Protect Your Home Computer Operating System

The protection of all home computers that have access to the University of Western Ontario network is the responsibility of the individual accessing the network.

You must ensure that your home computer system:

  1. Does not provide any unauthorized access point into the University network
  2. Does not spread any virus/Trojan infection to the University network
  3. Does not compromise the network or any data on the University network in any way.

The following are recommendations to help ensure a safe home computing environment and should be followed by all individuals that access the University network.

At a basic level, this means strong passwords, anti-virus and anti-spyware software, and a firewalled router with Wi-Fi Protected Access (WPA) security if it is wireless.

General Recommendations

Think Security

Whenever using mobile data, always keep in mind the question: “What could happen if an unauthorized person gained control of this information?”

Look for and try to use the most secure methods for handling data

Don’t be a target

Turn your system off when it is not in use. Your machine will be less of a target for break-in attempts, and less valuable as a 'robot' machine in a cracker's collection of compromised hosts.

Get training – understand your equipment

Read the instructions. New electronic devices have more features, which mean that you will have more of a “learning curve” to be able to understand and use these items properly.  Default settings are often the least secure for devices, and everyone who has the same device will have the same default settings.  Read the manuals that come with your items and be sure you understand the settings and how to change the default settings, especially anything related to security.

http://security.uwo.ca/
http://isc.sans.org/

Don’t knowingly expose yourself to security threats

ITS strongly recommends you do not install Peer-to-Peer (P2P) file sharing software on your computers.  Some Examples of P2P software are: LimeWire, Ares, Azureus, BearShare, BitTorrent, DC ++, , eDonkey, E-mule, Gnutella, Kazaa, Morpheus, and WinMX.  P2P technology can undermine network security and can leave computing devices open to threats ranging from violations of intellectual property laws (copyright), viruses, malware (malicious software) that is undetected by antivirus protection, password and data theft, to Denial of Service (DoS) attacks that flood the network with data and incapacitate computers.  Many P2P programs install Trojans, backdoors and other privacy compromising software onto systems they are installed on. Besides the obvious copyright violations that can occur with audio/video sharing, you may be sharing personal information such as your e-mail password or bank account PIN number.

http://security.uwo.ca/
http://security.uwo.ca/homecomputer.html
http://www.microsoft.com/security/default.mspx
http://www.microsoft.com/athome/security/default.mspx
http://www.trendmicro.com/en/security/general/guide/overview.htm
http://www.trendmicro.com/vinfo/default.asp?sect=SA
http://www.softforyou.com/articles_tutorials/peer_to_peer_networks.html

Sensitive Data

To ensure that you do not run the risk of unauthorized individuals gaining access to sensitive University information on your home computer, do not download UWO confidential or proprietary information onto your home computer.  Ask yourself “Is it really necessary that I carry a copy of this sensitive information?”

If the answer is no, then do not copy the information.  If it is mandatory that you have access to sensitive information, some basic steps need to be taken to ensure that the information is maintained with the highest integrity.

Passwords

Follow the UWO guidelines for passwords including the Administrator password on your home system. These guidelines can be found at:
http://security.uwo.ca/mainpass.html
and should be used for all accounts on your home computer.

Use safe / secure passwords

Make use of passwords that lock your system before the Operating System can start (BIOS Passwords).

Enable the password locking feature of the screensaver.

Passwords alone should not be your only defense.  Always try to use as many security methods as possible; including encryption of data (see Encryption below).

Do not reuse passwords

Do not use the same password for everything that you need a password for.  Do not use your work password for your personal banking password, etc.

http://security.uwo.ca/mainpass.html
http://www.uwo.ca/its/doc/hdi/unix/a8-passwd.html
http://www.microsoft.com/athome/security/privacy/password.mspx
http://www.microsoft.com/athome/security/privacy/password_checker.mspx

Use a Firewall, either hardware or software

A firewall can either be software based or hardware based.  A software based firewall is a complex but inexpensive program that filters information going both into and out of the computer.

A hardware firewall is a physical device that sits between your computer(s) and your computer network.  It also filters the information going in and out of your computer.  These are useful if there is more than one computer on your home network.

Use of a firewall is strongly recommended.  It will effectively defend a computer from many of the most pervasive and dangerous network attacks:  An intruder will have a much harder time getting into your system if a firewall is installed, configured properly and running.  Know what/who your home system is talking to and why.

Currently there are numerous software and hardware firewall products on the market; both are usually easy to deploy. You will need to follow the manufacturer's instructions for safe and secure configurations.

Do not say “yes” to every question asked by the firewall software.  This will defeat the entire purpose of the firewall software.  Be prudent in your choices, and know how to fix / use your firewall software so that you can correct any errors if you make the rules too tight or loose.

PC-Cillin Antivirus software has firewall capabilities and is available from the Campus Computer Store at a special UWO rate. Windows XP comes with the Internet Connection Firewall. Instructions for setup can be found on the Microsoft site. Use of a properly configured firewall is highly recommended.

http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
http://www.homenethelp.com/web/explain/about-firewalls.asp
http://whatis.techtarget.com/definition/0,289893,sid9_gci212125,00.html
http://www.firewallguide.com/

Keep up to date with patches and updates

Keep the patches up to date.  Most vendors provide simple notification and update procedures (e.g. Microsoft Windows Update and Trend’s PC-Cillin software).

Check for patches for brand new software and equipment.  New items often have undiscovered software issues, until they are released to the public.  Even if you just bought brand new software or a brand new device, check for updates.

Microsoft Windows Update service will scan a computer and provide the user with a selection of updates tailored just for their environment. This service is located on the start button of your computer and is available for the W2K, XP, Win98 and WinME operating systems. It is recommended that you upgrade to a current operating system to be able to take advantage of current services and current security patches. Mac users should run Software Updater on a regular basis.

http://update.microsoft.com/
http://www.trendmicro.com/download/pattern.asp
http://www.cert.org/security-improvement/practices/p067.html

Antivirus Software

You should install Antivirus software such as PC-Cillin which is available from the Campus Computer Store at a special UWO rate.  For MacOSX, ITS recommends purchasing an antivirus product such as Norton Antivirus.

Scan periodically for viruses / Spy Ware / Trojans, etc.

Periodically run full system scans to check for all of the above.  If possible / necessary, use software that scans specifically for each of these types of threats.  Extend the full scan to the contents of your mobile devices as well i.e. Run a full scan on everything on your USB, or all drives of your laptop or desk top computer.

Occasionally make use of the free web based scanning programs offered by the major Anti-Virus vendors.  These full scans offer a “second opinion” about the health and safety of your computer.

http://www.trendmicro.com/en/security/general/virus/overview.htm
http://housecall.trendmicro.com/
http://www.trendmicro.com/spyware-scan/
http://www.trendmicro.com/vinfo/

E-mail

Do not open suspicious e-mails or e-mail for which you do not recognize the sender. Delete e-mail messages with attachments without opening them if received from an unfamiliar source. Even e-mails arriving with attachments from familiar sources may have been sent from infected systems, so you should confirm with the sender that the attachment was intentionally sent, before you open it.

http://www.microsoft.com/athome/security/email/default.mspx

Backup Important Files

Make frequent and necessary backups of data, in the event that data is lost.  Back up important data files regularly and archive more than one copy.  Have a Personal Disaster Recover Plan. 

http://www.microsoft.com/athome/security/update/howbackup.mspx
http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx

http://free-backup.info/why-do-i-need-to-backup-my-data.html

Securing your home wireless network connection

Secure your home wireless network to prevent unauthorized use from outside people.

http://www.microsoft.com/windowsxp/using/networking/learnmore/ bowman_05february10.mspx
http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx

Harden your system

Find and use techniques to tighten the security of your system.  Base installations of Operating systems often have standard defaults that leave the system vulnerable.

Disable File and Print sharing

Having file and print sharing enabled on your home computer makes your system vulnerable to intruders. Often your Internet Service Provider recommends disabling file & print sharing.

http://support.microsoft.com/kb/q199346/

Security checking

Windows Live Safety Center is a new, free service designed to help ensure the health of your PC.  It checks for and removes viruses and spyware.  It also improves your PC's performance but finding and removing unnecessary files.  ITS recommends that you run the “Full Service Scan” provided by the Windows Live Safety Center service from Microsoft, found on this page:

http://safety.live.com

MS Baseline Security Analyzer

Another security checking tool is the Microsoft Baseline Security Analyzer (MBSA). This tool can be downloaded for free from Microsoft and includes a graphical and command line interface that can perform security scans of your system.

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
http://www.firewallguide.com/tighten.htm
http://www.lbl.gov/ITSD/Security/systems/wxp-security-checklist.html
http://www.us-cert.gov/reading_room/securing_browser/#how_to_secure
http://www.tom-cat.com/security.html

Accessing UWO from home

If you need to access UWO information from home, there are a number of security elements that are required.

Where possible, use the more secure methods to communicate to the UWO network, and to check your UWO E-mail.

You can securely access your UWO e-mail from any web browser via: http://mail.uwo.ca

You can also securely connect to the UWO e-mail server with your E-mail client, e.g., Outlook/Outlook Express, Thunderbird, Netscape Mail:
http://www.uwo.ca/its/doc/hdi/email/secure.html

If you need to access other information from your UWO locations you must use the Western ROAMs Virtual Private Network (VPN) to connect to the UWO network:

http://www.uwo.ca/its/doc/hdi/access/remoteaccess.html

Western provides the best student experience among Canada's leading research-intensive universities.