12 Steps Toward Securing
a Windows or Macintosh Desktop

1. Set good passwords
• Use strong passwords for all accounts on your computer, including the administrator account.
• Get tips for choosing strong passwords that cannot be easily guessed.
• Change your password immediately if you suspect someone else may have guessed it. In general, you should change passwords every 60 days.
• Your Cornell NetID password should be different from any other password you use.
2. Keep your software updated
• Computer software companies such as Microsoft and Symantec provide free security updates to protect against new threats. Without current software, your computer is almost sure to be infected or compromised.
• Operating systems and web browsers are preferred targets so it's especially important to keep them up to date.
• Configure your system to automatically run Windows Update or Mac OS's Software Update daily, or make sure you check for updates regularly.
3. Run anti-virus software
• Scan your computer for viruses on a regular basis. You can set your anti-virus software to do this automatically.
• Have your anti-virus software check for updates daily. Cornell distributes a version of Symantec AntiVirus that is set up to do this automatically.
• Install Symantec AntiVirus, available free to all members of the Cornell community.
• Update immediately when you find out that a new virus has been detected at Cornell. In Symantec Norton AntiVirus, run LiveUpdate.
4. Keep your system free of spyware
• If you are running Microsoft Windows, spyware, adware, and similar threats can slow down system performance or even cause it to crash. These programs may also gather valuable personal information from your computer.
• Read about preventing spyware and adware attacks and find out more about CIT-supported anti-spyware tools.
5. Approach e-mail attachments with care
• Many viruses are transmitted through e-mail, often as attachments. Read more...
• Never open an attachment unless you are sure who sent it and what it contains.
• Always use your antivirus software to scan an attachment for viruses before opening it. The easiest way to do this is to enable continuous scanning, which is called Auto-Protect in Symantec AntiVirus.
6. Beware of uncertain web links
• Malicious web sites try to infect your computer with a virus, install spyware, or download other programs without your knowledge. Some also try to trick you into divulging personal information for fraudulent purposes, known as "phishing."
• The links (URLs) to such sites are most commonly found in e-mail or IM messages.
• The best protection is to exercise good judgment about clicking on URLs.
• For additional protection, use these tips for securing your web browser.
7. Limit access to your computer
• If you don't need to give others access to programs and files on your system, turn sharing off.
  • File Sharing in Windows XP | Mac OS 8 or 9 | Mac OS X
• You should never have your system set up for anonymous/guest access.
  • Turning the guest account on or off in Windows XP
  • Any type of file can be posted on a web server (the CU People service provides free web space that can be used for this purpose); then you can send e-mail with a link to the file's location.
• Consider what other options are available. If you are in a Cornell department, there may be a local fileserver.
8. Run a personal firewall
• A firewall lets you decide what types of network traffic you do and don't want your system to accept, and it can alert you to possible intrusions.
• For Windows XP, Symantec Client Firewall now comes bundled with Symantec AntiVirus. This highly recommended package is distributed free to the Cornell community through Bear Access.
• Windows XP and Mac OS X both include integrated firewall software.
  • Windows XP: Using Windows Firewall
  • Windows XP: Configuring Windows XP Firewall for SideCar
  • Mac OS X Using a firewall to protect your computer
  • Mac OS X: Configuring the Mac OS X firewall for SideCar
9. Monitor your network usage
• Increased/unexplained network activity can be a sign of a compromise, and may lead to unwanted network usage charges.
• If there is an unusual spike in your network usage, you may receive an automated Net Alert message; you should immediately investigate the cause.
• Check your Network Usage Based Billing total daily (see instructions).
• You can also use Cornell Log to track your network usage.
10. Be cautious in using peer-to-peer file sharing software (KaZaA, for example)
• If you have used one of these programs even once, your computer is probably set up to distribute files, which can slow down your computer and network, increase your network usage bill, and get you in trouble for copyright violation.
• Learn enough about the program you are using to select which files are shared and limit the number of downloads from your computer. Better still, turn sharing off (closing the application window usually won't do it).
• Check logs regularly if available; it is best to actively monitor your system when it is set up to share files.
• A helpful link: Disabling Peer to Peer File Sharing from the University of Chicago
11. Turn your computer off when not in use if this will not interfere with automatically scheduled backups or updates (check first with your technical support staff)
• Your computer cannot be infected or invaded when it is not connected to the network.
• Especially on ResNet, consider shutting down when done for the day, unless you have an automated backup, upgrade or scan scheduled to run overnight.
• This is particularly important when you will be away from your system longer than a few days.
• If you haven't turned on your computer in a few days, be sure to check for updates for software and antivirus files (see steps 2 and 3 above) before you do anything else.
12. Subscribe to CIT Alerts
• CIT-Alert-L is an e-mail list used only to send announcements of critical nature to the campus community. It's your best resource for knowing about threats at Cornell.
• You can also check the status of networks and services on the network status web page.