Here are some simple steps each computer owner can take to protect computer systems and data at UCI.
Abide by Departmental Security Standards:
- Check with your local computing supporter to be sure you are using departmentally approved network settings, security tools, and network services.
Physical Security for Computer Users:
- Lock your office.
- Put diskettes and CDs in a locked box.
- Secure computers (especially laptops) to a non-movable piece of furniture or lock them in a drawer when not in use.
- Never leave your laptop unattended in public places.
Remote Access:
- Tools such as PC Anywhere expose your computer to additional security vulnerabilities and are not recommended.
- Some users can get the remote access functionality they need through the use of the campus Virtual Private Network (VPN).
- Users who require the facilities of Microsoft Networking are encouraged to use Microsoft Remote Desktop (called Terminal Server in Windows 2000.)
More information: http://www.nacs.uci.edu/news/2003.1.html#1
Don’t run unneeded network services:
- It is important to turn off all non-required ports on your system.
- Don’t run a Web server which is built-in unless you have a need to do so.
- To see what is open on your system run the “Shields Up” program at https://grc.com/x/ne.dll?bh0bkyd2 then click on “Test My Shields” and “Probe My Ports”.
Personal Virus Scanners:
- Obtain updates on a regular basis.
- Keep subscription to updates current.
- Set to Auto-update on a weekly basis, if available.
Please note: NACS continues to scan incoming e-mail for viruses and cleans up infected messages. This protection is available only to messages sent to @uci.edu addresses. (That is, people who receive email addressed directly to their own mail servers do not receive this benefit.)
More information on Virus Scanning: http://www.nacs.uci.edu/email/virus-scanning.html
Encrypt network traffic:
- VPN – When using network resources and applications where a password is requested, NACS recommends use of the VPN Off-campus and wireless traffic is especially vulnerable to “sniffing,” the practice of invisibly capturing, reading, and retransmitting network traffic.
More information: http://www.nacs.uci.edu/news/2002.10.html#1 - SSH – Secure shell (ssh) is an encrypted alternative to telnet and remote shell (rsh), wherein each packet is encrypted from the source to the destination. This prevents your communications (including passwords) from being “sniffed” while in transit. Using SSH insures that your data packets are only readable by you and the computer to which you are connecting.
More information: http://www.nacs.uci.edu/support/sysadmin/ssh_info.html
IM Chat:
- IM Chat (also known as Instant Messaging) is a popular, but non-secure form of electronic communication.
- Turn off all Terminal Services.
- Turn off all File Sharing.
- Check the settings in your Buddy List.