symantec Client Security, nor the installation or use of other firewall programs. Be careful of what you click onAssume that every email and webpage could be malicious to your computer. Emails can contain viruses, and web pages are often set up to install spyware on your computer. If you ever receive an email attachment, make sure you are expecting it and know what it is before attempting to open it. Also, make sure the email has specific details or instructions, such as, "This is that proposal we talked about at the conference on Tuesday", and not "Here is a happy game. Please enjoy". Be careful, even if the email appears to be coming from someone you know and trust. If you have any doubts about an attachment, you can save it somewhere, such as your desktop, right click on it, and then click on scan for viruses. This should only take a few seconds. In the first few days after a virus is created, virus scanners cannot typically find it. Therefore, you should be wary of attachments, even if the virus scanner says it does not contain a virus. This is another reason to keep your virus definitions up to date. Protect your Computer from SpywareSpyware is a type of program similar to a virus that runs invisibly and collects information about the person using that computer. There are several types of software similar and effectively synonymous to Spyware, including Adware, Malware, and others. Spyware can have many adverse effects, such as slowing down the computer, collecting passwords and credit card numbers, tracking web access, and breaking Windows components. The best way to protect your computer from spyware is to avoid it. Once spyware is installed, it is hard to remove, and may have already damaged critical Windows components. Two common spyware sources are Active X/Install for the Web and add-ons to other programs. Install for the Web is a service by which websites offer to install programs for you automatically. Unless these programs are written by well-known, reputable vendors, such as Macromedia Flash, or Sun Java, you should never install these. A typical Install for the Web spyware installer looks like this:
You should always click No on windows that look like this unless you know exactly what it is you'd be installing. Windows XP Service Pack 2 may automatically try to block these installers. Reputable vendors such as Adobe and Microsoft are not known to include spyware add-ons with their software. Spyware add-ons usually come from smaller shareware programs and Peer-to-Peer network programs. Kazaa is known to install a large amount of spyware, including spyware programs that constantly download more spyware. Peer-to-Peer network programs such as Kazaa, LimeWire, Morpheus, iMesh, and others should not be used at USC. If you already have spyware on your computer (most people do), there are ways to remove it. However, these methods can lead to network problems, software malfunctioning, and result in Windows no longer starting. Therefore, the following methods are provided as-is, with no support, and it is strongly recommended that you backup your computer before attempting any of the following. Ad-Aware and Spy-Bot S&D are two programs that can be used to clean up spyware. These programs work similar to a virus scanner. They must be updated, and then they scan the computer for spyware. Test your Computer's SecurityOne useful tool for testing your computer's security is the Microsoft Baseline Security Analyzer. This program checks to make sure all of your Microsoft products are up-to-date, and that there are no clear security flaws in your Windows settings. In addition, you can scan your computer via Symantec’s security website at http://security.symantec.com/ssc The Microsoft Baseline Security Analyzer should only be run from the computer that needs to be scanned, as scanning other computers remotely could be seen as a security threat. The Baseline Security Analyzer can be found at http://www.microsoft.com Getting HelpPlease contact SAIT for additional information or help. This information was forked and adjusted from ITS. For complete USC security information please visit the ITS website at http://www.usc.edu/its |
