SLAC Today logo

Increasing Security One Computer at a Time

Today, November 30th, is Computer Security Day. The SLAC Computer Security team is joining in on this day by explaining what you can do to help make SLAC computer use less risky.

The individual user is SLAC's greatest security asset. No matter how much you know about computer security, you can play a part in making computing safer here at the lab.

What Can You Do To Help at SLAC and at Home?
• Screen Locks: SLAC computers can be set to automatically lock whenever they're not in use for a few minutes. We encourage you to set up the automatic screen lock feature. (To view instructions for Windows XP, click here.) If you see someone's screen unlocked and they are not around then please remind them to either lock by hand or set up the automatic feature.

• Lower Your Privs: If you normally are logged into your computer with an account with administrator privileges, we suggest that you switch to using a non-privileged account except when installing software. Often times the security holes we inevitably have on our systems (which the bad guys try to exploit) will give intruders the same rights you currently have. By making yourself an unprivileged user most of the time, it really limits what the criminal can do if he or she does break in to your system.

• Spam: Don't ever respond to spammers or purchase any products they sell. These criminals are only doing this because they find people gullible enough to give away personal information via their phishing web sites or attempt to purchase the products they advertise.

• Safer E-mail: Only read and send plain text e-mail – this sets a good example for everyone with whom you correspond. HTML e-mail is used by spammers and phishers because it makes it easy to hide their true intentions. By not using HTML e-mail, we take away a lot of their power over us. Also, HTML e-mail is more than twice the size of plain text, so it makes your mailbox size grow that much faster! (To subscribe to the text only version of SLAC Today, click here.) Also, please don't forward e-mail chain letters. This is a waste of everyone's time and resources.

• Greeting Cards: Don't send or open greeting cards while on the SLAC network and use extreme caution at home. During the Holidays, these are used by virus generating programs. You need to be a lot more careful this time of year.

• Anti-Virus and Anti-Spyware: You have both, right? At SLAC, Symantec includes both anti-virus and anti-spyware for the SLAC maintained Windows desktops, but at home or on the self-maintained systems you need to be sure you have software installed to protect your computer. The software needs to be installed correctly and it needs to automatically download and incorporate the new anti-virus and anti-spyware definitions at fairly frequent intervals.

• Patching: Keep those home computers and laptops patched. Remind your family and friends to do the same. This becomes very easy to do if you enable auto-patching where possible on your computers. Also, just remove any software you aren't using. If it isn't installed then you don't have to patch it.

• Wireless: Make sure your home wireless system is using at least WPA level security. If you don't have the knowledge to make these changes you can usually find a techy in your group of family or friends who can help.

• Passwords: Use different passwords for different types of access. It is hard to remember all those passwords. An often used method is to have different levels of passwords for different levels of accounts. Use the same fairly easy password for those accounts which don't need a lot of security (newsgroup access, instant messaging, etc.). Use a harder one for the medium level accounts, and for the most critical of your accounts (banking, privileged SLAC accounts, etc.), use a very secure password. SLAC's password page has some suggestions for picking good passwords.

• Storing Passwords: Don't let your browser "remember" passwords for you. It is just putting them into a file on disk and if someone gets into your computer, they know where to find them.

• Surfing and Downloading: Watch where you surf the web using a SLAC computer. Stay to the business sites and don't download music or movies on to SLAC computers or computers connected to the SLAC network.

• Beware the Curious Outsider: Please be cognizant to the fact that the inquiring person on the other end of the phone or the one sending you e-mails asking questions about SLAC or your job could just be digging for information for their own nefarious purposes.

• "Free"... isn't: One last thing: keep in mind that the "free" USB thumb-drive, or the "free" CD or DVD you get in the mail or are handed in person could be holding a trojan virus which will open a door to outsiders to get into your computer. Please don't put anything into your computer unless you are sure it is harmless. The truth is, most of us just don't know for sure and we should not put these devices in our computers at all. Just say "no thanks" or throw that freebee away.

Share Your Knowledge with Others
These are just a few ideas. Many of you have some great ideas of your own and we encourage you to share them with your co-workers and friends. Help others around you with the knowledge you have, whatever that may be.

If you see something happening you don't think is right please speak up. Either let the person know or contact the Computer Security team at security@slac.stanford.edu.

—the SLAC Computer Security Team
    SLAC Today, November 30, 2006