Best practices for computer security

Username:
Password:

This document details how you can secure your personal computer accounts and the data stored on them. The University Information Security Office (UISO) Best Practices page contains more technical security precautions that you should know, and that local support providers (LSPs), department administrators, and technicians should implement. (Also, see Guides for Sysadmins.)

All information in this document applies to laptops, but for further details, see Protecting Your Laptop Computer.

If you have further questions, contact your campus Support Center.

Note: Following some of the suggestions below can affect how your computer interacts with the network. If your computer or local network is managed by a computer support provider (such as an LSP), you should consult with your provider before making changes to avoid disrupting your network connection.

On this page:

Top three things you can do to protect your computer

Use security software

The most important thing you can do to keep your computer safe is to install and maintain security software, which protects your computer from viruses and spyware. Such security programs perform two general functions: scanning for and removing viruses and spyware in files on disks, and monitoring the operation of your computer for virus-like activity (either known actions of specific viruses or general suspicious activity). Most software can perform both of these tasks.

Install antivirus software, and keep your virus pattern files up to date.
Note: The University Information Security Office (UISO) recommends that you run the latest version of Symantec/Norton AntiVirus software (available to IU students, faculty, and staff for free via IUware) for your operating system, being sure to upgrade safely (see In Windows, how do I safely upgrade to the latest Symantec Endpoint or AntiVirus software?), and to update your virus definitions daily and scan your computer weekly. For instructions, see:
- Windows: In Symantec/Norton AntiVirus for Windows, how do I schedule automatic LiveUpdates and virus scans?
- Mac OS and OS X: In Symantec AntiVirus 10 for Mac OS X, how do I schedule automatic LiveUpdates and virus scans?
Also, refer to the following:
- In Symantec/Norton AntiVirus, how do I check the version number of the program and the age of the virus pattern update?
- For Symantec virus protection software, what are my options for updating the virus definitions?
For antispyware for Windows computers, UITS recommends Windows Defender.
Install and run Identity Finder, a tool to help you search for, protect, and dispose of personal information stored on your computer, file shares, or external media

Practice the principle of least privilege (PoLP)

Practice the principle of least privilege. Do not enable administrative privileges until needed; in other words, do not log into a computer with administrative rights unless you must do so in order to perform specific tasks. Running your computer as an administrator (or as a Power User in Windows) leaves your computer vulnerable to security risks and exploits. Simply visiting an unfamiliar Internet site with these high-privilege accounts can cause extreme damage to your computer, such as reformatting your hard drive, deleting all your files, and creating a new user account with administrative access. When you do need to perform tasks as an administrator, always follow secure procedures. For more, see In Windows, why should I avoid running my computer as an administrator?

Maintain current software and updates

Use a secure, supported operating system; see ComputerGuide: Recommendations and common questions. Keep your software updated by applying the latest service packs and patches. For Windows, you can schedule Automatic Updates to automatically download and install available updates.

Avoid threats to your computer

Never share passwords or passphrases: Pick strong passwords and passphrases, and keep them private. Never share your passwords or passphrases, even with friends, family, or computer support personnel.
Note: At Indiana University, no official communication (e.g., email message, phone call, or computer support consultation) will ever include a request for your Network ID passphrase.

For more, see:
Do not click random links: Do not click any link that you can't verify. To avoid viruses spread via email or instant messaging (IM), think before you click; if you receive a message out of the blue, with nothing more than a link and/or general text, do not click it. For more, see If I use instant messaging software, how can I keep my computer secure?
Beware of email or attachments from unknown people, or with a strange subject line: See At IU, how can I protect my computer from an email attachment infected with a virus?
Do not download unfamiliar software off the Internet: KaZaA, Bonzi, Gator, HotBar, WhenUSave, CommentCursor, WebHancer, LimeWire, and other Gnutella programs all appear to have useful and legitimate functions. However, most of this software is or contains spyware, which will damage your operating system installation, waste resources, generate pop-up ads, and report your personal information back to the company that provides the software.
- What is spyware or adware, and how can I remove it?
- On my PC, why am I having network problems after installing file-sharing software?
Obtain public-domain software from reputable sources, and then check the newly downloaded software thoroughly using reputable virus detection software on a locked disk for signs of infection before copying it to a hard disk.

Note: Before you choose to download and use these types of programs, make sure you are not violating copyright or other applicable laws. Downloading or distributing whole copies of copyrighted material for personal use or entertainment without explicit permission from the copyright owner is against the law. For more, see:
Do not propagate virus hoaxes or chain mail:
- What should I know to avoid getting in trouble with email?
- How can I tell if a computer virus alert is a hoax?
Log out of or lock your computer when stepping away, even for a moment: Forgetting to log out poses a security risk with any computer that is accessible to other people (including computers in public facilities, offices, and shared housing) because it leaves your account open to abuse. Someone could sit down at that computer and continue working from your account, doing damage to your files, retrieving personal information, or using your account to perform malicious actions. To avoid misuse by others, remember to log out of or lock your computer whenever you leave it.
Shut down laboratory or test computers after you are done with them: For computers in the STCs or RTCs, logging out is sufficient to protect the security of your accounts and data. With other computers, however, it is usually necessary to shut them down after you have finished to prevent unauthorized access.
Remove unnecessary programs or services from your computer:
- In Windows, how do I uninstall programs?
- In Mac OS X, how do I remove an application?
Restrict remote access: UITS recommends that you disable file and print sharing. In rare exceptions when you may need to share a resource with others, you should format your drive using NTFS and correctly set the file and directory permissions. With Windows 2000 and XP, new folders are created by default with access granted to the "everyone" group. If you do have file sharing enabled on your computer, be careful to set permissions correctly when creating new folders so that you don't inadvertently leave them open to everyone on the network. For more, see If I use file-sharing software, how can I keep my computer secure?
Frequently back up important documents and files: This protects your data in the event of an operating system crash, hardware failure, or virus attack. UITS recommends saving files in multiple places using two different forms of media (e.g., Oncourse CL Resources, USB flash drive, CD-R). Avoid using floppy disks to save files, as they can wear out with frequent use. See At IUB and IUPUI, what options do I have for storing my files?
Treat sensitive data very carefully: For example, when creating files, avoid keying the files to Social Security numbers, and don't gather any more information on people than is absolutely necessary.
Sensitive information should be handled (i.e., collected, manipulated, stored, or shared) according to legal and university functional requirements related to the specific use involved, as well as data and security policies of the university; see Protection of Sensitive Institutional and Personal Data. For more information, contact the university Data Steward for the data subject area involved. For a listing of the Committee of Data Stewards, see the University Information Policy Office's (UIPO's) Data Management web site.
Remove data securely: Remove files or data you no longer need to prevent unauthorized access to them. Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your system. For information on secure data removal, see Securely Removing Data.
Deploy encryption wherever it is available:
- What is PGP, and how secure is it?
- What are secure web sites and SSL certificates?

Securing your home network

How can I secure my home wireless network?
CERT Coordination Center's Home Network Security page

This is document akln in domain all.
Last modified on July 29, 2009.