Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

ARCHIVED: At IU, how can I secure my on-campus computer?

Always-connected workstations with high-speed network access (e.g., Ethernet connections) are very attractive targets for attacks over the Internet. At risk is not only the owner's personal information and data, but the security of the entire system, as a break-in can provide an attacker with an access point from which to launch further attacks on the network. For these reasons, owners of computers connected to the IU network must take precautions to protect their computers from external threats. The Information Technology Security Office (ITSO) recommends following the guidelines below, designed to help you protect your computer system while on the IU campuses. Since DSL and cable modem connections are also persistent connections, you may want to review If I use a cable modem or DSL, how do I keep my computer secure?

On this page:

Operating systems

The first step to securing your computer is to use a secure operating system. Windows 95, 98, and Me are not secure operating systems when connected to the Internet. If you are using Windows 95, 98, or Me, UITS encourages you to switch to Windows XP. For more information about operating systems that UITS supports, see ComputerGuide: Recommendations and common questions.

If you use Windows 2000 or XP, format your hard drive to use NTFS as your file system. This provides a more secure and stable file structure then FAT or FAT32.

Once you have installed your operating system, you need to make sure that it is updated to protect against any security-related vulnerabilities found since the operating system was first distributed. You will also need to maintain it over time as new patches and service packs are deployed. For more information on proper maintenance, see the Software updates and alerts section below.

If you use Windows, you should make use of the security tools available free from Microsoft. You can download and install Microsoft Baseline Security Analyzer (MBSA) to determine missing hotfixes and the security level of your computer.

Antivirus protection

Note: The University Information Security Office (UISO) recommends that you run the latest version of Symantec virus protection software (available to IU students, faculty, and staff free of charge via IUware) for your operating system. Be sure to upgrade safely, update your virus definitions daily, and scan your computer weekly. See In Windows, how do I safely upgrade to the latest Symantec Endpoint or AntiVirus software?

See:

Also, visit the How to protect against viruses page maintained by ITSO.

Authentication

If you live on the IU campus, you should join your Windows computer to IU's ADS Domain and authenticate using your IU Network ID username and passphrase. Using the Get Connected software will automatically set up your computer correctly. For more information on joining the ADS Domain, see At IU, what is my Active Directory Services (ADS) domain account?

Passphrases

  • Never share your Network ID passphrase with anyone. This includes friends, roommates, family, and IU technology support staff.

  • Do not write down your passphrases.

  • Change your Network ID passphrase frequently using the Passphrase Maintenance utility. Select a strong passphrase that you can remember easily. For more information on selecting good passphrases, see Passwords and passphrases.

  • If your computer has been compromised (i.e., has been the target of any unauthorized access), make sure you change the administrative password. If your computer has had a system-level compromise (i.e., has been infected with a worm or has been otherwise exploited on the system level), you will have to rebuild your computer. For help changing the administrative password in Windows 2000 and XP, see ARCHIVED: In Windows 2000 and XP, how do I set or change the administrator password? For information about recovering from a system-level compromise, see In Windows, how do I safely rebuild my computer?

Using non-administrative accounts

Using your computer with full administrative rights can be dangerous, allowing viruses and other attacks to more easily compromise it. ITSO suggests following the principle of least privilege: You should perform day-to-day work as a non-privileged user and only use privileged accounts (administrative rights) for tasks that require additional capabilities. For more, see What is the principle of least privilege?

Locking your computer

When you leave your computer, even for a few minutes, lock it, using either the built-in locking capability of your operating system, or a password-protected screen saver. For instructions, see In Windows, how do I lock my workstation without logging off?

Software updates and alerts

There are a number of methods for keeping your software up to date. Most software vendors provide web sites where you can download the latest updates for your software. If you use Windows, you should set up your computer to use Windows Automatic Update. For more information about this feature, see For Windows, how can I get software updates and patches?

  • Service packs are collections of bug fixes, security enhancements, and new features for Windows. Service packs add necessary security features, and keeping up to date with service packs is a good way to protect your computer from security risks. You can find a comprehensive listing of Microsoft product service packs at: http://support.microsoft.com/default.aspx?scid=fh;EN-US;sp
  • If you use Microsoft Office, you can get Office updates at the Microsoft Office Product Update site at: http://office.microsoft.com/en-us/downloads/default.aspx
  • By subscribing to vendor alert notification services you will be notified when new hotfixes or patches are available:

    • You can subscribe to Microsoft's alert service at the Product Security Notification page.
    • You can subscribe to Apple alerts at the "Apple Mailing Lists" page for the security-announce mailing list.
    • You can get alerts for most Linux distributions by registering for security alert mailing lists. Check the web page for the appropriate Linux distribution for details.

Restricting remote access

  • File and print sharing: The Information Technology Security Office (ITSO) recommends that you disable file and print sharing. In rare exceptions when you may need to share a resource with others, you should format your drive using NTFS and correctly set the file and directory permissions.

  • Open shares: With Windows 2000 and XP, new folders are created by default with access granted to the "everyone" group. If you do have file sharing enabled on your computer, be careful to set permissions correctly when creating new folders so that you don't inadvertently leave them open to everyone on the network.

File sharing applications

It is illegal to share any copyrighted media files if you do not have appropriate permission to distribute the files. Check the options you have set in file-sharing programs like Morpheus, KaZaA, iMesh, or eDonkey2000. For details on specific programs, see the University of Chicago's "Disabling Peer to Peer File Sharing" page at: http://security.uchicago.edu/guidelines/peer-to-peer/

Wireless access points

Due to a number of security issues with wireless access points (WAPs), it is against university policy for users to install these devices on the university network. For more information, see At IU, may I add a wireless access point to my campus housing residence, classroom, or office?

Other security tips

  • Never give out personal information (e.g., your student identification number, passphrase, or PIN) in email or on an insecure web page.

  • Back up your data to a flash drive, floppy disk, Zip disk, or CD-R and store it in a secure location.

  • Never execute files received as email attachments or downloaded from an unknown source.

  • Clear your browser's cache regularly, to flush any stored personal information. For instructions, see How do I clear my web browser's cache, cookies, and history?

  • Keep your chat room and instant messaging profiles blank and never provide personal contact information to others. Never click suspicious links; for more information, see If I use instant messaging software, how can I keep my computer secure?

  • If you think your computer or your account has been compromised, contact your campus Support Center; see How can I contact the Support Center at each IU campus for help?

  • If you have a security-related question or incident, you can email ITSO at  itso@iu.edu .

  • For the latest security information, visit the ITSO home page at: http://itso.iu.edu/

Related information

This is document alfz in domain all.
Last modified on August 30, 2010.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.