Tweet
As a rule the weakest link in the security chain is user error. Since the measures listed below are aimed at promoting secure user behaviour, they are extremely effective in lowering the risk of a security breach. For a security plan to be effective when using the Internet it is essential that users actually read, understand and follow the suggestions given.
When using machines in a wide organisation user education is the key. To make evident the risks must be made evident to new users. It may be an idea that users actually be prompted by it prior to using the organisation's systems. This can be done through the distribution of a Acceptable User Policy.
Creating and adhering to a AUP, will save money for the organisation in a number of ways:
Viruses, Worms and Trojans
a) Purchase a leading anti-virus software package, one that will scan incoming mail messages and files on-access automatically.
b) Update anti-virus software definitions weekly, if not more often (ideally, the AV software should update the virus definitions automatically.) Updates are available at the vendor's Web site and are very simple to perform.
c) Use the anti-virus software to run full disk scans (i.e. scan the entire computer) monthly, if not more often. Full disk scans should also be scheduled to run automatically.
d) Learn how to identify virus hoaxes from real threats. Over-reaction to hoaxes can cause unnecessary panic and overload network bandwidth. To determine whether or not a virus warning is legitimate, visit one of the following sites: F-Secure, McAfee's Virus Information Library, Trend, or Vmyths.
e) Install a firewall, such as ZoneAlarm, which is free to home users, to protect against Trojans and other unauthorized access to a machine.
f) Scan all floppies, CDs, or other external media that have been used on external systems or that you receive from others (including friends and family.)
E-Mail Security
a) Do not open attachments unless absolutely necessary, especially if they are sent by someone unknown to the recipient.
b) Do not open EXE, BAT, VBS, and SCR type attachments ever, since they are common vectors for virus/malware infections. Consider installing updated packages or the Microsoft Office 2000 E-mail Security Update, to block such attachments.
c) Always scan attachments manually with antivirus software before opening them, if they must be opened.
d) Open up scanned attachments, such as a DOC files, from within the program rather than simply double-clicking on an attachment. If a document is in question, such as a DOC file, it can be opened up in a program like WordPad to view the text contents without the risk of a macro virus infection.
e) If you are using Outlook or Outlook Express e-mail software configure e-mail messages as "Restricted Zone" (go to Tools/Options /Security, then choose Zone in the window below.)
f) Consider using a plain text (non-HTML) e-mail reader such as Eudora or The Bat!
g) If possible, set your e-mail cli ent to send messages in plain text (for Outlook go to Tools/Options/Mail Format, and then choose Plain text from the windows below).
HTML mail
a) Do not use Web-based e-mail systems for the communication of any sensitive information.
b) However boring it might be, you should review the licensing agreement with the service before you click "I Agree". Some free e-mail services actually own the content of your messages sent through their web service.
c) Follow the same attachment policy as with company and personal e-mails.
eb Browsing
a) It is strongly suggested to disable dangerous web features, such as ActiveX. ActiveX applets (or "controls" as they are called) are downloadable programs that are run by your system. Unlike the normal EXE files, ActiveX can be run transparently in your Internet Explorer to perform any action such as erasing files or stealing your passwords.
For more information on ActiveX dangers see http://www.digicrime.com/activex/ .
b) Disabling JavaScript is recommended, but may be unrealistic for some users, as many web sites use it for navigation. JavaScript can be used to steal e-mail passwords, form contents and even modify the Windows registry where the system settings and some passwords are recorded.
Network Connections
a) Turn off File and Printer Sharing. If sharing must be enabled, make sure it is password protected; only sharing necessary directories.
b) Install a personal firewall to protect your computer from intrusion attempts and Trojans, there are many free products that are available for download on the internet.
c) Avoid the use of insecure network applications such as ICQ, AIM or IRC for discussing private information. The content of such communication can be seen by third parties, used for attacking your system and deploying viruses.
d) Use a secure network operating system, with all the latest patches installed.
e) Suspend or lock all user accounts for staff that have left the company to prevent those accounts being abused by hackers as a backdoor into your systems.
General Security for Home Users:
When using machines in a wide organisation user education is the key. To make evident the risks must be made evident to new users. It may be an idea that users actually be prompted by it prior to using the organisation's systems. This can be done through the distribution of a Acceptable User Policy.
Creating and adhering to a AUP, will save money for the organisation in a number of ways:
- Lowers the risk of virus/spyware infection, saving money in productivity and virus/spyware mitigation time.
- Establishing and enforcing a sound e-mail usage policy may save your company the expense and hassle of litigation. It may also save the organization from damaging negative publicity that can result from a security incident.
