User Guide to HSC PC Security Practices
Passwords
How do I protect my password?
Don’t tell anyone your password.
Don’t write down your password anywhere near your PC.
Make sure others can’t see the keystrokes used when entering your password.
What’s a good password?
Your password should be easy for you to remember, but difficult for anyone else to guess.
Make your password at least 8 characters long and as complex as you can remember.
Use at least one upper case letter, at least one lower case letter, and at least one numeral. For example: 1cH5eV4y
Some password “don’ts”:
· Don’t use any part of your name or your user name, or the name of anyone in your family (including pets).
· Don’t use any word found in a dictionary.
· Don’t use any word or name found in current or recent popular culture (e.g., Star Trek, NASCAR, sports, etc.)
· Don’t use any proper names of:
o People (e.g., Lincoln, Clinton)
o Places (e.g., Louisville, Lexington)
o Things (e.g., alligator, cat, bird)
· Don’t use any keyboard combinations (e.g., qwertyui, asdfghjk).
Automated password guessing software uses techniques to exploit those who don’t follow these “don’ts.”
Some ideas for good passwords:
· Pick a word you can remember, capitalize some of the letters, and embed some numerals (e.g., Cadillac → caDillaC → ca9Dil8laC).
· Pick a word you can remember then shift each character one key on the keyboard, capitalize some of the letters, and embed or add some numerals (e.g., security → dRvItoyu → dRvItoyu38).
· Pick a word you can remember but remove the vowels, capitalize some of the letters, and embed or add some numerals (e.g., information → NfrmtN → 5Nf1rm0N).
· Start with a phrase (not one readily associated with you), use the first letter of each word, capitalize some letters, and embed or add some numerals (e.g., home is where the heart is → hiwthi → hIwthI12).
How often should I change my password?
If your PC is connected to the University network, you will be prompted to change your password every 90 days.
If your PC is not connected to the University network, you should change your password at least every 3 months.
If you think your password has been compromised (e.g., somebody has learned what it is), you should also change your password immediately.
How do I change my password?
If your PC has the Novell Client installed (which will result in a red capital N in the system tray in the lower right part of your display):
· Press Ctrl-Alt-Del.
· Click Change Password.
· Follow the directions on the screen.
If your PC has Windows 2000 installed but not the Novell Client:
· Press Ctrl-Alt-Del.
· Click Change Password.
· Follow the directions on the screen.
If your PC has Windows 98 installed but not the Novell Client:
· Press Start.
· Point cursor to Settings, and then click Control Panel.
· Click Passwords icon.
· Click button Change Windows Password ….
· Follow the directions on the screen.
If you have any problems changing your password, contact your Tier 1 support team.
How can I easily and securely keep track of my passwords?
If you are comfortable downloading and installing software, here’s a URL for “freeware” called Password Safe that let’s you keep passwords safely on your PC:
http://download.com.com/3000-2092-891674.html?tag=lst-0-1
Screen Saver
An important technique for securing your PC is to make sure its built-in screen saver is enabled. Your Tier 1 support team should have done this for you. If not or you’re not sure, do the following:
· Right-click on an empty area of your Desktop.
· Click Properties.
· Click Screen Saver tab.
· Choose a screen saver. (Use Blank Screen if you aren’t sure.)
· Checkmark Password Protected by clicking the box or phrase.
· Adjust the Wait time to 5 minutes or less.
Please observe the screen saver activation time period of 5 minutes or less. While 5 minutes may seem too short, it is widely recognized as a reasonable and prudent time period for balancing the competing demands of liability, security, efficiency, and convenience. You may feel annoyed at having to reconfirm your password with a few keystrokes, but this is a small price to pay for significantly increasing the security of your PC and protecting your work and the University’s network.
Walking Away From Your PC
Whenever you leave the immediate vicinity of your PC, you should do one of the following:
· Lock your PC (only if your PC has Novell Client or Windows 2000/XP).
· Log off your PC.
· Restart your PC (without logging back on).
· Shut down your PC (including powering it off).
This simple habit will greatly add to the security of your PC.
How do I lock my PC?
If your PC has the Novell Client or Windows 2000/XP installed, you can quickly and easily lock your PC before you walk away from it by doing the following two steps:
· Press Ctrl-Alt-Delete.
· Press Enter (which selects Lock Workstation).
How do I unlock my PC?
