Preventing Workstation Intrusions

 

Securing desktop workstations is a critical component of any IT infrastructure in order to prevent unauthorized access to sensitive information and resources. Since default desktop configurations are not secure, you must configure new workstations to reflect your security requirements and reconfigure them as your requirements change.

 

Physical Security

 

1.      Set the boot order to access the appropriate hard disk first to prevent unauthorized users from accessing you system via a boot floppy or CD.

2.      Set a boot password to prevent unauthorized access to your operating system.

§         Changing the boot order and setting a password can be set in the BIOS. Contact the Help Desk for assistance.

3.      If possible, physically lock the case of the machine.

4.      Secure sensitive data stored on removable storage media (e.g. floppy disk).

 

Operating System Security

 

1.      Do not install unacceptable or unnecessary software, especially from unknown sources.

§         Absolutely no file sharing programs (Kazaa, Limewire, Bearshare, etc.), chat software (AIM, ICQ, MSN Messenger, etc.), or IRC clients.

§         Unnecessary programs such as Gator, Bonzai Buddy, Webshots, GoZilla, or Weatherbug can hog system resources or pose a potential security risk.

2.      Install the latest patches, service packs, and updates.

§         windowsupdate.microsoft.com

§         www.apple.com/support

3.      Install and maintain anti-virus and firewall software. Update virus definitions once a week.

§         Anti-Virus: McAfee VirusScan, Norton Antivirus, Kaspersky Anti-Virus

§         Firewall: ZoneAlarm, Sygate Personal Firewall, Norton Internet Security

§         Anti-Trojan: Tauscan, The Cleaner, TDS-3 Trojan Defense Suite

4.      Practice safe web browsing and email management.

§         Disable ActiveX in Internet Explorer. For extra security disable Java as well.

§         Only download attachments if you know exactly what it is and trust the source.

5.      Encrypt sensitive data sent over a network. It is recommended to use SSH and SFTP instead of Telnet and FTP.

§         Windows: SSH Secure Shell, PuTTY

§         Mac OS: MacSFTP, MacSSH (Classic), JellyfiSSH (OSX), NiftyTelnet SSH (Classic)

6.      Set appropriate passwords. Use at least 8 characters and try to use a mix of characters (mix uppercase and lowercase letters with digits). Change your password every 60 days.

7.      Set a screensaver password to restrict access to your system while you are away.

8.      Rename the default Administrator account and disable the Guest account.

 

If you have any questions contact the Help Desk at (909) 869-6776 or visit us at http://www.csupomona.edu/~helpdesk.