- Use a password on all accounts; don't ever leave a password blank.
- Set a strong password on all accounts. Use strong passwords for all accounts on your computer. Any compromised account can be exploited. This is especially true for administrative accounts. The more privileges an account has, the more important it is to protect that account with strong passwords.
- On Windows computers, there will be a standard administrative account called "Administrator."
- On Mac OS X, there is one account named "System Administrator" (also known as "root") which is disabled out-of-the-box, and should remain disabled for security reasons. There will also be one or more accounts with administrator-level privileges, but they do not necessarily have a preset name. You should be able to do any necessary administrative tasks with an administrator-level account without enabling the root account.
We consider a "strong" password to be one which meets the following criteria:
- Is at least eight characters in length. The longer the password, the better.
Note: Mac OS X through version 10.2 does not fully support long passwords; Mac OS X 10.3 and later do.
- Is not a word found in a common English dictionary.
- Is not easy to guess based on publicly-available personal characteristics, like your birthday or on-campus phone extension.
- Is not obvious (for example the word "password", or a user name, or the letters "qwerty" or any other simple and obvious combination of keystrokes is a poor choice.
- Contains at least one digit.
- Contains a mixture of upper and lowercase characters.
- Turn off the computer when it's not in use, especially overnight. Turn your machine off when you are done using it for a period of time. Many computer intrusions are performed at night, when the operator of the machine is not present and not able to determine that anything is happening. Machines that are left running and connected to the network continuously are therefore more vulnerable to intrusion than machines, which are turned off when they are not in use. Contrary to what you may have heard, it will not hurt a computer to turn it on and off daily, as long as you shut it down properly. Even several on/off cycles per day are well within the operational tolerance of most desktop computers or low-end servers. As an added bonus, you will be saving energy.
Note: Mac OS X computers perform system maintenance overnight. If you leave the computer powered off overnight, you should remember to run these daily, weekly, and monthly system tasks on a periodic basis.
- Use a locking, password-protected screen saver or log out of the computer when you're away from your desk. Windows and Mac OS X computers feature this capability in their built-in screen saver utilities.
- Install anti-virus software and keep it up to date. For Windows and Mac OS 9 computers, you can optionally automate the update process, and we recommend doing so -- see our anti-virus software instructions. Our Mac OS X anti-virus software does not automate this yet, but will prompt you for updates each time it is run.
- Be prepared with recovery discs and backups. For Windows systems, make an Emergency Repair Disk (ERD) and update it monthly. For Mac OS 9 or X computers, keep your system software CD or DVD discs handy. Back up your critical data to a safe, secure, reliable location -- and make sure you have at least two copies of your most important work, preferably spread across different media and stored in separate locations.
- Keep the operating system up to date, especially for security patches and critical updates.
- For Windows computers, run Windows Update on a frequent basis; it can be automated to run as a Scheduled Tasks.
- For Mac OS 9 and Mac OS X computers, you should use the Software Update control panel or Software Update system preference pane on a regular schedule.
- Do not install software you will not actually use. Install software from trusted sources only, as installer programs can have free rein over your computer. In particular, do not install Microsoft Internet Information Server (IIS) on Microsoft Windows computers, unless you actually need to use it. Avoid installing software from untrusted sources, and be especially careful with any software that asks for your administrator account username and password as you are installing it -- this can give the installer total control of your computer. If you have stopped using certain software, uninstall it. (As an added bonus, you will gain memory and disk space in your computer).
- Do not share files that are on your local hard disk, especially to guests. Be particularly wary of providing write access or "drop box" functions on your computer if you need turn file sharing on. If you need to share files, contact the ITS Service Desk about using SAMBA or another server-based method.
- Use RIT's Virtual Private Network (VPN) service to secure your communications whenever you are using the RIT wireless network or any non-RIT network:
- any and all wireless networks (assume you cannot trust them)
- an off-campus dial-in ISP other than RIT DialIP
- an always-on broadband connection at home, such as Time Warner Road Runner or Frontier LightningLink
- a conference or hotel network.
- Audit the security of your computer (or have a knowledgeable person or system administrator help you), so you are familiar with other steps you can take to protect it. For example, take a look at our Mac OS X security audit for ideas.