The biggest factor in protecting your machine -- and everybody else in the department -- is YOU! There are several areas to pay attention to, but in truth, it's all pretty easy...
Make sure there is a virus scanner installed on your PC, and configured to do auto-updates.
If the CSE Support Group configured your Windows host, they already installed the Sophos virus scanner, and it is configured to automatically update itself daily.
If you configured your Windows host, install the Sophos virus scanner, and configure the Sophos software to auto-update daily.
If for some reason you don't configure Sophos to auto-update, you must manually update Sophos every day.
Windows Security Patches
If your system is a member of the CSE windows domain (CSENETID) then your computer is automatically updated with the latest security patches. This also means that occasionally when a security update requires a reboot, your desktop will be automatically (and forcefully) rebooted following the install (often in the middle of the night. If you wish to be exempted from this automatic reboot process, send mail to support@cs, but understand that you are responsible for rebooting your machine routinely (i.e. weekly or more often), in order to ensure you are sufficiently protected and up-to-date.
The latest Windows Update processes also update your Microsoft applications that you have installed, like IIS, SQL, and Office. For information about Windows Update, follow the links in the left pane.
If you are running any special software that utilizes the network/internet (Apache Web server, MYSQL server, etc.) you *MUST* keep those applications patched. We have no way to update these packages for you. Even applications like Mozilla Firefox and Thunderbird can be gateways for hackers to get into your computer if you don't keep them patched.
Enable Windows Firewall
A firewall protects your computer by blocking incoming traffic and prevents infection from attacks directed towards your computer. All recent versions of MS operating systems now come with a nice firewall built in (XP SP2 and Win2k3 server SP1). Machines that are built and joined to the CSE windows domain (CSENETID) automatically have the firewall enabled. You are allowed to make exceptions for programs that you need. For information about configuring windows firewall, follow the navigation links to the left.
THINK! Before Opening an Attachment
Be careful about opening attachments that come in email or ICQ, or files you download from the net, or that you get on a floppy.
One simple rule is to check the extension of an email attachment. If the extension is .vbs then it's not a web page, it's a Visual Basic script that will execute as soon as you try to open it. And chances are very good that the effect will be very bad. Some viruses come packaged as screen savers (.scr). Word documents can contain macros with hidden viruses. You get the idea.
A second simple rule is to pay attention to the sender of an email message, and whether anything strikes you as a little bit odd. Many viruses propagate themselves by first opening a person's address book and sending itself to everyone in there. Thus, you may receive a message from someone you know or have corresponded with in the past, buy maybe haven't heard from in a while. So if a message seems to come "out of the blue", or the message itself seems a little odd, BE SUSPICIOUS! Contact support if you have any doubts.
For Unix Users
Most of this page is oriented towards Windows user, although some recommendations such as using firewalls, strong passwords and turning off unnecessary services are applicable to Unix-like systems. Further general guidelines for securely configuring various operating systems can be found here. More specific links for keeping software up to date on some non-Windows systems are given below:
- Mac OS X security alerts are available here. To automatically update your Mac OX software see these instructions.
- For Ubuntu Linux see the tutorial on automatic security updates here.
- For Redhat Enterprise Linux, security announcements are archived here. Update are available via rhn.
- For Fedora Linux, all update announcements are achieved here. The security related announcements are tagged as such. For general information about software management in Fedora see how to use yum.
- If you are running some other distribution, you probably already have your own methodology for dealing with security. Right?