Securing your Desktop Computer
If your computer has been compromised, Information Technology Services (ITS) reserves the right to block your IP/MAC Address from connecting to the network in order to protect the integrity of the University of Hawaii network. Information on getting your computer unblocked can be found at: http://www.hawaii.edu/askus/686. For Manoa campus, please call your IT department or the ITS Help Desk for additional assistance.
The information below will provide you with information on how to best secure your computer from being compromised by unauthorized intrusions and viruses. Please note that despite one's efforts, there is no product that will stop a determined hacker.
- Keep your software up-to-date. Periodically, companies will release updates that provide software enhancements and security fixes. For Microsoft Windows XP and later, Microsoft provides an auto-update feature.
- Install anti-virus software and update the virus definition file regularly. Active University of Hawaii faculty, staff, and students may download anti-virus software.
- For email attachments, if you have any hesitations, please do not open attachments you receive. Email attachments are a common source of viruses. Although, ITS has an email scanner on the mail server (@hawaii.edu), it is possible that it will not catch all viruses.
- For further protection, a firewall product might be needed. Most desktop systems don't necessarily have to have this, as it requires someone with some technical knowledge and time to manage well. However, firewalls will lower the odds of an unauthorized access to your computer and might be necessary if the data is extremely confidential and requires additional security. It should be noted that with a firewall, ITS standard network troubleshooting techniques can no longer be used (firewalls will also block our efforts to ensure that your Internet connections are working). Users are required to have their own IT Specialist to troubleshoot their firewall and any network connections for their computers behind a firewall.
Security Updates and Operating System updates
Microsoft Windows XP and later have an auto-update feature. This auto-update feature periodically connects to the Microsoft website to see if they are any updates to your Windows Operating System or Internet Explorer. If any updates are available, the auto-update feature will let you know. It will then give you an option to install, install later, or deny the new updates. To manually check for updates:
- For Windows XP: please visit http://update.microsoft.com/ using Internet Explorer.
- For Windows Vista/Windows 7: click the Start button, click All Programs and click Windows Update.
Macintosh OS X also has an auto-update feature. Like Microsoft Windows, the auto-update feature will periodically check the Apple website for updates. If updates are found, the feature will notify you. If you would like to manually check for updates, please visit http://www.apple.com/support/downloads/.
MS Office Updates
Microsoft releases updates for their Microsoft Office software. These updates provide feature enhancements, bug fixes, and security fixes. Microsoft Office updates are included with Windows Updates.
If you use a departmental email server, please check with your IT support person to see if anti-virus protection is provided. If anti-virus protection is not available, you can still protect your department issued email account by forwarding email through your Google@UH email account first. In addition to setting up email forwarding you should advertise your @hawaii.edu account so that email messages will be routed through the UH email server and scanned by the anti-virus and SPAM scanner before it reaches your department issued email address.
Active UH faculty, staff, and students are eligible to install anti-virus software provided by ITS. NOTE: UH faculty, staff, and students must remove the software from any personal computers once they are no longer affiliated with the University. You may download it here.
Spyware is one of the common reasons a computer can get blocked from the University of Hawaii network. Spyware is defined as software that gathers user's information through the Internet without his or her knowledge. Once installed the software monitors user's activity on the Internet and transmits the information to a third party.
ITS-Recommended Anti-Spyware McAfee AntiSpyware Enterprise, Malwarebytes (MBAM), and SuperAntiSpyware are described at http://www.hawaii.edu/askus/670
Other anti-spyware programs are listed below.
Ad-Aware is a spyware removal program that may be used free for home use. (If you are using a computer on a University of Hawaii campus or a computer with a University of Hawaii decal, it does not qualify for free use, and should be licensed accordingly.) You can download the Ad-Aware software and view the instructions at http://www.lavasoftusa.com/software/adaware/. This software is recommended for students and faculty/staff with personal home computers and the software is free.
Spybot S&D (Search & Destroy) is a free spyware removal program that we also recommend for home use. You can download the Spybot software and view the instructions at http://www.safer-networking.org/en/index.html.
If you have any problems or questions, please send email to email@example.com.
Although, ITS does not support any particular firewall product, there are several you may want to try. If you feel that you may have discovered a firewall software that ITS should test and support, please send email to firstname.lastname@example.org. If you have a particular departmental need or would like assistance, please call Jan Kawachi at 956-9595 for advice.
All user accounts on your computer should have a password, especially your Administrator or Power User accounts. If you are mapping any drives from/to your computer, please make sure they are password protected. Some viruses propagate via unprotected drive mappings. Password Guidelines document can help you select a strong (difficult to guess or to break) password: http://www.hawaii.edu/askus/705
If you keep any sensitive information on your computer, the information should be encrypted. Current versions of Windows and Macintosh operating systems have built-in encryption features. For more details on using Windows encryption, please read: http://www.hawaii.edu/askus/1285. For Macintosh encyption, please read: http://www.hawaii.edu/askus/676 .
Access control: Physical access to machines should be controlled and monitored. Unknown individuals should NOT be able to walk up to any unattended computer unchallenged. In open environments, physical lockdown devices (cable security locks, CPU locks, etc.) should be considered. Lock individual office doors at the end of the day. Provide as many layers of defense as possible.
Partitioning of physical environments into security zones: More sensitve computers should be located in areas that can be more tightly locked down.
Alarm systems: Depending on the sensitivity of the information stored on servers and computers, 3rd party alarm systems may be a consideration.
Education: People are the best alarms. If someone does not belong in the area, they should be physically challenged: ask the unknown individual if they need help, what business they have, who sent them, and call to check credentials (but call a number from a trusted source). You can always ask them to return at a pre-arranged date and time. If it's legitimate, they will return.
Make regular backups of your critical data (at a minimum) and test your backups to ensure that they are readable. Windows 7 has a backup feature builtin to the operating system. Macintosh OS X also has a backup utility included in the operating system.
last updated: September 2012