Security Practices

In the hopes of getting everyone in the Department to read and understand network security-related policies, we have attempted to distill our practical experience into the following guidelines. It is important to know that when you connect your computer to the CS network it is directly attached to the public Internet, and these security precautions must be followed.

USE STRONG PASSWORDS

Put strong passwords on all accounts on your computer and put strong passwords on all writeable network shares, including folders shared from your computer and web or ftp servers you choose to run. If you allow write-access to your computer without a password, or with an easy to guess password, someone else will discover your share and fill up your computer with unwanted files, or install applications that allow them to take control of your computer. More information about strong passwords can be obtained in the Password Guidelines.

PATCH OPERATING SYSTEM

Keep your operating system as current as possible by checking frequently for any patches or updates to it, and make sure that any services and network applications you run (like a web or ftp server, or web browser or email client) are also kept current. Out of date operating systems, services, and network applications are the most frequently exploited security problem on the Internet. If you need assistance with updating your operating system, services, or network applications please email csstaff@cs.princeton.edu.

DISABLE UNNECESSARY SERVICES

Disable all unnecessary network services and uninstall all unnecessary network applications, such as a built-in mail server or web server that you do not need, or a media player or file sharing application that you no longer use. These services and applications are easily exploited if a vulnerability is discovered in them, and by disabling unused ones you eliminate this risk. If you need assistance determining which services and applications are necessary, and which you may be able to disable or uninstall, please email csstaff@cs.princeton.edu.

USE ANTIVIRUS, FIREWALL, AND ANTI-SPYWARE SOFTWARE

Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them. Antivirus software must be installed and regularly updated on all computers on the network. If you do not have antivirus software installed your computer will almost certainly become infected with a virus, your data will be damaged or destroyed, and it will infect other computers on the network. The University provides this software free of charge to all its members, for more information please check out http://www.princeton.edu/antivirus.

Firewalls help keep intruders from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications from and to sources you don't permit. Some operating systems and hardware devices come with a built-in firewall that may be shipped in the "off" mode. Make sure you turn it on. For your firewall to be effective, it needs to be set up properly and updated regularly. Check your online "Help" feature for specific instructions.

Anti-spyware software helps protect your computer from malicious spyware that monitors your online activities and collects personal information while you surf the web. It works by periodically scanning your computer for spyware programs, and then giving you the opportunity to remove any harmful surveillance software found on your computer. Some anti-virus software contains anti-spyware capability. Given the increasing sophistication of spyware programs, consider using two different anti-spyware program search one looks for slightly different sets of threats, and together they may offer increased protection.

DO NOT TRUST EMAIL ATTACHMENTS AND WATCH OUT FOR PHISHING ATTACKS

Do not trust any email attachments or downloads you were not expecting, even from people you know, and precede all attachments that you send with a message to the recipient. Only open email attachments that you were expecting from people that you trust, and only download files from reputable sources (files downloaded from peer-to-peer networks or warez channels are especially risky). If you open random attachments or download files from people you do not know, eventually your computer will become infected with a virus or someone else will take control of your computer.

Phishing attacks use both social engineering and technical subterfuge to steal your consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' emails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.

BACK UP IMPORTANT FILES

No system is completely secure. If you have important files stored on your computer, copy them onto a removable disc, and store them in a secure place in a different building than your computer. If a different location isn't practical, consider encryption software. Encryption software scrambles a message or a file in a way that can be reversed only with a specific password. Also, make sure you keep your original software start-up disks handy and accessible for use in the event of a system crash.

Tags: