- Consult your system support personnel if you work from
home
If you use your broadband access to connect to your
employer's network via a Virtual Private Network (VPN) or
other means, your employer may have policies or procedures
relating to the security of your home network. Be sure to
consult with your employer's support personnel, as
appropriate, before following any of the steps outlined in
this document.
- Use virus protection software
The CERT/CC recommends
the use of anti-virus software on all Internet-connected
computers. Be sure to keep your anti-virus software
up-to-date. Many anti-virus packages support automatic
updates of virus definitions. We recommend the use of these
automatic updates when available.
- Use a firewall
We strongly recommend the use of some
type of firewall product, such as a network appliance or a
personal firewall software package. Intruders are constantly
scanning home user systems for known vulnerabilities.
Network firewalls (whether software or hardware-based) can
provide some degree of protection against these attacks.
However, no firewall can detect or stop all attacks, so it’s
not sufficient to install a firewall and then ignore all
other security measures.
- Don't open unknown email attachments
Before opening
any email attachments, be sure you know the source of the
attachment. It is not enough that the mail originated from
an address you recognize. The Melissa virus spread precisely
because it originated from a familiar address. Malicious
code might be distributed in amusing or enticing programs.
If you must open an attachment before you can verify the
source, we suggest the following procedure:
- be sure your virus definitions are up-to-date
- save the file to your hard disk
- scan the file using your antivirus software
- open the file
For additional protection, you can disconnect your
computer's network connection before opening the file.
Following these steps will reduce, but not wholly
eliminate, the chance that any malicious code contained in
the attachment might spread from your computer to others.
- Don't run programs of unknown origin
Never run a
program unless you know it to be authored by a person or
company that you trust. Also, don't send programs of unknown
origin to your friends or coworkers simply because they are
amusing -- they might contain a Trojan horse program.
- Disable hidden filename extensions
Windows operating
systems contain an option to "Hide file extensions for known
file types". The option is enabled by default, but you can
disable this option in order to have file extensions
displayed by Windows. After disabling this option, there are
still some file extensions that, by default, will continue
to remain hidden.
There is a registry value which, if set, will cause
Windows to hide certain file extensions regardless of user
configuration choices elsewhere in the operating system. The
"NeverShowExt" registry value is used to hide the extensions
for basic Windows file types. For example, the ".LNK"
extension associated with Windows shortcuts remains hidden
even after a user has turned off the option to hide
extensions.
- Keep all applications, including your operating system,
patched
Vendors will usually release patches for their
software when a vulnerability has been discovered. Most
product documentation offers a method to get updates and
patches. You should be able to obtain updates from the
vendor's web site. Read the manuals or browse the vendor's
web site for more information.
Some applications will automatically check for available
updates, and many vendors offer automatic notification of
updates via a mailing list. Look on your vendor's web site
for information about automatic notification. If no mailing
list or other automated notification mechanism is offered
you may need to check periodically for updates.
- Turn off your computer or disconnect from the network
when not in use
Turn off your computer or disconnect its
Ethernet interface when you are not using it. An intruder
cannot attack your computer if it is powered off or
otherwise completely disconnected from the network.
- Disable Java, JavaScript, and ActiveX if possible
Be
aware of the risks involved in the use of "mobile code" such
as ActiveX, Java, and JavaScript. A malicious web developer
may attach a script to something sent to a web site, such as
a URL, an element in a form, or a database inquiry. Later,
when the web site responds to you, the malicious script is
transferred to your browser.
The most significant impact of this vulnerability can be
avoided by disabling all scripting languages. Turning off
these options will keep you from being vulnerable to
malicious scripts. However, it will limit the interaction
you can have with some web sites.
Many legitimate sites use scripts running within the
browser to add useful features. Disabling scripting may
degrade the functionality of these sites.
- Disable scripting features in email programs
Because many email programs use the same code as web
browsers to display HTML, vulnerabilities that affect
ActiveX, Java, and JavaScript are often applicable to email
as well as web pages. Therefore, in addition to disabling
scripting features in web browsers, we recommend that users
also disable these features in their email programs.
- Make regular backups of critical data
Keep a copy of
important files on removable media such as ZIP disks or
recordable CD-ROM disks (CD-R or CD-RW disks). Use software
backup tools if available, and store the backup disks
somewhere away from the computer.
- Make a boot disk in case your computer is damaged or
compromised
To aid in recovering from a security breach or
hard disk failure, create a boot disk on a floppy disk which
will help when recovering a computer after such an event has
occurred. Remember, however, you must create this disk
before you have a security event.
