I T S header graphic. Link to UHINFO. Link to ITS homepage. Link to ITS homepage.
InfobITS logo, volume 7, number 1, spring 2001.


Go to previous articleGo to next article

Information Security is EVERYONE'S Responsibility!
by Jodi Ito

The February 12, 2001 Computerworld article is titled: "University Computers Remain Hacker Havens". This article describes how computers on various university campuses were used to launch full-scale denial-of-service attacks in February last year which disabled high-profile web sites such as Yahoo!, E*Trade, and eBay. And more importantly, it identifies some of the reasons why university computers are vulnerable targets of hackers. One of the reasons cited is "University IT departments don't have responsibility for securing the research machines - and it's not clear who does have that responsibility." In reality, we ALL share that responsibility. Information security is EVERYONE'S responsibility! There are steps that you can take to protect your computer.

Any desktop computer or server could be used to host viruses, trojan horses, and other malicious programs. We all should be aware of the security issues related to our daily use of computers. Here are some basic steps and precautions that you, as a computer user, can take to help secure your computer and to protect the integrity of information stored on it.

Beginning with physical security, some basic recommendations are to turn your system off at night and during the weekends, don't stay logged-in to your system or e-mail while you are not there, and use locking screen savers if you need to leave your system on and unattended for any prolonged length of time (a locking screen saver is built-in to Windows). An unattended, unlocked system allows anyone to walk up to your computer and access files and information (and potentially your e-mail) stored on your computer when you are not there.

Any computer that is connected to a network and "always on" may be vulnerable to intrusions when the system is turned on. There are readily available tools on the Internet that allow other people to scan your system for well-known vulnerabilities. You may want to consider installing a personal firewall on your system to track network activity with the caveat that the firewall will need to be properly configured and monitored to be effective and that an incorrectly configured firewall may interfere with your network usage.

Install anti-virus software and update virus definition files on a regular basis. The largest threat on the Internet is the propagation of viruses and malicious programs through e-mail. You should ensure that attachments are not automatically opened and/or executed and ensure that all attachments are scanned for viruses prior to opening them.

Install operating system (OS) and application patches. When OS and application vulnerabilities are discovered, the developer will create patches to correct the problem, which you must then download and install on your system. Most hacker programs and tools take advantage of these vulnerabilities. By keeping up-to-date with patch releases, you will reduce your risk of being compromised.

Turn off unnecessary services such as file and print sharing. If you have to enable these services, enable password protection. There are publicly available tools that scan the Internet for unprotected file sharing and publicizes the IP number of the vulnerable system to various newsgroups.

Make routine backups, especially of your most critical data and information AND test your backups to ensure that you can recover the information should you need to. Backups are like insurance-- you never know when you'll need it, but you'll be glad you have it in a crisis.

Protect passwords, select a "strong" password, change them regularly, and don't use the same passwords for different accounts. Don't tape passwords to your monitor, or hide them under the keyboard or mouse (those are the first places people look). Choose passwords that are difficult to guess. Don't use your first or last name, user ID, SSN, telephone number, birth date, or dictionary words (most password cracking programs will test against these items). Choose passwords that are at least 8 characters in length and use a combination of upper, lower and special characters.

These are some precautions that you can take to secure your desktop systems. If we all do our part, although we may not be able to eliminate attacks, we can certainly impede the efforts of those who threaten the integrity of our systems.


Return to contents
Go to Infobits homepage
Go to next article
Information Technology Services
Maintained by: editor@hawaii.edu
©2001 University of Hawaii
Updated: April 06, 2001