• Home
  • Resources
  • Students
  • Desktop Security Best Practices
Desktop Security Best Practices

Keep operating system patches up to date
Windows:  http://www.microsoft.com/protect/default.mspx

Macintosh: http://www.sans.org/rr/papers/index.php?id=237

Obtaining Antivirus Software and Installation
To obtain the University provided Symantec Endpoint Protection, follow this link:
http://www.umaine.edu/it/software/antivirus/
Install using the Client setting and Unmanaged. 

Software Updates:
Updated versions of software are released periodically as “bug fixes” or patches as flaws in the software are found. To ensure the most effective security for your PC it is a good idea to review and install these patches as they become available for any software installed on your PC.

Email Attachments
Some computer virus infections are transported via email as attachments. NEVER open an attachment without first verifying the sender actually intended to send the information as an attachment.

Enable Personal Desktop Firewall
a. Windows – Security Website
http://www.microsoft.com/protect/default.mspx
e. Macintosh – General Security Issues via SANS Web site  http://www.sans.org/rr/whitepapers/apple/237.php
The following article lists several good tips to securing accounts and suggests services which can be disabled (http://www.windowsecurity.com/articles/Windows_XP_Your_Definitive_Lockdown_Guide.html). University employee’s can obtain additional assistance in setting up a firewall on their computer by calling the IT Help Center at 581-2506.

Exercise Extreme Caution Using Peer-to-Peer File Sharing
Peer-to-Peer file sharing can open any desktop PC to numerous security vulnerabilities. Software such as KaZaA, Limewire, Ares and Bearshare normally install with file sharing activated. This means that other computers running the same software, whether locally or anywhere on the Internet, can download from the shared folder on this PC. As with any process, if it is not necessary, disable it.
Utilize “good” passwords and change them at least every 90 days

General Password Construction Guidelines
Poor, weak passwords have the following characteristics:
· The password contains less than eight characters
· The password is a word found in a dictionary (English or foreign)
· The password is a common usage word such as:
•    Names of family, pets, friends, co-workers, fantasy characters, etc.
•    Computer terms and names, commands, sites, companies, hardware, software.
•    Birthdays and other personal information such as addresses and phone numbers.
•    Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
•    Any of the above spelled backwards.
•    Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Strong passwords have the following characteristics:
•    Contain both upper and lower case characters (e.g., a-z, A-Z)
•    Have digits and punctuation characters as well as letters e.g., 0-9!@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
•    Are at least eight alphanumeric characters long.
•    Are not a word in any language, slang, dialect, jargon, etc.
•    Are not based on personal information, names of family, etc.
Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
NOTE: Do not use either of these examples as passwords!

Perform regular scheduled backups
Do not store backups on the machine you are backing up!  If the computer is lost, stolen or destroyed your data is gone just as surely as if you did not have backups.  Do keep (at least one) backup in a location other than where your computer resides.  If a fire destroys the building your computer and backup are stored in your data will be lost.  Protect the backups from unauthorized access; they contain the same information you have on your computer!

Avoid Programs containing Spyware
Examples of programs that historically contain spyware and other malicious software are:
•    eDonkey
•    Limewire
•    Kazaa
Stay away from these programs if possible.
There are a number of utilities available such as SpyBot Search and Destroy, and Microsoft Windows Defender that will aid with cleaning infections of spyware. As with anti-virus software, these need to be run on a regular basis and kept updated.
Shutdown your computer when not in use

Log out or lock computers when you step away

Keep sensitive information only as long as you need it

Desktop Security Tips
•    If anyone asks you for any of your passwords or PINs, do not give it to them.
•    If you are running Windows XP Professional (if on a networked computer as an administrator user), you can hit Ctrl-Alt-Del and then selecting "Lock Computer" to lock your computer. To unlock your computer, hit Ctrl-Alt-Del again and enter in your password.
•    We strongly recommend that you set your screen saver to require a password to return to your computer.   
•    No matter what operating system you have running, whenever you have finished work within a web-based application you should log out of the system by finding the "Log Out" or "Sign Off" button.

Copyright ©2006-2014 University of Maine, Information Technologies. Some rights reserved.
This site was designed to meet Section 508 Guidelines (see our accessibility statement.)
Created and maintained by the Faculty Development Center, IT.