Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Monday, July 28, 2014

 
  New Resources
Travel Tips for Data Security
Free Security/Privacy Training Resources
Penn+Box
Two-step verification
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Desktop Security Checklists and Resources

The Internet has been described as being as lot like the "Wild, Wild West", and in many ways travelling through and using "cyberspace" resembles the frontier of old. In fact, there are even "white hats" - hackers who probe for and discover security vulnerabilities in order to publicize and warn about them - and "black hats", who search for the same vulnerabilities to use in breaking into systems.

Server administrators have to be aware of and up to date with a dizzying array of potential vulnerabilities and how to protect against them, and individual users of personal desktop computers also have to be alert for some of these. In general, though, personal desktops have a somewhat lower "profile" as targets, because they typically are running fewer services and have fewer users that present security holes (weak passwords, open file shares, etc.).

Nonetheless, personal desktop computers that are unprotected or poorly protected present tempting targets. If you think "I'm just a little guy, they don't care about me", or "There's nothing on my computer they'd want to steal", or "That kind of stuff only happens to big, highly visible servers", you're setting yourself up for a rude awakening. The software that potential intruders use to search out their victims is usually automated, and is capable of scanning entire networks for vulnerable services and applications within a few minutes. It is not at all unusual for any given computer attached to Penn's network to be scanned several times within the space of 60 seconds. And, regardless of the perceived value of your particular data, the fact is that in many cases, they don't care what your data is, they simply want to gain access to and control over your computer to secretly store their data, or even to use your computer as a "zombie" to attack someone else's machine. For many, many reasons, you cannot afford not to keep your computer's security up to date.

Below are some links to pages and resources that will provide valuable basic tips for some of the more popular operating systems. It is virtually impossible to make any computer system completely 100% secure, there will always be some risk of a compromise, but following the advice given in these resources will go a long way toward minimizing your desktop computing vulnerability. The potential cost in time, hardware, software and lost data of recovering from a system compromise can be enormous, and some data may not be recoverable at all. Investing a little time now can save you a huge headache later.

Microsoft Windows

Legend has it that when the famous bank robber Willie Sutton was asked why he chose to rob banks, his reply was, "Because that's where the money is."

Windows is by far the most prevalent operating system found on personal computers today, and Penn is no exception. Because of this, in large part, more computing security exploits are designed and carried out against computers running Windows for the simple reason that there are many more potential targets. For "hackers", Windows is "where the money is". With regard to security, the first thing you need to know is that older versions of Windows (95, 98 and ME) have essentially no security, and the support from Microsoft for versions as recent as XP is dwindling as time goes on. If you are running one of these older versions, it is strongly suggested that you upgrade to Windows Vista or, better yet, Windows 7 if possible.

Beginning with Windows NT, Microsoft paid a great deal more attention to security matters, and that has carried through to their later generation of releases (XP, Vista, Windows 7) which are currently the most commonly found versions of Windows at Penn. The following document provides tips geared to helping you secure a modern Windows system.

If you're ready for a more in-depth approach to Windows security, we recommend the tools and checklists available from the Center for Internet Security (www.cisecurity.org).

Unix/Linux

Because there are many different versions, or "distributions" of Unix-based operating systems and their PC-based Linux cousins, and there are many slight variations between them, it is very difficult to come up with a list of security tips common to all that can be implemented in exactly the same way. For this reason, Unix and Linux users should be familiar with the websites and support operations for their particular operating system vendor. At Penn, Sun's Solaris operating system tends to be the most common Unix variant, while Red Hat tends to be the most popular Linux distribution. This is by no means a complete list, and each version has its own loyal adherents. In any case, Unix/Linux users tend to be "hands on" kinds of users who are more willing to "get under the hood" of their operating system and can make good use of more technically-oriented sites like these:

We also recommend the tools and checklists available from the Center for Internet Security (www.cisecurity.org).

Macintosh

Newer Macintosh computers from Apple Corporation run on the latest version of their operating system called Mac OS X, which is actually a variant of Unix. Earlier versions of Mac OS (9 and below) are different, and have configuration and operating security issues of their own. Whichever version of Mac OS you are running, the following websites have valuable tips and information.

Last updated: Friday, October 8, 2010

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania