This document is intended as a set of security guidelines for students to follow, if they wish to connect their laptop computers to the University Network and have internet access from the GTC Network.
It is increasingly difficult to keep a computer connected to the Internet without it suffering some form of compromise or attack. Not only is this a problem for the user of that computer, but also for all the other users on that network, who may be attacked from this compromised system.
For this reason, Oxford University IT Services will block Internet access for PCs that they detect to have activity characteristic of viruses or malware. To regain Internet access, the IT Department at GTC must authorise re-instatement of the machine back onto the University network. This will only be done when the IT Manager is convinced that the machine has been cleared of the problem.
An important note to Mac users. With it's increased popularity, OSX will increasingly come under attack from all of the same sorts of sources as Windows machines. Apple released four times as many security fixes (critical, high, medium and low level) as Microsoft for thier operating systems in a given period last year - so in no way is OSX invulnerable http://www.securemac.com. Most of the advice given below is now relevant to OSX as well as Windows operating systems, so please take action to keep your machine, and bank details safe. In summary, you need, anti-virus software, a firewall, and must keep up to date with operating system and application patches to minimise security issues with your computer.
The University has a network security team - OxCERT which takes an active role in securing the Oxford University network. Information from them is published here: http://help.it.ox.ac.uk/network/security/indexand they run a blog on current threats and issues from here: http://blogs.it.ox.ac.uk/oxcert/feed/
Viruses, trojans, spyware and a vast range of other malware are a very real and regular part of the security issue facing us today. Most of this software is run and written to fund criminal activity. Your identity may be stolen, your bank details stolen or your computer used in attacks on other computers. Unpatched machines are very vulnerable to new attacks, so security updates are critical to reducing the risk of compromise. The zbot Spy-trojan (www.virus.fi/v-descs/trojan-spy_w32_zbot.shtml) is a common occurence within the university network, and once infected all passwods and bank details typed in will be captured. Zbot will even redirect you to fake versions of known websites, to capture further details and information. Advice on this particular trojan can be found here or from Microsoft. Drive by hijacks are increasingly common, and your computer can be infected just by visiting a compromised but legitimate website. Malware currently very prevalent often arrives as an email attachment, pretending to be an invoice or order often as a PDF. If you are not expecting the document, I would recommend you delete it as it is likely to be malware.
Phishing is another very common threat which you will see arriving often in your email mailbox. This is where you receive an email pretending to be from a bank, ebay, facebook, etc telling you you need to verify your account information or it will be closed, and inviting you to follow a weblink. Banks will never solicit your login information, and neither will the Central IT Services support team. We have a number of Oxford University-specific email phishing attacks, claiming to come from the Computing services helpdesk asking you to login to confirm your account details. Always be very wary of any request of this type, they will either try and capture your login details at a fake webpage, or re-direct you to a site that will automatically install malware on your computer. More information can be found here. Very recently members of the University have also received phone calls purportedly from central IT Services. These calls are a scam, please do not give out any information. IT Services will not make unsolicited calls. If you are unsure, ask for a nuber to call back on - this should be an Oxford number (01865) if genuine.
Fake Anti-virus messages are a common occurrence. If whilst browsing you get insistent 'Windows security' information warning you that you have 50 viruses and that you need to buy their software solution - Don't! This is a scam to take your money. You do have at least one virus - that doing the warnings. Bring the machine in to be cleaned. Macs have seen iworkservices as an equivalent fake anti-virus scam.
Social networking sites - Facebook, LinkedIn, MySpace, etc - are also potentially dangerous and need to be treated with caution. It is recommended that you don't put your correct birthday on, as this is a commonly used security identifier. Announcing it is your 22nd birthday will also give them an exact date of birth. Generally when creating online social networking accounts, use a ficticious mother's maiden name, in case this information is stolen. Be very wary of any requests for money, even if they come from a known and trusted friend's profile. Profile login details can be stolen, and individuals impersonated. Always confirm over the phone.
It is possible to infect your computer by just viewing other people's compromised profiles, if your computer is not securely patched.
Beware tiny urls - web addresses that have been shortened for convenience. Whilst convenient, you can't tell where the URL will take you, so do click these with caution. Firefox users can install a plug-in which allows you to view these by hovering the mouse (https://addons.mozilla.org/en-US/firefox/addon/126/)
Fake error messages are sent round on facebook, which encourages most of us to google for a solution. Unfortunately rogue elements do set up fake webpages with top google rankings, offering advice on how to solve the problem - whilst infecting your computer.
