- Use a password on all accounts; don't ever leave a password blank.
- Set a strong password on all accounts.
Use strong passwords for all accounts on your computer. Any compromised account can be exploited. This is especially true for administrative accounts. The more privileges an account has, the more important it is to protect that account with strong passwords.
We consider a "strong" password to be one which meets the following criteria:
- On Windows computers, there will be a standard administrative account called "Administrator."
- On Mac OS X, there is one account named "System Administrator" (also known as "root") which is disabled out-of-the-box, and should remain disabled for security reasons. There will also be one or more accounts with administrator-level privileges, but they do not necessarily have a preset name. You should be able to do any necessary administrative tasks with an administrator-level account without enabling the root account.
- Is at least eight characters in length. The longer the password, the better.
- Is not a word found in a common English dictionary.
- Is not easy to guess based on publicly-available personal characteristics, like your birthday or on-campus phone extension.
- Is not obvious (for example, the word "password", or a user name, or the letters "qwerty" or any other simple and obvious combination of keystrokes is a poor choice.)
- Contains at least one digit.
- Contains a mixture of upper and lowercase characters.
- Turn off the computer when it's not in use, especially overnight.
Turn your machine off when you are done using it for a period of time. Many computer intrusions are performed at night, when the operator of the machine is not present and not able to determine that anything is happening. Machines that are left running and connected to the network continuously are therefore more vulnerable to intrusion than machines, which are turned off when they are not in use. Contrary to what you may have heard, it will not hurt a computer to turn it on and off daily, as long as you shut it down properly. Even several on/off cycles per day are well within the operational tolerance of most desktop computers or low-end servers. As an added bonus, you will be saving energy.NOTE: Mac OS X computers perform system maintenance overnight. If you leave the computer powered off overnight, you should remember to run these daily, weekly, and monthly system tasks on a periodic basis.
- Use a locking, password-protected screen saver or log out of the computer when you're away from your desk.
Windows and Mac OS X computers feature this capability in their built-in screen saver utilities.
- Install anti-virus software and keep it up to date.
For Windows and Mac OS computers, you can optionally automate the update process, and we recommend doing so – see our anti-virus software instructions.
- Be prepared with recovery discs and backups.
For Windows systems, make an Emergency Repair Disk (ERD) and update it monthly. For Mac OS systems, consider using Time Machine to backup your system and data. Back up your critical data to a safe, secure, reliable location – and make sure you have at least two copies of your most important work, preferably spread across different media and stored in separate locations.
- Keep the operating system up-to-date, especially for security patches and critical updates.
- For Windows computers, configure your Automatic Updates to run regularly.
- For Mac OS computers, you should use the Software Update control panel or Software Update system preference pane on a regular schedule.
- Do not install software you will not actually use. Install software from trusted sources only, as installer programs can have free rein over your computer.
Avoid installing software from untrusted sources, and be especially careful with any software that asks for your administrator account username and password as you are installing it – this can give the installer elevated control of your computer. If you have stopped using certain software, uninstall it. (As an added bonus, you will gain memory and disk space in your computer).
- Do not share files that are on your local hard disk, especially to guests.
Be particularly wary of providing write access or "drop box" functions on your computer if you turn file sharing on.
- Use RIT's Virtual Private Network (VPN) service to encrypt your communications whenever you are using unsecure networks such as:
- any and all wireless networks (assume you cannot trust them)
- an off-campus dial-in ISP
- an always-on broadband connection at home, such as Time Warner Road Runner or Frontier LightningLink
- a conference or hotel network.
- Audit the security of your computer (or have a knowledgeable person or system administrator help you), so you are familiar with other steps you can take to protect it.
For example, take a look at our Mac OS X security audit for ideas.