Computer systems located in the dorms or Greek houses are vulnerable to external attack from the Internet. Indiana University provides a high-speed network connection (10 or 100 MB) to each campus residence. High-speed and "always connected" workstations are quite vulnerable to attacks. In addition to the value of personal information stored on them, these computers can provide access points into other systems if they're not properly secured and managed. Owners of these "always on computer systems" need to take additional precautions to protect their machines from these external threats.
It is your responsibility to ensure that your personal computer is secured at all times when it is attached to the University network. The following guidelines are designed to help you protect your computer system while on the IU campus.
The first step to securing your system is to use a secure operating system. Windows 95, 98, and ME are not secure operating systems when connected to the Internet. Users of those operating systems should be using Windows XP. See the following document for other IU supported operating systems.
Once you have your operating system installed, you need to make sure that it is updated (patched) to protect against any security related vulnerabilities found since the operating system was first distributed. Then, you'll need to maintain it over time as new service packs and hotfixes (patches) are deployed, see the Software Updates and Alerts section below. There are a number of tools are available free from Microsoft. You can download and install Microsoft Baseline Security Analyzer (MBSA) to determine missing hotfixes and the security level of your system.
Windows 2000 and XP users should format their hard drives using NTFS. This provides a more secure and stable file structure then FAT or FAT32.
Install Symantec AntiVirus (SAV) to protect your workstation from viruses. This program is available Free on the IUware CD or IUware Online. New viruses are found daily, so it is important that you update your pattern file on a regular basis. You should configure SAV's LiveUpdate process to update your virus patterns at least once a week and more often if you routinely share files with others. Refer to the following documents for additional information on virus protection and Symantec AntiVirus:
Computer users living on the IU campus should join the ADS domain and authenticate using your IU network ID and password. Using the Get Connected CD will automatically setup your machine correctly. Avoid running your computer as an administrator. Use an account with restricted privileges for day-to-day use and reserve the administrator account for system maintenance.
Never share your password with anyone including friends, roommates, family or IU technology staff. Do not write down your passwords. Change your password frequently using the Indiana University Password Maintenance page. It's important to select a strong password that you can remember easily. See the following KB article on selecting good passwords: What are guidelines for a good password?
When you leave your computer even for a few minutes you should lock your computer. In Windows you can use the Ctrl, Alt, and Del keys or password protect your screen saver. Additionally, workstations should be configured to lock automatically after a defined period of inactivity (10 minutes). For detailed information see: How do I lock my workstation without logging off?
There are a number of methods for keeping your systems up- to- date. Most vendors provide sites that allow users to update their systems. Windows users are encouraged to setup their system to use Windows Automatic Update. For additional information on this feature, see: How can I get software updates and patches?
Service packs are a collection of bug fixes, security enhancements and even new features. A comprehensive listing of Microsoft product Service Packs can be found at: Microsoft Service Packs.
Microsoft Office users can update their software by going to the Microsoft Office Product Update site at Microsoft Office Update Online.
By subscribing to vendor alert notification services you will be notified when a new hotfixes or patches are available. To subscribe see:
The ITSO recommends that users disable file and print sharing. In rare exceptions a user may need to share a resource with others. In this case a user needs to format their drive using NTFS and correctly set the permissions on their machine.
With Windows 2000 and XP, new folders by default provide access to the everyone group. Be careful to set permissions correctly when creating new folders on your machine.
It is ILLEGAL to share music and other media files if you do not have appropriate permission to distribute the files. Check the options you have set in file-sharing programs like Morpheus, KaZaA, Aimster, and Gnutella. To read more about Indiana University's policy on file sharing, see File Sharing @ IU. For details on specific programs, see: Disabling Peer to Peer File Sharing.
Due to a number of security issues with Wireless Access Points, it is against University policy to install these devices on the University network. For more information see IT-20 Wireless Networking
Related Information