Good Practices
One of the best ways to protect your information is to make sure that your computer is not vulnerable to attack from the outside. Here are some steps you can take for setting up and maintaining a secure system:
Software:
- Keep your computer patches up to date. An easy way to accomplish this is through the use of BigFix, which is available to everyone at Stanford at no cost. You can download the BigFix agent at: http://ess.stanford.edu.
- Install anti-virus and anti-spyware software and keep it up to date. System Center Endpoint Protection (SCEP) is available to everyone at Stanford at no cost; you can obtain a copy at http://ess.stanford.edu. Once you’ve installed SCEP, the system is already set to automatically update once a day (this is known as virus definition update) so that you have the most current information to combat malware.
Note: Stanford is using SCEP now instead of Sophos. If you were running Sophos, you will need to manually download the SCEP installer, which will both install SCEP and uninstall Sophos.
- Remove all services from your computer that you do not need. Some network services, like FileSharing, aren't necessary for most purposes and will leave your computer vulnerable. Stanford Secure Computing provides links to checklists for securing your system.
Securing Public-Access Computers:
In addition to the above security practices, Stanford University would like to recommend an extra step for public-access computers, including public computer kiosks, and computers in classrooms, labs, and libraries. We recommend installing a product called Deep Freeze.
When Deep Freeze is installed, every time that computer is restarted, the system boots up with a "pristine system.” All system changes, software installations, and saved files are permanently deleted after each restart. All systems are configured to restart automatically once a day, and also after a set specified amount of idle time.
Using Deep Freeze makes it possible for IT Support groups to grant students unrestricted access to university-owned computers in classroom and research areas, while at the same time making sure that any changes made to those systems through regular use (such as configuration changes, accidental installation of spyware and viruses, installation of unauthorized software, etc.) do not accumulate and render the machine unusable. It also erases all traces of the previous user, reducing the likelihood that personal information will remain on the machine where it can be viewed by other users.
The most important fact to remember about this software is that users are unable to store files on the local hard disk of those computers, so any files that need saving should be saved in other ways (encrypted external drive, Stanford Medicine Box, etc.).
Emailing and sending information:
- Don't click on links in suspicious email. Check the IRT blog for known phishing scams and other fraudulent emails, or report a suspicious email to irt-security@lists.
- Use the Stanford secure email service if you must send emails discussing High or Moderate Risk information: http://secureemail.stanford.edu. (For help and more info, visit the secure email help page.)
- Use MedSecureSend (MSS) if you need to securely send large files: http://mss.stanford.edu. (For help and tutorials, visit our MSS help page.)
- Handle High, Moderate, and Low-Risk Information according to Stanford policy and the Admin Guide. For more information, visit Stanford Secure Computing: http://securecomputing.stanford.edu.
Everyday, Common-Sense Security Habits:
- Do not share SUNetIDs and passwords—not even with your colleagues; not even with tech support.
- Don't give out personal information on the phone, through the mail, or over the Internet unless you are sure who you are dealing with.
- Use strong passwords for all your accounts.
- Lock your computer screen whenever you leave your cubicle or office:
- • Windows - CTRL+ALT+DEL, Enter or Window+L
- • Macs - use a hot corner to lock or initiate the screen saver
- Never leave sensitive hardcopy material exposed; make a habit of turning documents facedown, and put unnecessary documents away.
- Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.
- Shred financial documents and papers with personal information before you discard them.
- Ensure your environment is physically secure. Keep doors and windows closed/locked; don't leave devices or disks lying around; keep your eyes open.
- Back up your computer EVERY DAY.
QUESTIONS?
If you are unsure about what you need to do, contact the IRT Service Desk at 5-8000 and the folks there will walk you through these and other steps for securing your computer.