For computers storing legally protected data, see the additional requirements in the University’s Securing Private Data Standard.

To protect your computer from worm, viruses, and other vulnerabilities, follow these step:

• Configure your machine to install Updates Automatically
• Install and Configure Virus Protection Software
• Use Strong Passwords
• Disable file sharing
• Install a firewall
• Backup your Data
• Install Spyware protection software
• Prevent Unauthorized Use
• Use safe computing practices

Install Security Patches and Use Automatic Updates

Operating systems are very complicated and large pieces of software. Because of this when they are developed, the programmers will often miss or overlook problems which can lead to security holes, which hackers can use to break into your computer, or just annoying bugs which cause your computer to crash periodically. If your operating system does not have an automatic update feature, check the vendor's site frequently and apply security patches as soon as possible.

Some vendors provide tools for automatically updating your computer with Critical Security patches. Microsoft regularly releases fixes, called patches, which will remedy the associated problem. More information on the Windows updates can be found at http://v4.windowsupdate.microsoft.com/en/default.asp. You have two options for installing automatic updates for Critical Microsoft Security updates:

• Configure automatic scheduling of Windows Update - This option uses the Microsoft update site which can be slow.
• Configure automatic update using the University SUS server - Uses a server on the U network to download the updates and the updates are installed automatically. You must be on the U network to use this option.

Apple provides security vulnerability updates at http://www.apple.com/support/security/
security_updates.html Use the Software Update pane in System Preferences to automatically detect and download the latest security fixes from Apple.

Configure Windows to update automatically:

1. Click on the Start menu and
   • for Windows 2000, select Settings, and then click Control Panel
   • for Windows XP, click on Control Panel
2. Double click Automatic Updates
3. Put a check box into the field that says Keep my computer up to date
4. Click on the radio button for Download the updates automatically and notify me when they are ready to be installed
5. Click OK.

Your computer is now set to automatically download the updates for Windows on a regular basis. A pop up balloon will tell you when the updates are ready to be installed and walk you through the installation. After the installation is complete, Windows may require that you restart your computer (Start Menu → Shut Down → Restart).

Configure Mac OS 10.3 to update automatically:

1. Click on the Apple menu and select System Preferences...
2. Click on the Software Update icon.
3. Place a check next to Check for updates: and selct Weekly for the pulldown menu.
4. Place a check next to Download important updates in the background.
5. Click on the System Preferences menu and select Quit System Preferences.

You computer will now automatically download important updates from Apple and notify you when they ready for installation.

Install Virus Protection Software

Anti-virus software works by looking for patterns of known worms and viruses in files you download and programs that are running on your computer. Since the virus writers are always creating new worms and viruses, your software needs to be regularly updated to recognize the latest threats.

The University of Minnesota has a license with Symantec (the same people that make Norton Anti-virus) to distribute one copy of Symantec AntiVirus (SAV) for every staff, student, and faculty for private use. In addition,SAV is licensed for all computers that are owned by the University. If you are not a staff, students, or faculty member, make sure you have antivirus software running on your machine and that it is updated regularly. To use the University's license follow the list below.

1. If you have any anti-virus program installed on your computer, un-install it.

Note: Many computers come with anti-virus software pre-installed. It is best to use the U's license since the pre-installed software will require you to purchase a license to get the regular updates.

1. Clicking on the Start.
2. Selecting Settings and then Control Panel.
3. Double click on Add/Remove Programs.
4. Clicking the Remove button for your current antivirus software.
2. Download Symantec AntiVirus from http://www.umn.edu/adcs/help/virus/.
3. Install it by double-clicking on the program that is downloaded.
4. During the installation, choose the default options
5. Set Symantec AntiVirus to automatically update
1. Double click on the yellow shield in the notification area of the Taskbar (by the clock)
2. Choose File, Schedule Updates, and make sure there is a check box in Enable scheduled automatic updates
3. Click on Schedule and set the frequency for Daily at a time when your computer is likely to be turned on and connected to the Internet.
4. Click on the Advanced button and make sure Handle missed events within: is checked. Set the duration to at least 8 hours of the scheduled time.
5. Click OK three times, then click Exit

Use Strong Passwords

All accounts, including the Administrator account should use strong passwords. Assigning a difficult to guess passwords is an important step in protecting your computer from unauthorized (mis)use.

Many hackers will try to guess passwords to access your accounts. A strong password should:

• NEVER be a word in the dictionary
• Contain upper and lower case letters, numbers and special characters (symbols on the keyboard)
• Be at least 8 characters in length
• Be hard to guess - not your name, birth date, etc.
• For more information on strong passwords, see Password Tips

For Windows 2000 Professional and XP Professional, recommend running the OIT Quickstart Level-2 Wizard.

Instructions for changing Microsoft Windows Passwords:

1. Go to the Start menu, select Setting, and click on Control Panel.
2. Double click on User Accounts.
3. Click on each account and change the passwords.

Disable File Sharing

Filesharing is a tool that allows you to share files with other users on the network. Unfortunately, this can also allow hackers to have access to your files.

To mitigate your risk, disable or remove peer-to-peer music, video and other anonymous file sharing programs. They are a source of many viruses and trojans. Examples of peer-to-peer programs can be found here.

Built-in filesharing allows you to share files with other computers on your network. Unfortunately this is also leaves your computer open for hackers.

