Working From Your Home Working From Your Home Computer Safely:Computer Safely:

The Ten CommandmentsThe Ten Commandments

Stephen Jones, GSEC, A+Stephen Jones, GSEC, A+

With special thanks toWith special thanks to

Balakrishnan RamachandranBalakrishnan Ramachandran

1. Thou Shall Update the 1. Thou Shall Update the Anti-Virus Software On Your Anti-Virus Software On Your ComputerComputer• Secures you from viruses, spam Secures you from viruses, spam

email attachmentsemail attachments

• Use McAfee – it’s freeUse McAfee – it’s free

• Always update your virus definitionsAlways update your virus definitions

• Schedule a daily scan of your hard Schedule a daily scan of your hard drive for virusesdrive for viruses

Exegesis – 1Exegesis – 1stst CommandmentCommandment

• To install McAfee, go to To install McAfee, go to http://www.umbc.edu/oit/downloadshttp://www.umbc.edu/oit/downloads; then scroll down ; then scroll down to Antivirus. Pick the correct version for your to Antivirus. Pick the correct version for your operating system. You’ll need to log in to myUMBC, operating system. You’ll need to log in to myUMBC, but then you can install the software.but then you can install the software.

• To update McAfee, go to Start, Programs, Network To update McAfee, go to Start, Programs, Network Associates, Viruscan Console, double-click Autoupdate, Associates, Viruscan Console, double-click Autoupdate, and then click the update button. It automatically and then click the update button. It automatically updates if you’re on the Internet at the time indicated; updates if you’re on the Internet at the time indicated; the time for the automatic update can be changed.the time for the automatic update can be changed.

• To run a scan, follow above steps to get to Viruscan To run a scan, follow above steps to get to Viruscan Console, double-click Scan All Fixed Disks.Console, double-click Scan All Fixed Disks.

2. Thou shall patch your 2. Thou shall patch your Windows operating systemWindows operating system

• Set your Windows XP/2000 for Set your Windows XP/2000 for automatic updates (from Control automatic updates (from Control Panel)Panel)

• Updates run in the background Updates run in the background without affecting your workwithout affecting your work

• Periodically also check for updates Periodically also check for updates for your Microsoft Office productsfor your Microsoft Office products

Exegesis – 2Exegesis – 2ndnd CommandmentCommandment

• To configure automatic updates in XP, go to Start, To configure automatic updates in XP, go to Start, Settings, Control Panel, Automatic Updates. Choose Settings, Control Panel, Automatic Updates. Choose to automatically download and install updates and to automatically download and install updates and pick a time when you know the computer will be on pick a time when you know the computer will be on the Internet.the Internet.

• In Windows 2000, follow the steps above to In Windows 2000, follow the steps above to Automatic Updates. Then I recommend choosing to Automatic Updates. Then I recommend choosing to automatically download the updates and automatically download the updates and automatically install them at a time you know the automatically install them at a time you know the computer will be on.computer will be on.

• For Office updates, open an Office application, go to For Office updates, open an Office application, go to Help, Check for Updates. The updates occasionally Help, Check for Updates. The updates occasionally require that you have the installation cds.require that you have the installation cds.

3. Thou shall use Administrator 3. Thou shall use Administrator privileges rarely, but strong privileges rarely, but strong

passwords alwayspasswords always• Create separate accounts for the people using Create separate accounts for the people using

the computer and give them User level the computer and give them User level privileges only. That includes you. Rename privileges only. That includes you. Rename the administrator account; don’t let anyone the administrator account; don’t let anyone other than you use it, and even then only other than you use it, and even then only when software needs to be installed. Disable when software needs to be installed. Disable all system supplied accounts (e.g., Guest).all system supplied accounts (e.g., Guest).

• Strong passwords – minimum 9 characters, Strong passwords – minimum 9 characters, with alphas (upper and lower case), numerics with alphas (upper and lower case), numerics _and_ special characters (e.g., asterisk)._and_ special characters (e.g., asterisk).