- Protecting client machines with personal firewalls can prevent confidential information from being seen by outsiders.
- Critical business operations will not be interrupted as often, if at all (dependent upon many factors), when employees practice safe computing within a security oriented organization.
Viruses, Worms and Trojans
a) Purchase a leading anti-virus software package, one that will scan incoming mail messages and files on-access automatically.
b) Update anti-virus software definitions weekly, if not more often (ideally, the AV software should update the virus definitions automatically.) Updates are available at the vendor's Web site and are very simple to perform.
c) Use the anti-virus software to run full disk scans (i.e. scan the entire computer) monthly, if not more often. Full disk scans should also be scheduled to run automatically.
d) Learn how to identify virus hoaxes from real threats. Over-reaction to hoaxes can cause unnecessary panic and overload network bandwidth. To determine whether or not a virus warning is legitimate, visit one of the following sites: F-Secure, McAfee's Virus Information Library, Trend, or Vmyths.
e) Install a firewall, such as ZoneAlarm, which is free to home users, to protect against Trojans and other unauthorized access to a machine.
f) Scan all floppies, CDs, or other external media that have been used on external systems or that you receive from others (including friends and family.)
E-Mail Security
a) Do not open attachments unless absolutely necessary, especially if they are sent by someone unknown to the recipient.
b) Do not open EXE, BAT, VBS, and SCR type attachments ever, since they are common vectors for virus/malware infections. Consider installing updated packages or the Microsoft Office 2000 E-mail Security Update, to block such attachments.
c) Always scan attachments manually with antivirus software before opening them, if they must be opened.
d) Open up scanned attachments, such as a DOC files, from within the program rather than simply double-clicking on an attachment. If a document is in question, such as a DOC file, it can be opened up in a program like WordPad to view the text contents without the risk of a macro virus infection.
e) If you are using Outlook or Outlook Express e-mail software configure e-mail messages as "Restricted Zone" (go to Tools/Options /Security, then choose Zone in the window below.)
f) Consider using a plain text (non-HTML) e-mail reader such as Eudora or The Bat!
g) If possible, set your e-mail cli ent to send messages in plain text (for Outlook go to Tools/Options/Mail Format, and then choose Plain text from the windows below).
HTML mail
a) Do not use Web-based e-mail systems for the communication of any sensitive information.
b) However boring it might be, you should review the licensing agreement with the service before you click "I Agree". Some free e-mail services actually own the content of your messages sent through their web service.
c) Follow the same attachment policy as with company and personal e-mails.
eb Browsing
a) It is strongly suggested to disable dangerous web features, such as ActiveX. ActiveX applets (or "controls" as they are called) are downloadable programs that are run by your system. Unlike the normal EXE files, ActiveX can be run transparently in your Internet Explorer to perform any action such as erasing files or stealing your passwords.
For more information on ActiveX dangers see http://www.digicrime.com/activex/ .
b) Disabling JavaScript is recommended, but may be unrealistic for some users, as many web sites use it for navigation. JavaScript can be used to steal e-mail passwords, form contents and even modify the Windows registry where the system settings and some passwords are recorded.
Network Connections
a) Turn off File and Printer Sharing. If sharing must be enabled, make sure it is password protected; only sharing necessary directories.
b) Install a personal firewall to protect your computer from intrusion attempts and Trojans, there are many free products that are available for download on the internet.
c) Avoid the use of insecure network applications such as ICQ, AIM or IRC for discussing private information. The content of such communication can be seen by third parties, used for attacking your system and deploying viruses.
d) Use a secure network operating system, with all the latest patches installed.
e) Suspend or lock all user accounts for staff that have left the company to prevent those accounts being abused by hackers as a backdoor into your systems.
General Security for Home Users:
- Stay informed of relevant information security development by visiting Internet security news sites, such as Zdnet or SecurityFocus.
- Perform system manufacturer security patch updates on a regular basis, such as Windows Update
- Use a lower risk format to exchange documents, such as RTF or text files, which are not vulnerable to the transmission of viruses and other malware.
- Backup your files regularly on ZIP disk or CD-R. This measure ensures that vital information will not be lost in the case of viruses and general hardware failures.
- Create an emergency boot disk for your computer and keep it in a safe place.
- Ensure that effective passwords are used. Use a long, easily remembered password: one method is to use passwords made up of the first letters of a phrase that is meaningful to you. Passwords should consist of 6 - 9 characters and should include upper and lower case letters as well as numbers and other symbols. Passwords should also be changed on a regular basis.
- What ever platform you are using Windows 2000/XP or Linux etc, do not use administrator accounts for routine activities, create specific user accounts with limited control over the system.