To disable filesharing on Windows XP:

1. Go to the Start menu, highlight Setting, and click on Control Panel.
2. Double click Network Connections.
3. Right click on Local Area Connection and choose Properties.
4. Remove the check box next to File and Printer Sharing for Microsoft Networks.
5. Click OK.

To disable file and printer sharing on Mac SO 10.3:

1. Click on the Apple menu and click on System Preferences...
2. Click on the Sharing
icon.
3. Uncheck the following boxes:
   • Personal File Sharing
   • Windows Sharing
   • Personal Web Sharing
   • Printer Sharing
4. Go to the System Preferences menu and click Quit System Prefereneces.

If you need to share files with others, the preferred method is using a departmental file server that is maintained by an IT Professional or copying to a CD rather than using File and Printer Sharing.

Install a Firewall

Firewalls offer the added protection of preventing access to sources of Internet traffic, be it an application on your computer or another computer on the Internet, from being transmitted. Windows XP and MacOS 10.2 and above provide built-in firewalls that provide some basic firewall functionality. If you do not have either of these operating systems you can purchase a personal firewall for a nominal fee.

Caution: Misconfiguration of a firewall can prevent all Internet access on your computer.

To enable the Windows XP firewall:

1. Click on Start button and select Control Panel.
2. Click on Network and Internet Connections and then Network Connections.
3. Right click on Local Area Connection and click on Properties.
4. Click the Advanced tab and place a check next to Protect my computer and network by limiting or preventing access to this computer from the Internet.
5. Click OK.

To enable the MacOS X firewall:

1. Click on the Apple menu and select System Preferences...
2. Select Sharing and then click on the Firewall tab.
3. Click the Start button.
4. Go to the System Preferences menu and select Quit System Preferences.

Backup your Data

Periodically, you need to backup your data. The physical security of the removable media should be equal to that of then machine data came from and plans should be made to allow recovery from unexpected problems. Options include backing up to a/an:

• departmental file server
• CD or DVD
• externally attached tape drive

Another option is to backup through the network. See http://www.umn.edu/cco/netbackup/ for details on the NetBackup service provided by Central Computing Operations (CCO).

For Microsoft Windows computers, most of your data is stored in C:\Documents and Settings\<your user name>.

For Mac OS 10.x computers, most user data is stored in /<the name of your hard drive>/Users/<your user name>

Install Spyware Removal Utilities

Spyware is software that is installed on your computer without your knowledge or is bundled with other software you download from the internet. Spyware can:

• Track what you are doing for marketing purposes
• Reset the homepage and search pages on your browser
• Create pop-up advertisements
• Slow down your computers Internet connection
• Interfere with your computers normal operations

To fight this, the U recommends two products which are available for download from the Internet:

• Microsoft AntiSpyware - http://www.microsoft.com/downloads/details.aspx?
  FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

NOTE: This software is a beta version. This means that it is possible that undesirable behavior may occur after installing this software on your computer.

• Spybot Search and Destroy - http://www.safer-networking.org/index.php?page=download

Prevent Unauthorized Use

When you are not at your desk and using your computer, anybody else could be using it instead. This gives a person the ability to install a virus, steal files, or perform actions while appearing to be you. Locking your work station or requiring a password when returning from a screen saver are excellent ways of preventing this.

To require a password to return from a screen saver in Windows:

1. Right click on a blank part of the Windows Desktop and click Properties.
2. Click on the Screen Saver tab
3. Choose a screen saver that you would like to use
4. In the Wait box, type the amount of time that you want till the screen saver activates. 5-15 minutes is typically a very usable time.
5. Check the box next to On resume, password protect.

To require a password to return froma screen save in a Mac:

1. Click on the Apple Menu and select System Preferences...
2. Select Security and place a check next to Require password to wake this computer from sleep or screen saver
3. Click on Show All and click on Desktop & Screen Saver
4. Choose a screen saver from the right column
5. Set the Start screen saver: slider bar to somewhere between 5 and 15 minutes.

Windows also give you the option to lock the workstation at any given time. To do this, simply hold down the "Windows" key and press the letter "L".

Safe Computing Practices

Our recommended steps can only protect you from what is known. Using safe computing practices can limit your exposure to these new things that appear on the Internet before the makers of our recommended products can produce updates to protect you.

Some safe computing practices include:

• Never open an email attachment from a questionable source. If you recieve an unexpected attachment from a trusted source, contact the sender and ask them if they meant to send you this. Many virus will send you attachments while posing as some one you may know.
• Maintain multiple strong passwords. Don't use the same password for your online banking that you do for your email. This could open you to serious risk. Check the strong passwords section for more guidance on picking a password.
• Do not download and run files you receive from chat buddies without first making sure that the person intentionally sent you the message.
• Whenever you download software, make sure you read the user agreement. Many programs that you download from the Internet come with unwanted programs known as spyware.
• When working from home, use a VPN connection. Using VPN will provide you a secure connection driectly to the University network and prevent a possible attacker from reading sensitive information. This software can be downloaded from http://www1.umn.edu/adcs/help/vpn/

This is not an exhaustive list. There are so many computing senerios that they could never all be recorded. When you are presented with an unknown situation, always err on the side of caution and ask your department's IT Professional or 1-HELP with guidance on how to proceed.