How long has
it been since I've performed a Windows Update?
Last month alone, at least 4-6 new updates came out. If your IT department
handles that for you, check with them. Programs are written that take
advantage of new vulnerabilities that are discovered on various Windows
platforms. If you fail to update your software, when someone runs
one of those programs against your computer, compromises can occur.
Am I scanning
downloaded music files, programs, or e-mail attachments before opening
them?
Anyone can plant a "Trojan horse" program in the place of
another type of file, simply by renaming it. If you download a file
containing a Trojan Horse" and open it right away, your anti-virus
software is not going to react. However, the next time a scan is run
of your system, the anti-virus software will let you know that it
detected it and quarantines the file. However, it's already too late.
It's running on your system now.
Am I shutting
down my system or logging off when I'm away from my computer for a
couple of hours or more?
There have been numerous instances of Windows 2000 Professional systems
being compromised by Trojan horses and NT rootkits, where an intruder
replaces files and also installs Internet relay channel clients and
an ftp server. They then advertise your system on the "xdcc"
IRC channels over the Internet and wait for interested people to come
and deposit or upload files. Most of these files, of course, are copyrighted
material. Your system is now distributing copyright materials freely.
Am I using
a personal firewall on my system?
There is no requirement that you do so but you may not be aware that
one of the primary ways that intruders enter a computer is through
"attaching" to open ports with a program such as netcat.
If they can get a terminal going, they can install software on your
system. If they can install software on your system, they can also
install a Trojan Horse (backdoor) and any number of utilities they
can use to attack other systems with your computer. Personal firewalls,
while not perfect by any means, can (and do) prevent intruders from
making successful connections to your computer.
Am I choosing
"hard to guess" passwords?
The best passwords are passphrases that include uppercase & lowercase
letters, numbers or symbols. "Cracking" the administrator
account on an NT or *nix system is easy if your password is a word.
Intruders have files at their disposal that contain every word known
to man. They feed those into a program that attempts to "guess"
your password and voila'. Make it harder for them--use a passphrase.
Am I educating
my student assistants?
Before you allow student assistants to administer a lab in your department
or set up a brand new web server, require them to consult with your
departmental IT staff. If they don't apply proper security configurations
and patch updates prior to connecting these systems to the Internet,
compromises will occur.
http://www.gsu.edu/security