Be generally wary of links sent, attachments emailed, unknown profiles (which are readily faked) and follow the security steps below and you will be well prepared to deal with the threats on the internet. Share profile information only with your friends.Mac users are recommended to save passwords for social networking sites on their keychains, which make them more secure.
A sizable part of the security issue is the threat of Computer viruses. These often arrive as email attachments, but in older unpatched machines you don't even have to open the email to get infected. Viruses increasingly arrive through security holes in the Windows operating system, and the only way to prevent these attacks are by keeping Windows patched regularly up to date.
Prior to arriving at GTC your Windows-based personal computers (Macs recommended) will need to have current, updated anti-virus software. Ideally this will be from a major anti-virus vendor - Sophos, Symantec, McAfee, Microsoft (free security essentials), Panda, Trend Micro etc, but there is useful free anti-virus software availble from AVG, which can be found at: http://free.avg.com/us-en/223204
The University has a site licence for Sophos antivirus. You must register to use this software, but it is free.
Note: Sophos Antivirus when configured in this way will automatically update itself with the latest virus definition files
Whilst it is not obligatory to use Sophos Antivirus, some up-to-date antivirus software must be in place before network access will be granted. If you have a firewall installed, please read the notes below about enabling network browsing through a firewall, so that Sophos can be installed to automatically update. An active Sophos installation can be seen running as a blue shield in the system tray (bottom right corner of the screen). This runs continually and scans all files as they are opened. You will notice a slight reduction in performance with this running, but it is necessary to have this check in place. This shield will also notify you if antivirus updates have failed.
Remove clashing software
Many Antivirus software packages will run a continuous scan of all new files opened as you use the PC. It is essential that only one of these scans are running at any one time. A conflict between two scanners can make Windows run very slowly, so that it is effectively unusable. If you decide to install Sophos, please ensure you have stopped any other virus scanners from running in this way. The best way to do this is to uninstall the old Antivirus software.
This feature is built into Windows accessible from the control panel. This site will analyse your copy of Windows and determine what patches you require to be fully up-to-date. These patches are supplied in three categories:
As the name implies, this patches are critical to the safe function of Windows, and it is essential that these patches are applied asap.
There are also less pressing patches available. These are less urgent patches which fix minor system issues, or only apply to certain configurations. This also includes language packs. It is not necessary to install all of these, add the ones that seem necessary.
These are upgraded software drivers for the hardware in your computer, to improve hardware functionality and compliance. Add these at your discretion.
To run Windows Update :
Start - Control Panel - Windows Update and click the check for updates button
If you haven't run this before, there may be a large number of updates to install. Some of these need to be installed individually, so run windows update after each reboot until there are no more critical updates to install.
Microsoft has combined the two update tools - Windows update and Office update into a single tool, which should make the updating of both products more simple.
Mac users must regularly run the Mac update, to install the latest patches and security updates.
To get updates immediately, follow these steps:
- Choose System Preferences from the Apple Menu.
- Choose Software Update from the View menu.
- Click Update Now.
- Select the items you want to install, then click Install.
- Enter an Admin user name and password.
- After the update is complete, restart the computer if necessary.
More details can be found at www.apple.com/softwareupdate/.
It is required that you put in place personal firewall software to protect your PC /Mac from malicious attack. This works as a screen, preventing unrequested traffic from connecting to your PC, and is a very effective means of preventing compromise.
Windows 7 \ Vista \ XP is supplied with its own firewall, and is enabled by default. To check it is enabled, view the security centre that can be found in the control panel. You can easily enable the firewall from here. There is a useful guide about firewalls here : http://askthecomputertech.com/windows-firewall.html.
You may find that if you have purchased a security suite such as Norton Internet Security, that it will run its own firewall and disable the Windows firewall. This is fine, and it is inadvisable to run more than one firewall at once.
Switching on the Mac firewall
Macs come with a built in firewall that is very good, but is switched off by default. To switch this on on OS 10.6 :
1. From the Apple menu, select System Preferences... . When the System Preferences window appears, from the View menu, select Security.
2. Click the Firewall tab.
3. Click Start or Stop to enable or disable the firewall, respectively.
4. To configure the firewall, click Advanced... . In the sheet that appears, there are a number of options:
* For the strictest option, check Block all incoming connections.
* Check Automatically allow signed software to receive incoming connections to allow digitally signed applications access to your network without prompting.
* Click Enable stealth mode to have your computer ignore pings and similar software that attempts to discover your computer.
* Use the plus and minus buttons to add and remove applications from the firewall. When added, you can either allow or block traffic to them.
