The followiing information was provided by the University of North Texas Cumputing Center. "Protect Your Computer / Workstation Take Responsibility · Take responsibility for your machine. Don't expect your computer to secure itself; and don't rely on others to fully protect you. Don't place all your trust in virus protection and firewalls. These tools must be updated often. Talk to your network manager or system administrator about the newest virus & worms that threaten the network, as well as what you can do to better secure your computer and data. Go to security news sites often and learn about the newest threats and subscribe to security newsletter lists that summarize the latest security-related stories. Be Aware · When you drive your car and hear a noise coming from the engine, do you ignore it and keep driving? This attitude will more than likely leave you stranded on the side of the road. The same can be said about your computer. Inventory your system; know what programs should be running and what shouldn't. If you don't know what's there, you won't know when it's different. Note changes in how computer runs, did the Internet suddenly get really slow? Look for signs of tampering. Is there suddenly a new folder on your c:drive that wasn't there yesterday? Monitor/view your system logs regularly. These logs contain some of the best information about what is happening on your network. Know The Rules · Read the Computer Use Policies that govern your role within your department and at UNT. Become aware of what is acceptable and unacceptable when utilizing organizational resources such as your computer or the Internet. Knowing the rules will help you avoid violating policy, which may lead to your loss of computer or Internet privileges. Ignorance of the policies and rules do not make them go away and will not be a defense if something should go wrong. Contact your network manager to learn about additional computer usage or security policies that may be specific to your department. Patch Often · Check for patches often. Subscribe to news lists to alert you of availability. This goes not only for your operating system, but also for all the applications you use (especially those from Microsoft such as Internet Explorer, Outlook Express, and Office). Enabling Automatic Windows Updating is a good way to stay up-to-date. Ask your network manager or system administrator for additional help with patching and upgrading your operating system and software. Turn Off Those Services! · Services are applications that run in the background while a computer is on. These programs are typically installed as a part of the Operating System, and are enabled by default. Many services are essential to the successful operation of your computer. However, there are services which may not be necessary, such as telnet and routing/remote access. You should carefully go through your list of services to determine if there are any that can be disabled safely. You can ask your network manager or system administrator for help defining which services are safe to disable. Turn Off That Server! · A server is a computer or device on a network that manages network resources such as web pages, files, databases, etc. Common servers such as IIS (Web & FTP) and MSSQL (database) are often installed on desktops as part of other programs. The danger lies in the poor security history of these applications. Since they are on the Internet, they are exposed to hackers that know of and can exploit vulnerabilities within the server. Do not install servers unless absolutely necessary (i.e. you are going to host a webpage, etc.). Learn what different servers do and how they can lead your system to become compromised. Ask your network manager or system administrator for help if you are unsure if a server is running on your computer. Don't Run As Administrator · When you boot up your computer, you are more than likely logged in as an administrator. This is typically a bad idea for several reasons. First, administrators have access to core operating system files and applications, which, when administered improperly, can compromise the stability and security of your computer. Second, if another person gets access to your account they would have the ability to create new accounts, allowing them access to your computer anytime from anywhere. It is recommended that you login as a regular user without the ability to change files/folders outside of your personal account, install programs, or make system-wide changes. You can create a second account that is used for system administration when it becomes necessary to do so. Ask your network manager or system administrator if your account has administrator privileges. A Strong Password Will Get You Far · Your birthday, nickname, pet's name, anniversary, child's name, or favorite hockey team are NOT good passwords. A strong password has a minimum of 8 characters consisting of upper and lower-case characters, numbers, and special characters (~`!