University of Minnesota Duluth
People | Departments | Search UMD
I. T. S. S.  provides the campus community with a high-quality technology systems and services.

Skip to: content

Software

ITSS Services

OS Updates & Patches

Tips and resources

ITSS Home : Virus and Security Info : Desktop Computer Security Check

Virus & Security Information

Desktop Computer Security Check

Effective October, 2004, the Office of Information Technology (OIT) issued a Standard - Securing Private Data. The standard defines the requirements for securing computers that store or access private data.

The standard states in part that, "Computers and other devices must be either continuously managed or reviewed on an ongoing basis for appropriate security measures by a full-time information technology professional."

Examples given of private/non-public data include:

Beginning spring 2007, the QuickStart Level 1 template was incorporated into the campus NetReg process, ensuring that all Windows computers are in compliance.

ITSS also offers a Security Check service that fulfills the requirements of the standard for Level 1 and Level 2. The service is available for both Windows and Macintosh computers. To schedule the service for yourself or your department, please submit the online form, "Install Desktop Software", or contact the ITSS Help Desk (x8847).

Windows Desktop/Laptop Computers - Security Check

Required Steps

  1. Assign strong passwords for all workstation Administrator and Guest accounts
  2. Install all operating system security patches and critical updates using Windows Update Service
  3. Install and immediately update anti-virus and anti-spyware software
  4. Run QuickStart Level 1 to:

Additional steps if your computer stores or accesses private data
(see: Standard - Securing private data)

  1. Run QuickStart Level 2
  2. Prepare a plan to back up your data (Novell, Samba)
  3. Set a password-protected screen saver
  4. Follow the guidelines for Encrypting Stored Data

Security tools and utilities:

Macintosh OSX Computers - Security Check

Required Steps

  1. Make sure your software updates are current. You should get a weekly alert about new ones if you haven't disabled this. You can click on the "Software Update" icon in System Preferences to check for new updates.

  2. Don't have your Mac automatically log into your account on startup. In the "Accounts" System Preferences pane, click on the "Login Options" button on the lower left and remove the checkmark in front of "Automatically log in as:". Also, under "Display login window as", select "Name and password".

  3. Enable your screen saver and have the system ask for a password on wake from sleep and to clear the screensaver. In the "Security" System Preferences pane put a check in front of "Require password to wake this computer from sleep or screen saver". You can also set a "hot corner" in the "Screen Saver" System Preferences pane so that you can activate your screen saver immediately by moving your cursor to one of the corners of your screen. This is useful when you have confidential information on your screen that you don't want others to see or if you're leaving your desk for a while and want your computer secured immediately.

  4. In the Sharing System Preferences Pane, under "Services", make sure that nothing is checked.
    Under the Firewall tab, turn the firewall "on" have only "Network Time" checked.
    Under the "Internet" tab, make sure that nothing is checked.

  5. Install Symantec Anti-Virus: Anti-virus and Firewall Software.

  6. Make your KeyChain password different from your account password (Applications:Utilities:KeyChain Utility).

  7. The high-level "root" account in OSX is disabled by default, but does not have a password set for it. You want it to be disabled, but it's more secure if it has a password set. Use the Netinfo Utility to enable root account, set a root password, and then disable the root account.

    Run the Netinfo Manager utility located in Applications/Utilities. From the Security menu, choose "Authenticate" and then enter your password. From the Security menu, choose "Enable Root User". You'll be asked to enter a password (twice) for the root account. Enter a secure (not easy to guess) password that's different from your other passwords. Then from the Security menu choose "Disable Root User" (you'll be asked to authenticate). Then quit from Netinfo Manager.

Additional steps if your computer stores or accesses private data
(see: Standard - Securing private data)

  1. In the Bluetooth System Preference pane, under the "Settings" tab, click on "Trun Bluetooth Off". If you need to use Bluetooth for wireless mice or keyboards then keep Bluetooth "On", but do not check "Discoverable"

  2. Use the "Secure Empty Trash" option from the Finder's File menu to delete confidential data.

  3. In the "Security" System Preferences pane you should enter a "master password". This is used to unlock any account encrypted with FileVault if needed. Note: FileVault encrypts your home directory when you log out. We do not recommend enabling Fileault unless you have private data on your computer. The Filevault function can slow down using your computer and creates some potential of making your data unavailable.

  4. If someone has physical access to a Mac they can access your files by booting up the Mac from an external hard disk (or iPod). If you have private data on your computer should set a firmware password. This will prevent others from booting from an OSX CD and changing your passwords or booting from an external drive and copying data from your hard disk. The Open Firmware password can be disbled if someone has access to the inside of your Macintosh. Most Macintoshes have a locking mechanism that would prevent someone from opening up your Macintosh computer's case. ITSS can help you set an Open Firmware password and physically secure your Mac.

Security tools and utilities:

  • Secure email - configure your email client
  • VPN - secure off-campus or wireless connection
  • Symantec anti-virus - protects your Mac in case any viruses or worms are created for OSX
Rev. 10.5.06 jrn

Didn't find what you were looking for?

Rev: 11.06 sab