Computing Security Tips and Tools

Safe computer use is extremely important for your protection and the protection of other systems and users on the network. Unfortunately, for many persons, effectively implementing recommended security controls poses a real problem. Most software and operating systems are not securely configured by default, thus it can be a little overwhelming, even for the most practiced professional, to understand and properly implement myriad effective security controls across different systems, devices and programs. The combination of which makes for secure use, but all too often one or another control is overlooked, thus opening up a hole through which miscreants can then wreak havoc.

Here are some simple steps to secure your system:

Use a complex password
The weakest point in any security is usually the password. A password cracking program can attempt up to 350 billion guesses per second, and the number is increasing. Ideally, passwords should be at least 12 characters long, and include numbers and symbols. Another option is to use passphrases, or long sentences that are easier to remember than random characters. In addition, different passwords should be used for different purposes. For example, the password for a financial institution should be different from a password for email. An internet search for 'password generator' will lead to sites that assist with creating complex passwords. Here are some Password Security Tips.

Keep all programs and operating system updated
In addition to adding features, updates are essential because they patch security holes. When possible, software should be set to update automatically. Special attention must be paid to popular programs such as java and flash. Exploit writers focus on these in order to reach as many victims as possible.

Install antivirus
Antivirus software is designed to deal with modern malware including viruses, trojans, keyloggers, rootkits, and worms. There are many excellent, free choices available for download. Caltech affiliates can download commercial antivirus for free at http://software.caltech.edu/. More information on viruses

Install spyware remover
Spyware is another class of malicious software that needs to be mitigated. These programs will gather personal information and send to a third pary without the person's knowledge. There are many free and commercial options available for use.

Install/enable firewall
Software firewalls examine your computer's network traffic to determine if it should be allowed. They can often detect malicious activity when other safeguards fail. These must be used in conjunction with antivirus, not as a replacement. Some operating systems come packaged with a firewall installed and enabled. In addition, a router should be used to connect to the internet, instead of connecting directly to a modem.

Never open attachments from unknown sources
For most types of malware to propogate, a user needs to perform some action. Attackers will compose convincing emails to try to get a user to download a file or click on a link. If the sender of an email is unknown, assume that it is dangerous. General information about junk email, a.k.a. "SPAM" and tips for dealing with it.

Use a non-priviliged user for day to day work
Malicious software usually needs administrative prviliges to do its dirty work. These viruses will inherit the rights of the currently logged in user. An important method of protection is to use a non-priviliged user for day to day work, to limit the potential damage a virus can inflict. Only login as an adminsitrator when necessary. This site has detailed instructions for creating a non-priviliged user on Windows 7.

Sleep/Shutdown computer when not in use
In the age of broadband, internet connections are always on, leaving connected machines vulnerable to attack. In addition, malware that is already installed needs the machine to be running in order to operate. Computers should be shut down when not in use, or set to sleep during periods of inactivity.

Keep sensitive data off your computer Sensitive data should never be stored on a computer without encryption. This includes SSNs, credit card numbers, driver's license numbers, insurance information, and health information. This rule also applies to portable media.

File Sharing
Please be aware that MP3 and other media files can contain malicious content and are vectors for a myriad of malicious exploit injections.
Please also note that filesharing copyrighted materials of any kind without the copyright holder's permission is a violation of Caltech acceptable use policies. Please refer to the Institute's copyright tutorial for more details. Sharing of copyrighted material from Caltech's network will result in disciplinary action. Some copyright holders will demand monetary compensation for sharing their material.

Securing Network Communications

  • SSH - Used for encrypted interactive logins to remote systems, a secure replacement for telnet.
  • GPG/PGP - Used for email and file encryption to protect sensitive communications.
  • VPN - Used to securely connect to the campus network via a remote Internet location.

Below are some links to information compiled and presented in a format mainly aimed towards the casual computer user, those of us whose primary occupation, hobby, or interests are not related to computing. Of course the linked information is useful to computer experts and other knowledgeable persons as well.

US-CERT has excellent resources to help you secure your system and personal networks

OnGuard Online is another good resource where one can learn to implement recommended best safety and security practices. A few direct links are bullet-pointed below, but you are encouraged to peruse the entire site.