Protecting your PC
This note provides some guidelines on what you might wish to do to protect your desktop PC from the various threats to which a networked system is exposed. The intention is to provide some common-sense advice about what can be done to avoid the disruption of having to fix a system where security has been breached. The document makes extensive use, by way of hyperlinks, of documentation already produced by others.
The notes assume a PC running a variety of Windows. There are several versions of Windows running on machines in the University and, unless otherwise stated, the default version in this note is Windows 2000. Furthermore the advice is for single-user desktop machines rather than server systems. The latter, as the name implies, are computers used to provide services such as a web server or a database system and which typically will have a number of potential users. Setting up a server is an altogether more complicated task and should not be attempted unless you feel you have the expertise to understand what is involved or you have taken advice on how to set up your system. One problem encountered in recent months has been an application which, by default, allowed access to your system by other users when the software was installed.
One general point to note: the computer is most at risk when it is connected to the network. So one simple security measure is either to disconnect the computer from the network or switch it off altogether if the connectivity to the Internet is not being used.
The Threats
Why protect your system: The consequences of intrusion into your PC can be minor or they can be more serious:
- strangers may read your email and have access to other personal information
- your computer may be used to "attack" other computers
- some of your personal information such as passwords and financial details may be compromised
- your computer could be made unusable
Virus: the Computer and IT Support web pages already include advice about viruses. There are literally thousands of computer viruses which cause a range of problems from the minor irritant to the severe disruption of working PCs. They need some means of hopping from one computer to another and can be spread through files on floppy disks, email and its attachments, from web pages and by programs downloaded from the Internet. Some viruses have more sophisticated propagation techniques i.e. once they infect one machine they can use information on that machine as a "springboard" to other systems.
Trojan horse: Trojan horse programs are those which masquerade as something else and often attempt to set up a "back door" that will allow intruders into your system. Typically it is an apparently useful program which contains hidden functions which present a security threat. Once into your system it may be used to monitor or to disrupt that machine or as a starting point to compromise other machines.
Remote access: remote administration of your machine can be achieved in other ways, one being to exploit a security loophole in the operating system or one of its applications. Once installed these programs allow users from elsewhere to access and control your computer.
Denial of service: these are attacks which cause the computer to crash or to freeze because it is overloaded.
Backing up the system and data
If your system is compromised then it may be necessary to re-install Windows. This may be greatly helped if you have an Emergency Repair Disk and a back-up of the Windows registry.
Securing the Operating System
All operating systems are updated after their releases in the form of updates of patches. Some of these address known problems with the software while others deal with security issues. Modern versions of Windows include an update function. This can be set up to run automatically or you can choose to run it periodically. Look for the program Windows Update in the Start menu (bottom left of desktop screen). Patches are often categorised as critical, security or recommended. Note that some updates may be for programs which are not installed on your computer and therefore may not be needed.
[Beware of emails which purport to come from software suppliers and which offer a necessary update. One recent exploit was such an email, supposedly from support@microsoft.com]
Anti-virus Software
Many viruses are spread through email and, last summer, ITS introduced the scanning of email for viruses. This has been successful in reducing the number of infected emails which reach recipients in the University but it does not offer complete protection.
ITS, on behalf of the University, manages a site licence for F-Secure which is one of the leading anti-virus products. You are strongly advised to install F-Secure on your PC and it can be downloaded from the ITS web pages. It is crucial that the signature files are kept up to date. This can be set up to be done automatically or you can do it manually.
Protecting against intrusions
The risk of unwanted intrusions can only be reduced by sensible settings in the systems configuration. Two things are perhaps worth mentioning explicitly. Windows NT and later versions have the concept of different users, one of whom is administrator who has "superhuman" powers. It is important that this user has a secure password and it is probably sensible that it is not the user name for any regular user of the PC. Secondly, Windows offers "file and print sharing" capabilities which enable you to share with others some of the resources on your computer. If this is not required then it is prudent to make sure that file and print sharing attributes are switched off.
Windows XP includes a firewall tool, the Internet Connect Firewall (ICF) which offers some control of traffic into and out of your computer. Windows 2000 also has some firewall capabilities but it is not an area for the faint-hearted nor the less-than-expert. There is a useful tool called ZoneAlarm which is cheap, effective and easy to set up. It costs about £30. N.B. The free version of ZoneAlarm is not licensed for use in educational institutions.
Please note that ping is used by IT Services for network monitoring purposes. If you install a personal firewall on a computer which blocks ping so that the computer can't easily be detected on the network, your network socket may be disabled and the IP address reallocated.
Security Tools
One simple tool available on the Internet is Shields Up! Provided by Gibson Research Corporation which scans your PC and reports back on the state of its "interface" to the Internet. It can provide some useful guidance on likely loopholes in your security.
Microsoft has recently introduced the Microsoft Baseline Security Analyser which is a useful tool to check the inherent security of the operating system (and other Microsoft software) on your computer.
File Encryption
Should you be leaning towards the paranoid then, having done all this to prevent access to your computer, you could then consider encrypting your data. This requires the NTFS file system and is available for Windows 2000 and XP.
