Safe Computing Practices
The CUA Technology Services strongly recommends that you follow these practices when using a computer connected to the Internet, via ResNet or your own ISP.
(Although these steps are Microsoft Windows-centric, the same principles apply to other operating systems such as Apple Mac OS X or Linux.)
- Use virus protection software on your computer.
Windows Defender antivirus software is built into Windows 8. Microsoft provides its Security Essentials for Windows 7 as a free download for personal use.There are many commercial antivirus software packages available, including Symantec Norton AntiVirus and McAfee VirusScan. Your computer may have come with a full or trial version of one of these packages.
What is Antivirus Software (Microsoft)
Be sure to configure your antivirus software to download virus definition updates automatically so that you are protected against the latest viruses.
- Use firewall software on your computer.
Microsoft Windows has a firewall feature built-in. Be sure that it is enabled.
Windows Firewall from start to finish (Microsoft)
Please note that some antivirus software packages replace the built-in Windows firewall with an enhanced version of their own.
- Configure your computer to download critical updates automatically.
Microsoft Windows can download and install critical updates automatically. You should make sure that this feature is enabled.
Understanding Windows Automatic Updating (Microsoft)
- Scan your computer regularly for spyware.
Spyware is software that generates advertisement pop-ups, collects personal information, tracks your web browsing or changes your computer configuration, usually without your knowledge.
Signs that your computer may have spyware installed include unexpected or excessive pop-up windows and slow computer performance.
Most antivirus software packages such as Microsoft Security Essentials also include antispyware features.
You should scan your computer for spyware every week.
- Run Microsoft Update periodically to get non-critical updates.
On Windows, open the Control Panel, and under System and Security, Windows Update, select "Check for updates".
You should do this at least once a month.
- Keep your web browser up-to-date and use its security features.
Be sure to keep your web browser up-to-date. You should always run the latest version in order to take advantage of the security enhancements that have been added to the program. If you run Microsoft Windows, this means that you should be using version 8 of Internet Explorer.
Turn on security-related browser features. In Internet Explorer 8, using Tools, Internet Options, set both the Security and Privacy setting to Medium-High or more, and be sure that Pop-up Blocking is enabled.
- Exercise extreme caution when opening e-mail attachments.
Unless you and the sender arranged in advance that an attachment would be sent, it is safest never to open e-mail attachments. E-mail attachments are a primary method used to spread computer viruses.
Never open any e-mail attachment if you are not running antivirus software with up-to-date virus definitions.
Be careful when downloading programs and viewing Web pages.
Take care not to run any program that does not come from a company or other entity that you trust.
Note that Web pages can sometimes contain malicious program code that executes silently as you view the page.
Turn off the preview pane in your e-mail program if possible. Many e-mail messages are written in the same language as Web pages; these may contain malicious code.
If you are visiting a Web page and are prompted to install software unexpectedly, click "No" or "Cancel."
Email and web scams: How to help protect yourself (Microsoft)
Scan your computer for spyware every week.
Use instant messaging wisely.
Don't accept messages from sources that you don't recognize. Configure your IM program to accept messages only from users on your contact list ("buddy list"). If someone is bothering you via IM, remove them from your IM program's contact list. If problems continue, abandon your IM screen name and select another, giving the new name to trusted friends only.
Don't accept file transfers via your IM program. You have no way of knowing whether the file being transferred is malware or contains viruses.
Even if you know the person sending the message, don't click on web links in IM messages. Some viruses work by sending IM messages containing web links that can appear to be from someone you know.
Use social networking sites safely.
Keep control over the information you post to Facebook, MySpace, Twitter and other social networking sites by limiting access to your pages to just your friends.
Use a different password on each of your social networking sites.
Don't list personal information such as your full name, address, phone numbers, Social Security number or bank and credit card numbers on social networking sites.
Consider opening a free e-mail account that is dedicated to your social networking site, and then forward that e-mail to your primary account in order to keep your primary e-mail account more private.
Do not allow social networking sites to scan your e-mail address book. This helps protect your friends' e-mail addresses.
11 tips for social networking safety (Microsoft)
Intenet and Social Networking Safety (US-CERT)
Use strong passwords.
Your logon password is the first line of defense in protecting you and your data from intruders. It is important that you select a strong password: make it at least eight characters long (14 or more characters is better); use at least one uppercase letter, lowercase letter, number and symbol; use phrases to create easy to remember passwords that are hard to guess.
How to create & use strong passwords (Microsoft)
- Never share your password.
Do not share your password with anyone else--ever! Tech support staff will never ask you for your password; if they do, it is likely a scam--do not provide it. If someone does learn your password, change it immediately.
When changing passwords, don't reuse an old one. Always choose a new password that you haven't used before.
Even if you think no one else knows your password, change it frequently, at least once every three months.
Don't use the same password for different purposes. For example, the password you use for your Windows computer logon, the password you use for your online banking website and the password you use to log onto a social networking or store website should all be completely different.
Access administrative data only through the administrative system interface.
The safest place to work on sensitive data is on your CUA staff or faculty computer, while on campus. The safest way to work on sensitive administrative data is through the administrative system interface, not by downloading it into a file or another program.
If you do need to work on sensitive data that is stored on your local hard drive or removable media, be sure that it is always encrypted.
- Check the CUA Campus Resource Status Board for problems.
If you are experiencing a problem using your computer on Resnet, check the Technology Services support website at techsupport.cua.edu for service outage announcements.You can also send email to firstname.lastname@example.org to enter a service request.
- Stay Safe Online (StaySafeOnline)
- Using Caution with Email Attachments (CERT)
- Secure Your Computer (StaySmartOnline)
- Best Practices for Keeping Your Home Network Secure (PDF) (NSA)
- Reducing Spam (CERT)
- The Ten Immutable Laws of Security (Microsoft)
- How to boost your malware defense and protect your PC (Microsoft)
- Protecting your Computer (Get Safe Online)
Apple Mac OS X
- Mac OS X Security (Apple)
- Protect your Mac (Get Safe Online)
- Five tips for better Mac security (Naked Security)
- How to Make Your Mac More Secure (MacLife)
- Basic Ubuntu Security Guide, Desktop Edition (Ubuntu)
- Hardening the Linux Desktop (IBM)
- Linux Security for Beginners (Linuxtopia)