Desktop Security Checklists and Resources

The Internet has been described as being as lot like the "Wild, Wild West", and in many ways travelling through and using "cyberspace" resembles the frontier of old. In fact, there are even "white hats" - hackers who probe for and discover security vulnerabilities in order to publicize and warn about them - and "black hats", who search for the same vulnerabilities to use in breaking into systems.

Server administrators have to be aware of and up to date with a dizzying array of potential vulnerabilities and how to protect against them, and individual users of personal desktop computers also have to be alert for some of these. In general, though, personal desktops have a somewhat lower "profile" as targets, because they typically are running fewer services and have fewer users that present security holes (weak passwords, open file shares, etc.).

Nonetheless, personal desktop computers that are unprotected or poorly protected present tempting targets. If you think "I'm just a little guy, they don't care about me", or "There's nothing on my computer they'd want to steal", or "That kind of stuff only happens to big, highly visible servers", you're setting yourself up for a rude awakening. The software that potential intruders use to search out their victims is usually automated, and is capable of scanning entire networks for vulnerable services and applications within a few minutes. It is not at all unusual for any given computer attached to Penn's network to be scanned several times within the space of 60 seconds. And, regardless of the perceived value of your particular data, the fact is that in many cases, they don't care what your data is, they simply want to gain access to and control over your computer to secretly store their data, or even to use your computer as a "zombie" to attack someone else's machine. For many, many reasons, you cannot afford not to keep your computer's security up to date.

Below are some links to pages and resources that will provide valuable basic tips for some of the more popular operating systems. It is virtually impossible to make any computer system completely 100% secure, there will always be some risk of a compromise, but following the advice given in these resources will go a long way toward minimizing your desktop computing vulnerability. The potential cost in time, hardware, software and lost data of recovering from a system compromise can be enormous, and some data may not be recoverable at all. Investing a little time now can save you a huge headache later.

Microsoft Windows

Legend has it that when the famous bank robber Willie Sutton was asked why he chose to rob banks, his reply was, "Because that's where the money is."

Windows is by far the most prevalent operating system found on personal computers today, and Penn is no exception. Because of this, in large part, more computing security exploits are designed and carried out against computers running Windows for the simple reason that there are many more potential targets. For "hackers", Windows is "where the money is". With regard to security, the first thing you need to know is that older versions of Windows (95, 98 and ME) have essentially no security. If you are running one of these older versions, it is strongly suggested that you upgrade to Windows XP or Vista if possible.

Beginning with Windows NT, Microsoft paid a great deal more attention to security matters, and that has carried through to their releases of Windows 2000, XP and Vista, which are all essentially later versions of NT, and are currently the most commonly found versions of Windows at Penn. The following document provides tips geared to helping you secure a Windows 2000, XP or Vista system, though they will also be helpful to NT users as well.

• 10 Steps To A More Secure Windows 2000/XP/Vista System

If you're ready for a more in-depth approach to Windows security, we recommend the tools and checklists available from the Center for Internet Security (www.cisecurity.org).

Unix/Linux

Because there are many different versions, or "distributions" of Unix-based operating systems and their PC-based Linux cousins, and there are many slight variations between them, it is very difficult to come up with a list of security tips common to all that can be implemented in exactly the same way. For this reason, Unix and Linux users should be familiar with the websites and support operations for their particular operating system vendor. At Penn, Sun's Solaris operating system tends to be the most common Unix variant, while Red Hat tends to be the most popular Linux distribution. This is by no means a complete list, and each version has its own loyal adherents. In any case, Unix/Linux users tend to be "hands on" kinds of users who are more willing to "get under the hood" of their operating system and can make good use of more technically-oriented sites like these:

• For security tips and information specific to Sun operating systems: http://wwws.sun.com/software/security/index.html
• For security tips and information covering several of the most popular Linux distributions: http://www.linuxsecurity.com/

Macintosh

Newer Macintosh computers from Apple Corporation run on the latest version of their operating system called Mac OS X, which is very much like Unix. Earlier versions of Mac OS are different, and have configuration and operating security issues of their own. Whichever version of Mac OS you are running, the following websites have valuable tips and information.

• Apple's computing security website: http://www.info.apple.com/usen/security/
• Center for Internet Security: (www.cisecurity.org)

Last updated: Friday, July 13, 2007