Exegesis – 3Exegesis – 3rdrd Commandment Commandment11stst Rubric Rubric

• Creating accounts: Log on as Creating accounts: Log on as administrator. Then Start, settings, administrator. Then Start, settings, control panel, administrative tools, control panel, administrative tools, computer management, local users and computer management, local users and groups, users. Then click on Action, groups, users. Then click on Action, New User, name the account. Click New User, name the account. Click create and then close. The default create and then close. The default privilege level is Users. Then right click privilege level is Users. Then right click on the account and assign a password.on the account and assign a password.

Exegesis – 3Exegesis – 3rdrd Commandment CommandmentRubric 2Rubric 2

• Do you have other people using the computer who Do you have other people using the computer who will balk at only having limited privileges?will balk at only having limited privileges?

• If so, buy a computer for them and you use the If so, buy a computer for them and you use the safe one.safe one.

• Can’t afford to buy another computer? Get your Can’t afford to buy another computer? Get your department to buy you one. (OIT is now discussing department to buy you one. (OIT is now discussing how to require departments to provide an OIT how to require departments to provide an OIT secured computer to persons working from home.)secured computer to persons working from home.)

• Department won’t buy you a computer but other Department won’t buy you a computer but other people at home will balk…. Then it’s safe to people at home will balk…. Then it’s safe to assume that your home computer will be hacked assume that your home computer will be hacked and you’ll lose everything on it. Ouch!and you’ll lose everything on it. Ouch!

Exegesis – 3Exegesis – 3rdrd Commandment CommandmentRubric 3 Rubric 3 (optional, follow cautiously)(optional, follow cautiously)

• Rename the administrator account/disable all system Rename the administrator account/disable all system supplied accounts/create a dummy administrator accountsupplied accounts/create a dummy administrator account

a.a. Follow the directions to get to Users in the 1Follow the directions to get to Users in the 1stst Rubric. Right Rubric. Right click on the administrator account and select rename. Give click on the administrator account and select rename. Give it an ordinary sounding name. This will slow down hackers.it an ordinary sounding name. This will slow down hackers.

b.b. Disable all other system supplied accounts (right click, Disable all other system supplied accounts (right click, properties, disable this account).properties, disable this account).

c.c. After renaming the Administrator account, create an account After renaming the Administrator account, create an account named Administrator. Right click, go to Properties, Member named Administrator. Right click, go to Properties, Member of, Add, Advanced, Find Now, click on Guests, then click ok of, Add, Advanced, Find Now, click on Guests, then click ok twice, then highlight Users, then click Remove. Then give it twice, then highlight Users, then click Remove. Then give it a strong password. This will also slow down hackers.a strong password. This will also slow down hackers.

4. Thou shall use a Firewall4. Thou shall use a Firewall

• Firewalls protect your PC from intrusions Firewalls protect your PC from intrusions and hack attacksand hack attacks

• Install Service Pack 2 for Windows XP Install Service Pack 2 for Windows XP which has a built-in firewallwhich has a built-in firewall

• You can also try Zone Alarm or McAfee You can also try Zone Alarm or McAfee Firewall to protect your computer, but this Firewall to protect your computer, but this is recommended only if you have time to is recommended only if you have time to get them workingget them working

• Check for constant updatesCheck for constant updates

5. Thou shall install anti-5. Thou shall install anti-spyware softwarespyware software

• Spyware is software that sends Spyware is software that sends personal data to the internet without personal data to the internet without your knowing ityour knowing it

• You are normally unaware that it has You are normally unaware that it has been installed and that it is runningbeen installed and that it is running

• Update anti-spyware software and Update anti-spyware software and scan your computer dailyscan your computer daily

Exegesis – 5Exegesis – 5thth CommandmentCommandment

• Currently the best free anti-spyware Currently the best free anti-spyware package, and one of the best free or package, and one of the best free or otherwise, is Ad-Aware.otherwise, is Ad-Aware.