If your PC has the Novell Client or Windows 2000/XP installed, you can quickly and easily unlock your PC by doing the following three steps:
· Press Ctrl-Alt-Delete.
· Enter your password.
· Press Enter.
Physical security
If at all possible, you should locate your PC so that access to it is limited (e.g., locked in your office when you’re not using it) or monitored (e.g., a receptionist would be aware of someone trying to use your PC).
Since confidential or sensitive information may be displayed on your screen, you should try to orient your screen so that others cannot readily view it without your knowledge while you’re using your PC.
Power-User and Administrator Privileges
You may have been granted power-user or administrator privileges on your PC in order to allow you to install and modify software and make other changes to your PC.
If you do have power-user or administrator privileges, you are also able to create problems with your PC if you don’t know what you’re doing. In general, you’re better off not trying to do something you don’t know how to do. Instead contact your Tier 1 support team.
Important: If you have administrator privileges, you are able to change the password for the Administrator account on your PC. (You can’t change it by accident; you have to go out of your way.) Don’t do it! If you do, it will be more difficult for your Tier 1 team to support your PC.
Virus Protection
Your Tier 1 support team should have installed anti-virus software on your PC. Contact your Tier 1 team if you’re not sure your PC is protected against viruses.
Do not defeat the purpose of anti-virus software by disabling or removing it.
Operating System (OS) Security Updates
How do I keep my OS updated?
For Microsoft Windows users, go to: http://v4.windowsupdate.microsoft.com/en/default.asp
· Click on Scan for Updates
· Click on Review and Install Updates
· Click Install Now
· Follow the on-screen instructions
All of the critical security updates will be marked automatically for installation. If you need to install any of the other updates, mark them to add to the list. Once your update starts, follow the on-screen instructions.
Follow the above procedure once a week, as updates for the operating system are periodically distributed.
For operating systems other than Microsoft, check the manufacturer’s website for updates.
How can OS updating be done more automatically?
Once you have all of the updates current on your PC you will be able to set up Auto-Update if you have Windows 2000 or XP. Auto-Update will download all critical updates to your PC and notify you when they are ready to be installed. Configuring Auto-Update will eliminate the need to go to the Microsoft Update website every week.
If your OS is Windows 2000 or XP, you can set up Auto-Update. Here’s how:
· Click on Start
· Click on Settings
· Click on Control Panel
· Click on Auto-Update
· Place a check mark in the Keep my computer up to date check box
· Click Download the updates automatically and notify me when they are ready to be installed
· Click Apply
All critical updates will be downloaded automatically to your PC when they become available from Microsoft. Once the updates are downloaded to your machine and are ready to be installed, a globe with the Microsoft flag will be placed in your system tray (lower right of screen next to the clock). To install the updates you will need to:
· Click on the Auto-Update Icon (located in the system tray)
· Click Install
· Follow the on-screen instructions
Enterprise Software Security Updates
How do I keep my Enterprise Software updated?
For Microsoft Office, go to:
http://office.microsoft.com/OfficeUpdate/default.aspx
· Click on Check for Updates
The updates that are available for you system will be checked
· Click on Start Installation
· Follow the on-screen instructions
You may need the Office Installation disks
To update other software on your PC, go to the software manufacturer’s website and look in the download or support section for updates. If you are having trouble finding an update for your software, contact your Tier 1 for help.
File Backup
What is the best way to back up my files?
The best way to make sure your files are backed up is to keep them on either your H: or the I: drive. Both of these drives are part of the University’s LAN (local area network), and their contents are backed up to tape every night without any action on your part.
If you are storing a file that will only be used by you, you should store it on your H: drive. You can store files on your H: drive by:
· Clicking on Save As
· In the Save In drop down box, you should choose the drive that begins with your user ID
If you need to open a file from your H: drive, do the following:
· Click on My Computer
· Click on the drive that begins with your user ID
If you need to store a file that will be used by multiple people but must also be backed up, you can store it in the I: drive. To store files on the I: drive:
· Clicking on Save As
· In the Save In drop down box, you should choose the drive that begins with “Shared on”
If you need to open a file from the I: drive, do the following:
· Click on My Computer
· Click on the drive that begins with “Shared on”
Since files stored in the I: drive are set with the permissions for everyone to be able to view, edit, or delete, you must call the Help Desk (x7997) to restrict access to your file.
Revision 2 Page 1 December 15, 2003