Computer Security is Everyone's Job
The SLAC computer security team needs everyone take an active part in protecting the lab from the type of attack that can wreak havoc at on computer systems, according to SLAC computer security specialist Marilyn Cariola. She offers a list of tips for computer use that can help keep individual computers—and by extension, the entire lab's systems—more secure.
Cariola's number one tip: Don't read e-mail or surf the Web while logged into a Windows computer with what is called "admin rights" or "admin privileges."
"I try not to run with admin rights unless I absolutely have to," she said. Admin rights give a user extended capabilities, for example, the ability to install software applications, and thus carry extra risks. Clicking on one forged link in what's called a "phishing" e-mail—an e-mail purporting to be from a trusted entity—can expose your computer to a piece of malware, malignant computer code that could take advantage of your admin privileges to install itself. From there, an attacker can use your computer to eventually gain access to and control some of the lab's most important computer systems.
Cariola recommended that if you currently have admin rights on Windows XP, don't request them when you upgrade to Windows 7.
Another tip: set your e-mail application to send and display e-mails as plain text instead of HTML.
"Plain text will show you the actual text behind embedded links," Cariola explained, making it easier to catch suspicious URLs. For example, plain text e-mail could reveal that what looks like a link to Amazon.com in HTML will take you somewhere entirely different.
"It's so easy to forge an e-mail address and even fake an IP address [the address that identifies the sender's computer]," Cariola said, that sometimes the scrutiny must be extended to the actual content of an e-mail. She gave examples. "Check the return address. Do you recognize where the e-mail is from? Check that the subject makes sense. One phishing e-mail was supposedly about employee benefits in April. Do you ever hear about benefits in April? Open enrollment is in the fall." As usual, if something appears too good to be true, it's not true.
Web surfing carries its own set of risks. Web pages purporting to give juicy details about recent events in the news are often used by attackers to deliver malicious code. Cariola also recommends staying away from the "three S's"—sports, shopping and sex—on your work computer. "Just remember," she said, "your computer at work may be referred to as your machine, but it's really government property."
One more tip: keep your computer up-to-date. That means not just installing the latest operating system patches and virus definitions, but also patching all applications. Your computer support person can help.
Cariola has a recommendation for protecting home networks, too. "Read Best Practices for Keeping Your Home Network Secure from the National Security Agency," a National Security Agency fact sheet, she said.
And—last but definitely not least—"If you have a SLAC laptop and you take it home, don't let your family members use it."
There is no silver bullet that will stop cyber attacks. "There is no single solution," Cariola said. "Anti-virus software can only go so far. And malware gets more sophisticated all the time."
In the cyber wars, the first line of defense is an alert, informed workforce.
For more information, please contact your desktop support person or computer security: email@example.com.
—Lori Ann White