Desktop Security Checklists and Resources
The Internet has been described as being as lot like the "Wild,
Wild West", and in many ways travelling through and using "cyberspace"
resembles the frontier of old. In fact, there are even "white hats"
- hackers who probe for and discover security vulnerabilities in order
to publicize and warn about them - and "black hats", who search
for the same vulnerabilities to use in breaking into systems.
Server administrators have to be aware of and up to date with a dizzying
array of potential vulnerabilities and how to protect against them, and
individual users of personal desktop computers also have to be alert for
some of these. In general, though, personal desktops have a somewhat lower
"profile" as targets, because they typically are running fewer
services and have fewer users that present security holes (weak passwords,
open file shares, etc.).
Nonetheless, personal desktop computers that are unprotected or poorly
protected present tempting targets. If you think "I'm just a little
guy, they don't care about me", or "There's nothing on
my computer they'd want to steal", or "That kind of stuff
only happens to big, highly visible servers", you're setting
yourself up for a rude awakening. The software that potential intruders
use to search out their victims is usually automated, and is capable of
scanning entire networks for vulnerable services and applications within
a few minutes. It is not at all unusual for any given computer attached
to Penn's network to be scanned several times within the space of 60 seconds.
And, regardless of the perceived value of your particular data, the fact
is that in many cases, they don't care what your data is, they simply
want to gain access to and control over your computer to secretly store
their data, or even to use your computer as a "zombie"
to attack someone else's machine. For many, many reasons, you cannot afford
not to keep your computer's security up to date.
Below are some links to pages and resources that will provide valuable
basic tips for some of the more popular operating systems. It is virtually
impossible to make any computer system completely 100% secure, there will
always be some risk of a compromise, but following the advice given in
these resources will go a long way toward minimizing your desktop computing
vulnerability. The potential cost in time, hardware, software and lost
data of recovering from a system compromise can be enormous, and some
data may not be recoverable at all. Investing a little time now can save
you a huge headache later.
Legend has it that when the famous bank robber Willie Sutton was asked
why he chose to rob banks, his reply was, "Because that's where the
Windows is by far the most prevalent operating system found on personal
computers today, and Penn is no exception. Because of this, in large part,
more computing security exploits are designed and carried out against
computers running Windows for the simple reason that there are many more
potential targets. For "hackers", Windows is "where the
money is". With regard to security, the first thing you need to know
is that older versions of Windows (95, 98 and ME) have essentially
no security, and the support from Microsoft for versions as recent as XP is dwindling as time goes on. If you are running one of these older versions, it
is strongly suggested that you upgrade to Windows Vista or, better yet, Windows 7 if possible.
Beginning with Windows NT, Microsoft paid a great deal more attention
to security matters, and that has carried through to their later generation of releases (XP, Vista, Windows 7) which are currently the most commonly found versions of Windows at
Penn. The following document provides tips geared to helping you secure
a modern Windows system.
If you're ready for a more in-depth approach to Windows security, we recommend the tools and checklists available from the Center for Internet Security (www.cisecurity.org).
Because there are many different versions, or "distributions"
of Unix-based operating systems and their PC-based Linux cousins, and
there are many slight variations between them, it is very difficult to
come up with a list of security tips common to all that can be implemented
in exactly the same way. For this reason, Unix and Linux users should
be familiar with the websites and support operations for their particular
operating system vendor. At Penn, Sun's Solaris operating system tends
to be the most common Unix variant, while Red Hat tends to be the most
popular Linux distribution. This is by no means a complete list, and each
version has its own loyal adherents. In any case, Unix/Linux users tend
to be "hands on" kinds of users who are more willing to "get
under the hood" of their operating system and can make good use of
more technically-oriented sites like these:
We also recommend the tools and checklists available from the Center for Internet Security (www.cisecurity.org).
Newer Macintosh computers from Apple Corporation run on the latest version
of their operating system called Mac OS X, which is actually a variant of Unix.
Earlier versions of Mac OS (9 and below) are different, and have configuration and operating
security issues of their own. Whichever version of Mac OS you are running,
the following websites have valuable tips and information.
Last updated: Friday, October 8, 2010