5. Click OK to save your settings.
Further guides for configuring the Mac firewall can be found here : http://kb.iu.edu/data/aozg.html
Installing a firewall means that your PC will no longer respond to certain network traffic initiated from outside your PC. Any network applicatons may be affected. You need to be aware that as well as blocking unwanted traffic, some other traffic is blocked as well.
It is VERY important that you set up a password on your computer.
By default most computers will be provided without a login or password required for access, and will usually grant full administrator access to you to all files and folders. This situation makes it much easier for hackers to gain access to your Computer will full access, and could then install software to record your keystrokes (passwords, credit card infomation), view your personal files, and even control the computer remotely.
Please create stong passwords ie. containing 8 characters or more, a mix of letters (ideally both uppercase and lowercase), numbers and symbols (!?$%^&*), and don't base it on a dictionary word. A strong password example is something like : C0l1eg!. This will make it much harder to hack. Password length is one of the biggest factors in making it secure.
Windows 7 / Vista - From the control panel, open User Accounts. Add a new user account, and set it up as a standard user. Set the password using the set password button. To set a password for the account you are currently logged in with, press Ctrl-Alt-Del and click the change password button. Make a note of the Administrator password and keep it safe, as this will be essential to perform system restores. To gain better access to managing user accounts, right click on 'My Computer' and select 'manage'. Double click on 'Local Users and Groups', and select the 'Users' folder in the left hand pane. Right click on a user and select 'set password' to set a password for that user.
It is essential to make a note of any administrator passwords, as these may be essential to fix any problems you may have in the future.
You will most likely have multiple email accounts, each with a username and password. It is important not to share usernames and especially passwords between these systems wherever possible. Should one account be compromised, this could easily affect the security all your other accounts. Large numbers of internet based email accounts have their usernames and passwords compromised over time, even Google and Microsoft have their systems hacked.
MBSA is a tool developed by Microsoft to scan a Windows machine and look for security weaknesses that need to be addressed. It is effectively a security audit for your PC, and should point out to you areas that need to be addressed.
You can download this software from http://technet.microsoft.com/en-us/security/cc184924.aspx, and you will then need to install it. Once installed, run this from the programs menu. Accept the default scan settings, to scan your own machine. The scan will return results on the state of Windows security patches, Office security patches, passwords on local user accounts, as well as other secuirty information.
Please take note of the security issues found, and action reasonable steps to improve security.
Adware and Spyware are two types of software which can get installed on your computer without your knowledge, and whose activities intrude into your use of the computer and also your privacy. Please read the relevant OUCS pages to find out ways to minimise these threats.
I recommend three of the anti-malware packages listed below. Please do install, update and then full scan with both:
It is sometimes also very useful to run multiple antivirus scans from different vendors, to increase the chances for finding malware. A good way to do this, is to use on-line scanning tools, which don't require the installation of a full antivirus product. Two recommended tools are:
This issue has been addressed in Windows Vista and Windows 7 using the rather irritating user access control (UAC) prompts every time you want to change some settings / install some software. From a security point of view, this is a vital part of keeping your system safe. It is disturbingly easy to install malware just by visiting a web page, without ever being aware you've done it. Vista will prompt you to ask if you want to install the malware - so at least gives you a chance to not install it. On XP it will happen in the background, with you completely unaware, and anti-virus solutions only pick up roughly 33% of these type of attacks.
A way to reduce this risk on Windows systems is to create an additional user account on your system with ordinary user rights, and use this on a day-to-day basis. If you need to install software, you'll need to log out, log in with your user which has full administrative rights, and then install the software. A little more time consuming, but a very good habit to be in. Please speak to IT Support if you need help in setting this up. Users can be created within the users section of the control panel. It is good security practice to do this for any operating system you are running (including Mac OSX), as it makes it that much harder to accidentally install malware
Do not download or install any illegal hacked or cracked software. This is illegal. Additionally, you are inviting a significant secuirity risk. Many cracked versions of software come with additional malware, so you are likely to be installing trojans, rootkits, and keyloggers as well as the intended software. This is one of the more prevalent methods that are used for attacking Macs.
Additional security issues are caused by security holes in software we run daily. So out-of-date versions of Adobe Acrobat, Media Players, Flash, Java, etc can all open up vulnerabilities in your computer to all malicious users to run their own programs on your computers. So applications also need to be regularly updated especially web browsers (internet explorer, firefox, safari etc), as a major attack target.
A very useful tool for doing this is to use a program called filehippo. This checks the installed software on your computer, and then lists all the programs which need updating, and links to the files required. I would recommend installing this from www.filehippo.com following the link for the free update checker.