Quick Info DoIT Home Forms Forwarding your e-mail Help Desk Service Request Internet Account Request Password Change Server Maintenance Schedule Technical Support Documentation

Safe Computing

Introduction

"Safe Computing" refers to practices and tools used to protect information stored and entered into a computer. Safe computing practices include keeping software updated (patched), installing anti-virus and anti-intrusion software, using complex passwords, making regular backups, and exercising caution when opening e-mail attachments and visiting un-trusted Web sites. This document outlines the main aspects of Safe Computing and provides links to tools and additional resources to repair and protect personal computers.

Software Updates | Anti-ware | Security | Backups | E-mail & Web
Sign-up for Safe Computing Alerts

Software Updates

The Internet has made it very easy for computers to be attacked, making it increasingly important that all computers are protected using up-to-date operating system and application software.

• Operating systems: Current operating systems (Mac OS X and Windows XP/2000) have an auto-update setting that should be turned on whenever possible. The auto-update feature can be set to automatically download and install updates or it can be set to download and ask the user if they would like to install the updates. Recently Microsoft released service pack 2 (SP2) which turns on the auto-update feature by default.
  • How to download and install Windows updates
  • How to download and install Mac OS updates
• Microsoft Office: Microsoft periodically releases updates and security patches for the Microsoft Office suite. Certain Office programs, particularly Microsoft Outlook, have many known security holes. It is strongly recommended to upgrade to Microsoft Office 2003 and install all Office updates to prevent malicious attacks.
  • How to download and install Windows Office updates
  • How to download and install Mac Office updates
• Web browsers: Internet Explorer has several known security holes with patches available to correct most of them. Windows will automatically install these patches when the operating system is updated. Mac OS users should check for updates at Microsoft's Web site. Other Web browsers such as Netscape, Mozilla/Firefox may need manual updates to keep them secure.
• Check VersionTracker for the latest version

 

TOP OF PAGE

---

Anti-ware

Viruses, worms, spyware, pop-ups, and adware infect computers via e-mail attachments, Web sites, exchanging files and software security flaws. It is important to install, use and update anti-virus and anti-spyware software to help prevent infections and to try to repair computers that are already infected.

• Anti-virus software: Anti-virus software is used to detect/remove viruses and to protect a computer from future attacks. After installing anti-virus software it is important to keep it updated as new viruses are introduced daily. Verify the anti-virus software is regularly updating the virus definitions by checking the date of the virus definitions installed on your computer. (VirusScan typically updates weekly and Virex monthly). Perform a full scan of your hard drive for viruses and scan all new files. Periodically check for new versions of anti-virus software.

  Server anti-virus software has been installed on the centralized campus email server to filter out virus-infected email. To keep current with the latest updates, the virus definition file is automatically updated every four hours.

  • How to download and install Windows VirusScan
  • How to download and install Mac OS Virex
• Anti-spyware/anti-intrusion software: There are a number of different anti-intrusion programs available. These programs are also known as anti-virus, anti-spyware, adware and anti-malware. Multiple programs must be installed as there is no single program that can solve all problems. Some programs detect and remove existing problems, others protect from future attacks. It is very important to understand that some anti-intrusion software, distributed free or for a fee, is actually software designed to attack. Only install anti-intrusion software obtained from a reputable source.
  • How to detect and remove spyware

• Pop-up blockers: One symptom of a spyware infection is uncontrollable pop-up windows. Use anti-spyware to remove the spyware before installing any pop-up blocker software. Pop-up blocker software is used to control all future pop-up windows and installing it is a matter of personal preference. Many programs claiming to prevent pop-up windows are bogus and will purposely generate more pop-up windows. Only install pop-up blocking software obtained from a reputable source.
  • How to block pop-up windows

 

TOP OF PAGE

---

Security

• Firewalls: Firewalls are used to protect computers from network-based attacks. Firewalls can be software or hardware. Hardware-based firewalls are physical devices that are placed between a computer, or network of computers, and the Internet. Software-based firewalls are included with Windows XP and can be installed separately on many other operating systems. All computers should use a software-based firewall when available. Off-campus users with high-speed DSL or Cable Internet connection should consider using a hardware-based firewall if they do not already have a router with a built-in firewall.

  A hardware-based, network firewall for administrative areas (Administration, SSB and Corp Yard) protects workstations on the SFSU network against attacks from outside of the firewall. Hackers outside the university are not able to scan the network for vulnerabilities or infect workstations from outside of the firewall. However, viruses and worms can still be spread to other workstations via email and file transfers within the firewall. A network firewall does not control spyware, laptops brought to and from campus, and security problems within the firewall.

• How to turn on the Windows XP firewall
• Passwords: Windows and Mac OS computers should have a strong password to prevent unauthorized access. A strong password is one that has at least eight characters and includes upper and lower case letters as well as numbers or special characters.
• How to set a strong Windows password
• Software: Use software that supports the highest security connection method offered. Instead of telnet use SSH, instead of FTP use SFTP.
• How to download SSH and SFTP software
• Network: Proactive network tools assist DoIT to manage the campus network, including network intrusion detection and monitoring tools. A network intrusion detection module, residing on the core campus network switch, helps with network monitoring by detecting network attacks and intrusions. Network monitoring tools (MRTG and SMARTS) help identify abnormal network activities. In addition to network tools, active system and network log monitoring is performed daily to help identify any security-related issues.

  Authentication tools also assist DoIT in verifying the user is part of the campus community; two tools are virtual private network (VPN) and authenticated wireless services. VPN allows faculty and staff to access secured campus computer resources from off-campus via encrypted connections. Campus wireless services are authenticated to ensure authorized usage, reducing the risk of network attacks and security breaches from unauthorized users.

 

TOP OF PAGE

---

Backups

The best way to way to protect from losing data is to make regular backups.

• Backups: All files that cannot easily be recreated should be regularly backed-up. Files can be backed-up to removable media (disks, CDs, memory sticks) or to a network drive. Backup software can be used to automate backing-up files. Store backups in a safe place, off-site if possible.
• How to backup files

 

TOP OF PAGE

---

E-mail and Web

Opening infected e-mail and visiting malicious Web sites are very common ways computer security is compromised.

• Viruses: Viruses are frequently distributed using e-mail messages and attachments. SFSU scans and intercepts incoming e-mail messages sent to @sfsu.edu addresses for viruses. A good second line of defense is to use up-to-date anti-virus software that can intercept infected messages. However, since new viruses are continually introduced it is advisable to be suspicious of all e-mail messages. When in doubt, don't open the attachment.
• How to download and install anti-virus software
• Spam: E-mail spam generally does not affect computer security. However, most spam that promotes computer security solutions is really selling rogue products that reduce computer security. SFSU scans incoming e-mail messages for characteristics that make them appear to be spam. Never use the "unsubscribe" feature of spam unless you knowingly subscribed. If you reply to or unsubscribe from spam it lets the sender know your e-mail address is valid.

  Anti-spam software has been installed on the centralized campus email server. Server anti-spam software assists with identification of spam, and filters out those messages that are acutely identified as spam.

• How spam is rated and filtered at SFSU

• Web: Never use the Web browser option to store user names or passwords.

TOP OF PAGE

DoIT continually evaluates new solutions for workstation security and network access as the solutions become available. DoIT will incorporate a product as it becomes a viable solution, such as anti-virus and Pest Patrol software, and as funding permits.

---

Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us

---

Last Modified: 27 Jan 2005
doit@sfsu.edu