ITSS Home :
Virus and Security Info :
Desktop Computer Security Check
Virus & Security Information
Desktop Computer Security Check
Effective October, 2004, the Office of Information Technology (OIT) issued a Standard - Securing Private Data. The standard defines the requirements for securing computers that store or access private data.
The standard states in part that, "Computers and other devices must be either continuously managed or reviewed on an ongoing basis for appropriate security measures by a full-time information technology professional."
Examples given of private/non-public data include:
- Social security number
- Birth date
- Home phone number or address
- Health information
- Student grades
- Location of assets
- Parking leases
- Anonymous donors
- Gender
- Ethnicity
- Trade secrets or intellectual property such as research activities
Beginning spring 2007, the QuickStart Level 1 template was incorporated into the campus NetReg process, ensuring that all Windows computers are in compliance.
ITSS also offers a Security Check service that fulfills the requirements of the standard for Level 1 and Level 2. The service is available for both Windows and Macintosh computers. To schedule the service for yourself or your department, please submit the online form, "Install Desktop Software", or contact the ITSS Help Desk (x8847).
Windows Desktop/Laptop Computers - Security Check
Required Steps
- Assign strong passwords for all workstation Administrator and Guest accounts
- Install all operating system security patches and critical updates using Windows Update Service
- Install and immediately update anti-virus and anti-spyware software
- Run QuickStart Level 1 to:
- Activate the Windows XP firewall or install a personal software firewall
- Disable windows file and printer sharing
- Set up automatic Windows Updates for installation of patches
Additional steps if your computer stores or accesses private data
(see: Standard - Securing private data)
- Run QuickStart Level 2
- Prepare a plan to back up your data (Novell, Samba)
- Set a password-protected screen saver
- Follow the guidelines for Encrypting Stored Data
Security tools and utilities:
- Secure email - configure your email client
- CCCleaner - system optimization and privacy tool
- Eraser - secure data deletion
- Putty - secure telnet client
- umChat/Jabber - secure instant messaging
- VPN - secure off-campus or wireless connection
- WinSCP - secure FTP client
Macintosh OSX Computers - Security Check
Required Steps
- Make sure your software updates are current. You should get
a weekly alert about new ones if you haven't disabled this. You can click
on the "Software Update" icon in System Preferences to check for new updates.
- Don't have your Mac automatically log into your account on
startup. In the "Accounts" System Preferences pane, click on the "Login Options" button
on the lower left and remove the checkmark in front of "Automatically log
in as:". Also, under "Display login window as", select "Name and password".
- Enable your screen saver and have the system ask for a password
on wake from sleep and to clear the screensaver. In the "Security" System
Preferences pane put a check in front of "Require password to wake this computer
from sleep or screen saver". You can also set a "hot corner" in the "Screen
Saver" System Preferences pane so that you can activate your screen saver
immediately by moving your cursor to one of the corners of your screen. This
is useful when you have confidential information on your screen that you
don't want others to see or if you're leaving your desk for a while and want
your computer secured immediately.
- In the Sharing System Preferences Pane,
under "Services",
make sure that nothing is checked.
Under the Firewall tab, turn the firewall "on" have only "Network Time" checked.
Under the "Internet" tab, make sure that nothing is checked.
- Install Symantec Anti-Virus: Anti-virus
and Firewall Software.
- Make your KeyChain password different from your account password
(Applications:Utilities:KeyChain Utility).
- The high-level "root" account in OSX is disabled by default,
but does not have a password set for it. You want it to be disabled, but
it's more secure if it has a password set. Use the Netinfo Utility to enable
root account, set a root password, and then disable the root account.
Run the Netinfo Manager utility located in Applications/Utilities. From the Security menu, choose "Authenticate" and then enter your password. From the Security menu, choose "Enable Root User". You'll be asked to enter a password (twice) for the root account. Enter a secure (not easy to guess) password that's different from your other passwords. Then from the Security menu choose "Disable Root User" (you'll be asked to authenticate). Then quit from Netinfo Manager.
Additional steps if your computer stores or accesses private data
(see: Standard
- Securing private data)
- In the Bluetooth System Preference pane,
under the "Settings" tab, click on "Trun Bluetooth Off". If you need to use
Bluetooth for wireless mice or keyboards then keep Bluetooth "On", but do
not check "Discoverable"
- Use the "Secure Empty Trash" option from the Finder's File
menu to delete confidential data.
- In the "Security" System Preferences pane you should enter
a "master password". This is used to unlock any account encrypted with FileVault
if needed. Note: FileVault encrypts your home directory when you log out.
We do not recommend enabling Fileault unless you have private data on your
computer. The Filevault function can slow down using your computer and creates
some potential of making your data unavailable.
- If someone has physical access to a Mac they can access your files by booting up the Mac from an external hard disk (or iPod). If you have private data on your computer should set a firmware password. This will prevent others from booting from an OSX CD and changing your passwords or booting from an external drive and copying data from your hard disk. The Open Firmware password can be disbled if someone has access to the inside of your Macintosh. Most Macintoshes have a locking mechanism that would prevent someone from opening up your Macintosh computer's case. ITSS can help you set an Open Firmware password and physically secure your Mac.
Security tools and utilities:
- Secure email - configure your email client
- VPN - secure off-campus or wireless connection
- Symantec anti-virus - protects your Mac in case any viruses or worms are created for OSX