IT Security Home
IT Help Center
Computer Security at UD
UD Security Tool Chest
News & Alerts
Accessing UD Systems
Use a firewall
- The Internet is a dangerous place for your computer. If it's new or you haven't installed all applicable security patches,
your computer will load an Operating System that is out-of-date and vulnerable to compromise, infection, theft or destruction of data
and loss of privacy. Worms and malicious scanning software can exploit Operating System vulnerabilities the minute you plug into the network if you
are not using a firewall.
- Only one firewall should be active on a computer.
Windows XP users: Activate the Windows built-in firewall.
Windows 2000 users: See Microsoft's list of vendor firewalls for links to third-party firewall resources.
Use up-to-date Anti-Virus Software
- Only one virus protection package should be on a computer.
All computers on the UDel network must have the UD-configured version of McAfee installed.
Remove and Protect against Spyware
- Spyware can compromise your privacy, degrade your computer performance and interfere with the
successful installation of Windows Updates.
- Find out more:
Keep Current with your Computer's Security Patches
- Update Windows / Microsoft software and configure future automatic updating.
- Microsoft Update patches known security holes in your Windows operating system and in Microsoft software installed on your computer.
These updates MUST be applied to prevent your system from being compromised.
- Microsoft NEVER sends patches by e-mail.
Do not open e-mail attachments claiming to be Microsoft patches.
- Microsoft issues patches, along with explanatory Security Bulletins, on the second Tuesday of every month. Patches are also issued at
non-scheduled times to deal with immediate risks.
See www.microsoft.com/security for the latest info.
- See Step-by-Step instructions to update Microsoft software
and configure future updates to download automatically.
Application Critical Security Updates
Set up Desktop Security
- Use STRONG passwords
- In Windows XP and 2000 your login password protects access to local files on your computer as well as remote (networked) resources.
See password creation tips.
- Review additional password recommendations.
- How to set/change passwords in Windows XP and
- DON'T enable the Save Password option.
If you receive a dialog box asking if you would like the computer to remember the password, choose NO. Make it mandatory for
you or anyone else to enter a password to access your information.
- Password-protect your screensaver to lock
your computer after a specified time period of inactivity.
- Disable the Guest account: Windows XP
- To prevent other user accounts on a Windows XP computer from viewing your files or folders, see "Make your folders private"
in Windows Help.
- Configure Windows XP / 2000 to show hidden files/folders and all file extensions:
- Open the Windows Explorer program
- Choose Tools/ Folder Options/ View
- Check "Show hidden files and folders"
- Uncheck "Hide file extensions for known file types"
- Showing all file extensions can prevent harmful files frequently used by viruses and worms, (such as EXE, VBS, SHS, or PIF)
from masquerading as harmless text (TXT) or image (JPG) files.
- Review guidelines concerning the protection of Personal Non-Public Information (PNPI).
Use software tools to encrypt sensitve data stored on your computer.
- Disable unnecessary System services.
- Web browsers
- Internet Explorer:
- Reset browser security settings to default: Windows XP
- DON'T specify AutoComplete for Usernames and Passwords on forms.
- Internet Explorer allows certain information to be saved and used to automatically complete web forms. Although a convenience, it creates security problems if another person uses the computer.
- Go to Tools-Internet Options-Content-AutoComplete (under Personal Information).
- Do not check "Use AutoComplete for usernames/passwords on forms".
- If it was checked, click on Clear Forms and Clear Passwords.
- Clear Browser's cache after visiting secure sites. To safeguard information you have entered on a secure site,
clear the cache memory after completing the secure transaction.
- Be on guard when reading e-mail. Review Safe Practices.
- Do not save your password during desktop e-mail configuration. If you do, anyone with access to your computer
can bring up your e-mail.
- PINE e-mail: Exit by specifying "quit" to safeguard your account data.
Connect Securely to Other Systems
When logging into an e-mail account or
other application requiring username and password be sure to us encrypted
protocols - https, SSL/TLS or VPN to protect your access credentials from being disclosed to others. If it is transmitted in the clear, it can be stolen - resulting in identity theft. Wireless connections are especially vulnerable to this risk. What you do over a wireless connection is often transmitted "in the clear" and can be anonymously viewed by others with freely available tools.
- Terminal Sessions and File Transfers
Windows File Sharing
- Do not share your full drive or Windows directory.
- Block access of shared resources to everyone without a valid username/password.
- If you give "everyone" or "Guest" access to your shared files, then all Internet users will be able to share your
files when you are connected to the Internet.
Peer-to-Peer File-Sharing programs
Connecting to Campus Systems from Off-Campus
- Use VPN encryption software if you need to transmit confidential data while working off-campus. Using VPN will secure wireless and wireline connections to campus-based systems.
- If you are logging into a web page with a username and password, or confidential information is contained on a web page, be sure the connection is encrypted using "https" in the URL - secure http. (See example.)
Backup your files regularly