|
Recommendations
1.
Use the best personal firewall in the industry
We STRONGLY recommend the use of Zone
Alarm Pro for your personal firewall. Intruders are constantly scanning
home user systems for known vulnerabilities. Properly configured firewalls
(whether software or hardware-based) will provide a great deal of protection
against these attacks. But keep in mind that no firewall can detect or
stop all attacks, so it's not sufficient to install a firewall and then
ignore all other security measures.
2.
Use virus protection software
We HIGHLY recommend the use of anti-virus software on all Internet-connected
computers. Be sure to keep your anti-virus software up-to-date. Many anti-virus
packages support automatic updates of virus definitions. We recommend
the use of these automatic updates when available.
3.
Consult your system support personnel if you work from home
If you use your broadband access to connect to your employer's network
via a Virtual Private Network (VPN) or other means, your employer may
have policies or procedures relating to the security of your home network.
Be sure to consult with your employer's support personnel, as appropriate,
before following any of the steps outlined in this document.
4.
Don't open unknown email attachments
Before opening any email attachments, be sure you know the source of the
attachment. It is not enough that the mail originated from an address
you recognize. The Melissa virus spread precisely because it originated
from a familiar address. Malicious code might be distributed in amusing
or enticing programs.
If you
must open an attachment before you can verify the source, we suggest the
following procedure:
1. Be
sure your virus definitions are up-to-date.
2. Save the file to your hard disk.
3. Scan the file using your antivirus software.
4. Open the file.
For additional
protection, you can disconnect your computer's network connection before
opening the file. Following these steps will reduce, but not wholly eliminate,
the chance that any malicious code contained in the attachment might spread
from your computer to others.
5.
Don't run programs of unknown origin
Never run a program unless you know it to be authored by a person or company
that you trust. Also, don't send programs of unknown origin to your friends
or coworkers simply because they are amusing -- they might contain a Trojan
horse program.
6.
Disable hidden filename extensions
Windows operating systems contain an option to "Hide file extensions
for known file types". The option is enabled by default, but you
can disable this option in order to have file extensions displayed by
Windows. After disabling this option, there are still some file extensions
that, by default, will continue to remain hidden.
There
is a registry value which, if set, will cause Windows to hide certain
file extensions regardless of user configuration choices elsewhere in
the operating system. The "NeverShowExt" registry value is used
to hide the extensions for basic Windows file types. For example, the
".LNK" extension associated with Windows shortcuts remains hidden
even after a user has turned off the option to hide extensions.
Specific
instructions for disabling hidden file name extensions are given in http://www.cert.org/incident_notes/IN-2000-07.html
7.
Keep your applications and operating system patched
Vendors will usually release patches for their software when a vulnerability
has been discovered. Most product documentation offers a method to get
updates and patches. You should be able to obtain updates from the vendor's
web site. Read the manuals or browse the vendor's web site for more information.
Some
applications will automatically check for available updates, and many
vendors offer automatic notification of updates via a mailing list. Look
on your vendor's web site for information about automatic notification.
If no mailing list or other automated notification mechanism is offered
you may need to check periodically for updates.
See our
Patches and Updates page for more details.
8.
Turn off your computer or network connection when not in use
Turn off your computer or disconnect its Ethernet interface when you are
not using it. An intruder cannot attack your computer if it is powered
off or otherwise completely disconnected from the network.
9.
Disable Java, JavaScript, and ActiveX if possible
Be aware of the risks involved in the use of "mobile code" such
as ActiveX, Java, and JavaScript. A malicious web developer may attach
a script to something sent to a web site, such as a URL, an element in
a form, or a database inquiry. Later, when the web site responds to you,
the malicious script is transferred to your browser.
The most
significant impact of this vulnerability can be avoided by disabling all
scripting languages. Turning off these options will keep you from being
vulnerable to malicious scripts. However, it will limit the interaction
you can have with some web sites.
Many
legitimate sites use scripts running within the browser to add useful
features. Disabling scripting may degrade the functionality of these sites.
Detailed
instructions for disabling browser scripting languages are available in
http://www.cert.org/tech_tips/malicious_code_FAQ.html
More information on ActiveX security, including recommendations for users
who administer their own computers, is available in http://www.cert.org/archive/pdf/activeX_report.pdf
More information regarding the risks posed by malicious code in web links
can be found in CA-2000-02 Malicious HTML Tags Embedded in Client Web
Requests.
10.
Disable scripting features in email programs
Because many email programs use the same code as web browsers to display
HTML, vulnerabilities that affect ActiveX, Java, and JavaScript are often
applicable to email as well as web pages. Therefore, in addition to disabling
scripting features in web browsers, we recommend that users also disable
these features in their email programs.
11.
Make regular backups of critical data
Keep a copy of important files on removable media such as ZIP disks or
recordable CD-ROM disks (CD-R or CD-RW disks). Use software backup tools
if available, and store the backup disks somewhere away from the computer.
12.
Make a boot disk in case your computer is damaged or hacked
To aid in recovering from a security breach or hard disk failure, create
a boot disk on a floppy disk which will help when recovering a computer
after such an event has occurred. Remember, however, you must create this
disk before you have a security event.
|
