Security Guide


Contents:



Introduction

The security of your computer is very important to you and to the University. As you are without doubt aware there are many security threats 'out there' that you need to protect yourself against, for the security of your computer and data, and for the security of other users on the University network.

Maintaining a secure computer is not as complicated as you might first think. There are some basic steps and procedures you should ensure you take that will protect you from 99% of security problems that an average user will encounter.
While you might think that connecting your computer to the University managed network provides enough security you would be mistaken. The University does have measures in place to protect its users from external threats, and to monitor any suspicious activity on the network, but these measures alone will not keep your computer safe. It is important that you follow the guidelines in this document to ensure your own security, and to help keep the University network secure too.

There are three main areas of security this document will help protect against:


Insecure Software

This type of security threat is the most important to defend against, as all other levels of security threats depends upon software that is insecure and therefore exploitable. A virus or worm normally uses exploits in insecure mail software to install itself on computers, and spyware often uses insecurities in browsers to install itself on target machines.
Fortunately this type of threat is generally very easy to defend against. It simply requires securing software that you use by getting the latest patch or update from the software vendor. Most software comes with built in updating features which should be run as often as the vendor recommends.

The biggest insecurity in software that you computer will have is the Operating System itself. Most vulnerabilities in the Windows OS can easily be patched by regularly getting Windows Updates. This is the first step you should take.

Updating Microsoft Windows

After installing Windows, the first thing you should do is check for available updates. This is also the first thing you should do if you are connected to the wireless network for the first time.

Go to Start > All Programs > Windows Update (at top of list)

This should open a Web Browser that will direct you to http://windowsupdate.microsoft.com/ . Follow the instructions on the site to scan for updates and install them as necessary.

It is important that you repeat this process until have got all the available updates. This will likely involve multiple reboots.

Service Pack 2 (SP2) is now available for Windows XP and SP1 is now available for Vista, and you should get this as one of the updates. SP2 provides some security settings via the Windows Security Center (see Figure 1). You will find this in the control panel. We will go into this in more detail later, but for now it is important that the Automatic Updates is set to ON.


Figure 1


Other Software

You also need to make sure you regularly get updates for any other software that your computer may use, especially if it network related. Such software includes anti-virus updates, firewalls, spyware remover, and any instant messaging software.
Do not run services that you do not need or use regularly. Do not install web servers and ftp servers such as Microsoft’s IIS without keeping it patched and up to date with any security fixes.



Shares

It is important you understand the risk that open shares can pose. If you have a open share, any files/folders inside that share are available to anyone on the network. It is recommended that you disable file sharing completely as there are also security exploits that pray on open shares.

Removing shares can be accomplished by (see Figure 2) :

For XP: Start > Control Panel > Network Connection > Select properties of the Network Connection you are using > Click TCP/IP from the list > Properties > Advanced > WINS tab > Disable NetBIOS over TCP/IP


Figure 2

If you wish to use shares, Its recommended you use a password on the directory you are sharing. Only data that you have the rights to distribute, or own should be placed in any shares. And at no time should any copyright data be made available over shares.


Malicious Software

As you are probably aware, there is a considerable amount of software available that has a malicious purpose (Malware). This type of software mainly includes Virus’s, worms, Trojans and Spyware. Without adequate protection from this software it is easy to have your computer data stolen or destroyed, and for system performance to fall dramatically.

Protection against malicious software requires the use of two types of applications, Antivirus software and Spyware blocker/remover, and common sense.

Anti-Virus Software

There are lots of different Antivirus programs available, but it is possible to loan for free a copy of antivirus software to install on your PC if you require - this is available from the IT Support Office in the Library and Information Centre. Installation of antivirus software is critical if you wish to use your computer on the wireless network.

A list of recommended Antivirus software can be found at: http://support.microsoft.com/default.aspx?kbid=49500

Once you have installed your Antivirus software, it is important that you get all available updates, and then do a scan of your computer. Remove or quarantine any virus/worms that are found. If you require any assistance with this, please contact IT Support.

Spyware Remover

Spyware is software installed on your computer that will gather information about your computer and your internet habits then send the information back to its maker. It is not always malicious, a lot of shareware software uses Adware to pay for the software development, but generally it is annoying if not malicious. A new type of spyware spreading on the internet is one that installs new components such as search bars to your browser or makes advertisement pop-ups appear. This type of spyware will slow down your internet browsing and can also lead to your internet activity being monitored.

Spy Bot or Adaware are both good Spyware removers, but it is up to your preference what software you use. Once the software is installed, first get any available updates, then do a complete scan of your computer.

Spy Bot can be found here : http://www.safer-networking.org
Spysweeper can be found here : http://www.webroot.com/products/spysweeper/
Adaware can be found here : http://www.lavasoftusa.com/
Microsofts Windows Defender can be found here: http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
A good site to read up on spyware can be found here : http://www.microsoft.com/athome/security/spyware/default.mspx

External Threats

External threats to your computer are attacks made from outside your computer, either on the local network or from the internet. These attacks will generally be looking for insecure software running on you computer that can be used to gain access to your computer. If you have followed the steps in the previous sections of this document, then the external threats will be largely useless against your computer.

None the less it is important to secure your computer from any external threats with the use of a firewall. This is a piece of software which will block all incoming and outgoing connections to your computer that is not authorised by yourself. A lot of secuirty products such as Norton Internet Security come with a firewall built in. There are different software based firewall solutions available; a commonly used one is Zone Alarm. This can be found at www.zonelabs.com . If you have XP SP2, then this comes with a built in firewall, but it is recommended that you use a different firewall.

Hosts that need adding to your firewall rules to allow functionality on the wireless are:

* Student-vpn.swan.ac.uk or Staff-vpn or Guest-vpn
* email.swan.ac.uk

Compromised?

If you believe for any reason that your computer has had its security compromised; that is to say you have been hacked, got infected with a virus or have any unusual activity, then please disconnect it from the network, contact IT Support immediately and arrange to have your computer checked over. Please also refrain from using the wireless network until you are happy your computer is safe



Additional Reading Material

Below is a list of links to other sites with relevant information, software or advice.