• http://www.lavasoft.comhttp://www.lavasoft.com

6. Thou shall use a router if 6. Thou shall use a router if you using a high-speed (cable, you using a high-speed (cable,

DSL) Internet connectionDSL) Internet connection

• Router is a device that allows you to Router is a device that allows you to connect more than 1 computer to connect more than 1 computer to your high speed Internet connectionyour high speed Internet connection

• Most router models act as a Firewall Most router models act as a Firewall to your entire home network to your entire home network

• It adds an extra layer of security to It adds an extra layer of security to your software based firewallyour software based firewall

Exegesis – 6Exegesis – 6thth CommandmentCommandment

• Routers are relatively inexpensive - Routers are relatively inexpensive - <$100, frequently ~$50 with rebates<$100, frequently ~$50 with rebates

• Linksys routers are fairly easy to set Linksys routers are fairly easy to set upup

• Best to connect to them with Ethernet Best to connect to them with Ethernet cables and not use wirelesscables and not use wireless

• Want to use wireless? See 7Want to use wireless? See 7thth CommandmentCommandment

7. Thou shall not provide free 7. Thou shall not provide free wireless internet to thy wireless internet to thy neighborneighbor• If you use the wireless function on a router, the If you use the wireless function on a router, the

signal can cover a large area, potentially extending signal can cover a large area, potentially extending 150 feet in all directions (whether or not there are 150 feet in all directions (whether or not there are walls). walls).

• Read the wireless router manual while setting it up Read the wireless router manual while setting it up and enforce some measure of security to access and enforce some measure of security to access your Internet connection. Your neighbors/people your Internet connection. Your neighbors/people driving by on the street can still see the network, driving by on the street can still see the network, but if you use the security provided, it will be very but if you use the security provided, it will be very difficult for them to use your internet connection, difficult for them to use your internet connection, or, even worse, eaves drop on your network traffic. or, even worse, eaves drop on your network traffic. Again, OUCH! Again, OUCH!

• If the router offers it, the best method is to use a If the router offers it, the best method is to use a hardware based access control list.hardware based access control list.

8. Thou shall use a VPN 8. Thou shall use a VPN whenever applicablewhenever applicable

• VPN is a virtual (i.e., software rather than VPN is a virtual (i.e., software rather than hardware base), secure connection hardware base), secure connection between your home computer and a between your home computer and a server through the internetserver through the internet

• VPN software needs to be installed and VPN software needs to be installed and enabled at both endsenabled at both ends

• At UMBC, the main function using VPN At UMBC, the main function using VPN connectivity are financially related, e.g., connectivity are financially related, e.g., PeopleSoft.PeopleSoft.

9. Thou shall back up thy files 9. Thou shall back up thy files and use good surge protectors/ and use good surge protectors/ uninterruptible power supplyuninterruptible power supply• CD/DVD recorders are now about $75. If you CD/DVD recorders are now about $75. If you

don’t have one, buy one and use it to back up don’t have one, buy one and use it to back up files from your hard drive.files from your hard drive.

• An old adage – when do floppy disks fail? When An old adage – when do floppy disks fail? When you need them.you need them.

• At a minimum, get a surge protector that really At a minimum, get a surge protector that really works and isn’t just an extension cord (~$35). works and isn’t just an extension cord (~$35). Better yet get a UPS (uninterruptible power Better yet get a UPS (uninterruptible power supply), which is both a surge protector and a line supply), which is both a surge protector and a line conditioner (power sag/brown out protection). A conditioner (power sag/brown out protection). A typical home computer needs one that supplies typical home computer needs one that supplies 650-725VA (~$150-200).650-725VA (~$150-200).

• http://www.apc.comhttp://www.apc.com is a good site. is a good site.

10. Thou shall always use your 10. Thou shall always use your computer intelligentlycomputer intelligently

• Don’t install software from unknown Don’t install software from unknown publishers or websitespublishers or websites

• Don’t give install rights to users who Don’t give install rights to users who are not very savvyare not very savvy

• Periodically change your passwordsPeriodically change your passwords

• Follow Commandments 1-9.Follow Commandments 1-9.

Thank you for your Time.Thank you for your Time.

• Stephen M JonesStephen M Jones

Manager, Library Computing ServicesManager, Library Computing Services

stjones@umbc.edustjones@umbc.edu

410-455-3040410-455-3040