@#$%^&*-_=+). Change your password often (about once a month) and please don't tape a sticky note on your monitor or under your keyboard with your passwords. Never give your password out to anyone, including supervisors, colleagues, subordinates, friends or relatives. And, never give your password to your network manager, help desk personnel or even information security personnel. Confidentiality · Don't share information such as login id, passwords, email accounts, or faculty, staff, or students personal information including social security numbers, driver's license numbers, dates of birth, grades, etc., except when given express permission in relation to your job function. The Computer Use Policies and federal law (FERPA--Family Educational Rights and Privacy Act) protect this information as private and privileged. Treat any and all information of a sensitive nature as you would your own. Don’t Be Fooled One of the greatest tools a hacker has at his or her disposal is the ability to extract information from computer users without having to touch a computer. This talent of coercing people to give out information is known as “social engineering” and is one of the greatest security threats out there. Following the advice about passwords and confidentiality, don’t give out your password or any sensitive information to anyone for any reason. Be suspicious when answering seemingly innocent questions over the telephone. Hacker: “Hello! I’m Karen from XYZ Corp. We are conducting a survey of ABC financial database software users to determine their level of satisfaction.” User: “I’m sorry, we don’t use ABC database, we use MNO database, sorry I can’t help you.” You just did. Physical Security · I am not talking about hiring a burly bodyguard to watch your back. I am talking about becoming aware of your surroundings, shutting down or logging out of your system at the end of your work day, password protecting your screen-saver to start after a few minutes of inactivity, and not using automatic login at boot time. If you notice someone using a computer or accessing a system that they shouldn't be, let someone know. Report any suspicious activity to the proper authorities-- your supervisor, network manager, information security (369-7800), UNT Police (565-3000), etc. In addition, close & lock office doors, never loan your office keys to anyone and know who has keys to your office. Physical Security, Part II · There are things we all do everyday that can be potential security risks. When you print documents, retrieve them immediately if they contain any sensitive information (UNT ID numbers, social security numbers, login IDs, grades, confidential information, etc.) about yourself or others. Don’t leave documents with sensitive information out on your desk for others to see (or steal). When you have completed work using sensitive documents don’t just throw them away, shred them. Position your monitor so that curious onlookers cannot see what is on your screen without your knowledge. Virus Protection · Enable automatic virus protection and update virus profiles regularly. Schedule a thorough virus scan once a week. Be aware of newest viruses that may not be detectable yet. Contact your network manager or system administrator for assistance in installing, enabling, and updating your virus scanner. The Network Computing Services group provides information on the latest viruses and worms that threaten computer systems (Read the Anti-Virus section of their website, http://www.unt.edu/security/antivirus/index.html, for more information). Spam: Not Just A Tasty Snack! · Spam refers to the countless unsolicited commercial email messages and unsolicited bulk email messages that cripple millions of Inboxes and electronic mail systems every day. Spam is becoming more of a problem for both administrators and users of email worldwide. Sending spam can tie up excessive amounts of bandwidth, and may also violate the Computer Use policy if its purpose is for financial or commercial gain. And, it is considered extremely rude to send spam. Contact your supervisor, department official, or network manager before sending a mass mailing message to more than a few people. If you receive spam, the best advice I can give you is to just delete it. Most Internet Service Providers allow you to block incoming email messages (including GroupWise and EagleMail); but since spammers (individuals or groups who email spam) use randomly chosen fake names, you may spend valuable time blocking email addresses that may never be used to send spam again. If you are a student, you can protect your email address from spammers by making a formal request to withhold your directory information at the Registrar's office. Unfortunately, faculty and staff email addresses are part of the public record, and cannot be protected. Sometimes, spam email may include an opt-out link at the end of the message---- don't click on it. Usually, spammers use this as an indicator that your email address is valid and active, thus a good target for continued spam abuse. Only click the opt-out link if the spam is from a trusted company (Dell, Pepsi, BankOne, etc.), but remember that most spam do not come from respectable organizations. Internet Explorer · Internet Explorer has had a very spotty history when it comes to stability and security. Sometimes, these shortcomings are annoying; sometimes they are extremely dangerous to your machine. For maximum protection, disable ActiveX, Active Scripting, Java, JavaScript, Cookies, and Internet Installations. For those of us that like to actually browse the Internet, disabling ActiveX and enabling per-session cookies, Java, and JavaScript is more useable, but much less secure. Ask your network manager or system administrator for help disabling these services. Outlook Express/Outlook · Email: the great enabler. But it can also be the great crippler if you aren't careful. Viruses, worms, Trojan horses, macros, and