When is the
last time you ran the "Windows Update" program on your Windows
pc?
Just about every month, Microsoft updates the Windows operating system
you are using with what they term "critical updates," changes
they've made to the operating system to make it more secure or to
fix problems that have been noted. And the updates aren't limited
just to operating system updates-they also update the Office applications
you use everyday as well as other Microsoft programs you may be utilizing,
such as Project, IIS, SQL Server.
If you have
an NT 4 or Windows 2000 system, have you set up auditing controls?
The default installation of either NT 4 or 2000 does not set up auditing
controls on your system. You must have administrator rights to the
system to be able to set these controls up. The purpose of these audit
settings is to alert you when an intruder tries to gain access to
your system, to let you know when the system has been shut down or
changes made to give an account higher privilege levels.
If you have
an NT 4 or Windows 2000 system, do you actively manage/protect the
administrator account passwords?
In other words, do you ensure that the administrator password is "hard
to guess," i.e., composed of a mixture of upper-case and lower-case
letters, numbers, or symbols? Do you change the password at set intervals?
If you have
a Macintosh OS 9 or 10 system, do you utilize antivirus software,
personal firewalls, and actively manage and protect the administrator-level
accounts on the system?
Because the majority of users out there utilize Windows platforms,
Mac users have felt somewhat distanced from the need to take security
precautions. However, there are indications that attacks on Mac platforms
are on the upswing, especially since the latest OS version of MAC
has a revised directory structure and customized binaries based on
the Unix platform.
If you leave
your system connected to the GSU network and to the Internet continuously,
have you chosen to install a personal firewall to protect your system
from internet-based attacks and intrusions?
There
are a myriad of choices available when it comes to personal firewalls.
This is a definite case where "one size does not fit all."
Recommendations come in two flavors-easy to install and use and effective
at keeping out intruders if you have installed and configured your
firewall correctly. Additionally, firewall software runs in a manner
similar to antivirus software in that firewall services constantly
monitor your system for attack attempts and intrusions, and this can
sometimes wreak havoc with other communications-type programs you
might run on your computer. Therefore, you may need to try a firewall
out for a period of time to see how it operates with all of your other
programs and be flexible in realizing that you may have to later uninstall
it and try another choice if the first one causes problems or work
with the vendor's technical support to correct any problems that occur.
Throughout the
next two months, you will be able to find more information about the
above issues at http://www.gsu.edu/security,
as "how to" guidance on topics such as applying updates
to your Windows machines, setting auditing controls, effectively using
your anti virus software, protecting your administrator passwords,
and choosing and installing personal firewalls will be added to the
existing security articles on the site. Mac OS 9 and 10 users will
find advice on anti virus software, personal firewalls, and basic
security measures they need to take as well. Finally, a discussion
of security configurations and best practices for securing Linux systems
will be added as well.