• The Internet is a dangerous place for your computer. If it's new or you haven't installed all applicable security patches, your computer will load an Operating System that is out-of-date and vulnerable to compromise, infection, theft or destruction of data and loss of privacy. Worms and malicious scanning software can exploit Operating System vulnerabilities the minute you plug into the network if you are not using a firewall.
   
• Only one firewall should be active on a computer.
  Windows XP users:  Activate the Windows built-in firewall.
  Windows 2000 users:   See Microsoft's list of vendor firewalls for links to third-party firewall resources.

• Only one virus protection package should be on a computer.
  All computers on the UDel network must have the UD-configured version of McAfee installed.
   
  • Remove any virus and security software - These can cause system conflicts with McAfee.
  • Run Disk Cleanup to delete temporary files.
  • Install UD McAfee.
  • Scan for viruses. The scanning process will clean or delete any infected files.

• Spyware can compromise your privacy, degrade your computer performance and interfere with the successful installation of Windows Updates.
• Find out more:
  • What is Spyware?    (Watch the Video)
  • Removing Spyware.
  • Preventing Spyware

1. Update Windows / Microsoft software and configure future automatic updating.
   • Microsoft Update patches known security holes in your Windows operating system and in Microsoft software installed on your computer. These updates MUST be applied to prevent your system from being compromised.
   • Microsoft NEVER sends patches by e-mail. Do not open e-mail attachments claiming to be Microsoft patches.
   • Microsoft issues patches, along with explanatory Security Bulletins, on the second Tuesday of every month. Patches are also issued at non-scheduled times to deal with immediate risks. See www.microsoft.com/security for the latest info.
   • See Step-by-Step instructions to update Microsoft software and configure future updates to download automatically.
      
2. Application Critical Security Updates

   UD-supported software	See UDeploy software distribution. For the Firefox browser, see How to Update to New Versions (and patches) of Firefox browser.
   RealPlayer	See www.udel.edu/stream.
   Apple's QuickTime multimedia player	Apple's QuickTime software is used to play or view any video, audio, VR, or graphics file compatible with QuickTime. Once a month, start the QuickTime Player program and go to Help-Update Existing Software... If software updates are found, follow the prompts to get the latest version.

   
   
   

1. Use STRONG passwords
   • In Windows XP and 2000 your login password protects access to local files on your computer as well as remote (networked) resources. See password creation tips.
   • Review additional password recommendations.
   • How to set/change passwords in Windows XP and Windows 2000.
   • DON'T enable the Save Password option. If you receive a dialog box asking if you would like the computer to remember the password, choose NO. Make it mandatory for you or anyone else to enter a password to access your information.
   • Password-protect your screensaver to lock your computer after a specified time period of inactivity.
      
2. Disable the Guest account: Windows XP   Windows 2000.
    
3. To prevent other user accounts on a Windows XP computer from viewing your files or folders, see "Make your folders private" in Windows Help.
    
4. Configure Windows XP / 2000 to show hidden files/folders and all file extensions:
   • Open the Windows Explorer program
   • Choose Tools/ Folder Options/ View
   • Check "Show hidden files and folders"
   • Uncheck "Hide file extensions for known file types"
   • Showing all file extensions can prevent harmful files frequently used by viruses and worms, (such as EXE, VBS, SHS, or PIF) from masquerading as harmless text (TXT) or image (JPG) files.
      
5. Review guidelines concerning the protection of Personal Non-Public Information (PNPI). Use software tools to encrypt sensitve data stored on your computer.
    
6. Disable unnecessary System services.
    
7. Web browsers
   • Firefox:
     • See How to Maintain the Security of Your Data.
     • Periodically check for critical updates to the Firefox browser.
   • Internet Explorer:
     • Reset browser security settings to default: Windows XP   Windows 2000.
     • DON'T specify AutoComplete for Usernames and Passwords on forms.
       • Internet Explorer allows certain information to be saved and used to automatically complete web forms. Although a convenience, it creates security problems if another person uses the computer.
       • Go to Tools-Internet Options-Content-AutoComplete (under Personal Information).
       • Do not check "Use AutoComplete for usernames/passwords on forms".
       • If it was checked, click on Clear Forms and Clear Passwords.
          
   • Clear Browser's cache after visiting secure sites.  To safeguard information you have entered on a secure site, clear the cache memory after completing the secure transaction.
8. E-mail
   • Be on guard when reading e-mail. Review Safe Practices.
   • Do not save your password during desktop e-mail configuration. If you do, anyone with access to your computer can bring up your e-mail.
   • PINE e-mail: Exit by specifying "quit" to safeguard your account data.
      

When logging into an e-mail account or other application requiring username and password be sure to us encrypted protocols - https, SSL/TLS or VPN to protect your access credentials from being disclosed to others. If it is transmitted in the clear, it can be stolen - resulting in identity theft. Wireless connections are especially vulnerable to this risk. What you do over a wireless connection is often transmitted "in the clear" and can be anonymously viewed by others with freely available tools.

1. Terminal Sessions and File Transfers
   • Use Secure Shell (SSH) and Secure File Transfer (SFT) software to securely connect or transfer files to/from UD central systems. These protocols will encrypt all session traffic - logon, password and all traffic moving between the systems.
      
2. Windows File Sharing
   • Do not share your full drive or Windows directory.
   • Block access of shared resources to everyone without a valid username/password.
   • If you give "everyone" or "Guest" access to your shared files, then all Internet users will be able to share your files when you are connected to the Internet.
      
3. Peer-to-Peer File-Sharing programs
   • Act responsibly - just delete P2P programs.
   • Be aware of the Risks and Responsibilities and review the program settings.
   • Violating Copyright is Illegal. Review the consequences.
      
4. Connecting to Campus Systems from Off-Campus
   • Use VPN encryption software if you need to transmit confidential data while working off-campus. Using VPN will secure wireless and wireline connections to campus-based systems.
      
5. Web Browsing
   • If you are logging into a web page with a username and password, or confidential information is contained on a web page, be sure the connection is encrypted using "https" in the URL - secure http. (See example.)
      
6. E-Mail Clients
   • Encryption Required for all UD E-mail Clients.

• A recent backup of important files and folders is a critical safety net for all computer users. See UD's How to Back Up Data from Hard Drive(s) to External Media.
• Microsoft's Backing up your computer files lists backup options and points to consider, along with specific instructions on using the built-in Windows XP Backup utility.
• If applicable, backup your Firefox profile folder or your Mozilla profile.
• See instructions for backing up encrypted Windows files.