scripts make your Inbox a dangerous place. To better protect yourself against these threats follow some of these easy steps to reach email nirvana. Do not use preview mode, it will automatically run any dangerous code hidden within your message. Disable all scripting; you shouldn't be receiving any email that has scripts in it so this one is a no-brainer. Do not open attachments automatically: make sure you trust the person who sent the message as well as the attachment itself (there is an exception, read about the Klez worm), only open emails from addresses you know (once again, read about Klez), and finally, do not open attachments you do not completely trust (Klez again!). Microsoft Word/Excel/PowerPoint · Disable or restrict macros and scripts from opening or running automatically. Set options to prompt you before allowing macros to run on your computer. Peer to Peer Software (e.g. Kazaa) and Copyright Infringement · Peer-to-peer (P2P) software such as Kazaa allows millions of people to swap music, movies, and other file types. While this is not strictly a security issue, it does violate the Computer Use Policy if an excessive/unnecessary amount of bandwidth is consumed. These programs can make the network and Internet speeds crawl for anyone using the same network. P2P software has also become the medium of choice for hackers to quickly disseminate viruses and other “malware.” In addition, the Digital Millennium Copyright Act (DMCA) has made it illegal to share copyrighted materials, which happens to be almost all the movies you watch, the music you listen to, the games you play, and the programs you use. So if you use P2P software, you now know that you are in danger of becoming infected with a virus and violating both University policy and federal law. Backup Regularly · Schedule backups to occur often. If you are hacked or experience a catastrophic crash, your backup is the only lifeline to restoration, so the more often you backup your data the better. Ask your network manager or system administrator for assistance in backing up critical information to remote locations/media. Create a system restore disk. Utilize network drives and folders provided to you by your network manager or system administrator to keep important information safe. Screen Savers · Enable your screen-saver to automatically start after a few minutes of inactivity. Activate password protection on your screen-saver to re-access your system. The inconvenience is worthwhile, as it will prevent unauthorized access to your computer, your files, or your email account. Personal Firewalls · Personal firewalls are a free/cheap method of stopping the casual scanner/hacker from gaining easy access to your computer. Even if your network has a firewall installed, a personal firewall is a good second layer of defense; however, the use of firewalls requires some knowledge of how to install, configure, and interpret the logs that are created by the program. Some firewall programs have been known to interfere with normal network performance, and you may not be able to get onto the network properly if one is installed. Ask your network manager or system administrator if a personal firewall is appropriate for you and also ask for permission to install one on your computer. File Manager View Settings · Don't hide file type extensions and do show all hidden files. Hidden file types can camouflage Trojan horse viruses, malicious macros/scripts, and other executables from running on your computer. By showing all your files, you prevent the hacker from concealing their activity from you. All folders/files will be visible when browsing with Explorer, allowing you to see if there is anything new that you didn't put there yourself. Clear That Page File! · A page file is a temporary file that is used to store active data about running programs and files. The page file often contains such nice tidbit such as your user id, any passwords that were used, application data such as that confidential email you just sent, etc. The page file should be cleared at every shutdown/reboot. Ask your network manager or system administrator how to enable this feature. File & Print Sharing · Disable any file and printer sharing by default. This feature in Windows lets anyone browse/access files on your machine, or send jobs to your printer. It can also be used as a point of attack for a hacker. If sharing files is necessary, you should restrict the users that can access the folders. Ask your network manager or system administrator for assistance disabling file and print sharing. Test Your Security! · Ask your network manager or system administrator to try to guess your password, connect to your computer remotely, and get information about your computer. This can reveal weak passwords or other problems/holes that a hacker can exploit. If vulnerabilities are found, work with your network manager to remediate or remove the vulnerability. Report Suspicious Events · Notify your supervisor, network manager, department head, or the Information Security team if you suspect that a security incident has occurred. Security incidents include attempts to socially engineer your password, identity theft, unauthorized use of your computer account, unauthorized individuals using computers in your office, someone entering a security sensitive area, etc. Read the Incident Reporting section of the Information Security web-site for more information about reporting security incidents."