Windows operating system is the most prevalent computer operating system interface on the campus and the world. As the most prevalent, it is therefore one of the most targeted operating systems on personal desktops. To protect windows computers, Microsoft releases "patches" to the operating system as vulnerabilities are discovered. These are discovered frequently; therefore patches must be installed on a regular schedule. To assist in this, Windows has made the operation of patching a system as easy as possible. The following lists ways to protect your PC through improved security. Once at the site, select your operating system type and follow the instructions.
MAC:The following paper at the SANS Institute details securityissues for MAC/Apple Users. http://www.sans.org/rr/papers/index.php?id=237

Unix (Allvariations):

For SunOS and Solaris systems, the patches are available at http://sunsolve.sun.com We recommend you install the "Recommended and Security Bug Patches."
For Irix systems, the patches are available at http://www.sgi.com/support/patch_intro.html Because the "FREE recommended/required patch sets" are only updated monthly, you should apply all patches listed under "FREE security patches" as they are released.
For AIX, download and install the patches from ftp://service.software.ibm.com/aix/efixes/security
For HP/UX systems, download and install the patches on their web site at http://us-support.external.hp.com:80/wpsl/bin/doc.pl/sid=6a9027c307bbde6244/screen=coreAboutService
For Linux systems, install the newest stable packages for your distribution.
Red Hat security updates
Debian security Alerts
Other Operating Systems: Check the web page of the company that makes the operating system or call them directly.

The University recommended antivirus solution for PC’s is Symantec antivirus. The software is free to students and can be
purchased for departmental and faculty/staff use via the web site http://www.olemiss.edu/virus/sitelicense/
Students can obtain the installation and configuration settings at the following link (http://www.olemiss.edu/helpdesk/installingnortonantivirus.pdf).
Faculty and Staff installation instructions are here. Once installed, Symantec antivirus should be configured for daily signature file updates and scans as per the following sections.

Signature File Update Configuration
Antivirus software utilizes a “signature file” that contains virus definitions to identify and remove virus infected files from your computer. To keep your computer virus free, this signature file must be updated frequently. The Office of Information Technology recommends that your antivirus software check for and, if available, update this file on a daily basis. The following instructions demonstrate how to configure Symantec Antivirus Corporate Edition for daily signature file updates.

Setup Daily Scans of Local Drives Configuration
To effectively use your antivirus software, it must scan your computer on a periodic basis for infected files. The Office of Information Technology recommends that you scan your computer on a daily basis. The following instructions demonstrate how to setup daily scan schedule.

Updated versions of software are released periodically as “bug fixes” or patches as flaws in the software are found. To ensure the most effective security for your PC it is a good idea to review and install these patches as they become available for any software installed on your PC. ALWAYS BACK UP YOUR DATA before any new software or updates are applied as it is possible the patches will not work with your combination of software and all its various releases. This way you can return to a previous known state in the event a patch disables other software. To obtain these patches you must return to the manufacturer of the software. For example: Windows maintains a WEB site for just the Office Suite of tools. http://office.microsoft.com/officeupdate
(Note: Use Microsoft Internet Explorer whenever you visit the Windows or Office update pages)

Most computer virus infections are transported via email as attachments. NEVER open an attachment without first verifying the sender actually intended to send the information as an attachment. The most common error that causes attachments to be opened is that the "attachment came from someone I know". There are a couple possibilities that could result in an attachment being sent from a person you know. First, if the person you know became infected, their computer could be sending out infected attachments without their knowledge. Second, it could be a forged "from" address. It is not uncommon for a virus on an infected computer to use entries in the infected PC’s address book and place these into the "from" field so they appear to come from someone other than the infected PC.

A firewall is a system that is designed to prevent unauthorized access of a computer from the network. Firewalls can be implemented in hardware, software, or both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks and personal computers that are connected to the Internet. The following links detail firewall solutions broken down by operating system type.

a. Windows XP
b. Windows 2000
c. Windows ME
d. Windows 95/98/NT
e.MAC – General Security Issues via SANS Web site

One of the most common techniques for obtaining unauthorized access to desktop PC’s is through existing user accounts and unnecessary services configured with the default parameters. In Windows 2000, XP, and other multi-tasking and multi-user operating systems various accounts and services are created when the system is initially installed. The following article lists several good tips to securing accounts and suggests services which can be disabled (http://www.windowsecurity.com/articles/Windows_XP_Your_Definitive_Lockdown_Guide.html). While this site is written around Windows XP, these principles can be applied to any multi-user, multi-tasking operating system.

User names and passwords are the method by which computer systems identify authorized personnel. The objective in creating a password is to make it as difficult as possible for someone to derive or “guess” thereby gaining access to a system. There are numerous methods a criminal might use to accomplish the task of obtaining a password. There are programs that apply dictionaries to the search, and then use common techniques such as looking for the user name and password set as the same word. Common character exchanges such as "0"(zero) as the letter “O”. Given that the average PC can execute programs that try passwords at the rate of millions per second, a bad password can be “derived” in a relatively short period of time. Applying good password techniques relegates the criminal to running “brute force” attacks which typically take longer to break. Longer is a key term, even good passwords can be derived given sufficient time and resources. This is the reasoning in changing even good passwords on a periodic basis and not re-using old passwords frequently. The following is an excerpt from the SANS Institute web site on passwords:

General Password Construction Guidelines

Poor, weak passwords have the following characteristics:
1. The password contains less than eight characters
2. The password is a word found in a dictionary (English or foreign)
3. The password is a common usage word such as:

• Names of family, pets, friends, co-workers, fantasy characters, etc.
  
• Computer terms and names, commands, sites, companies, hardware, software.
  
• The words “Ole Miss”, "olemiss", "um" or any derivation.
  
• Birthdays and other personal information such as addresses and phone numbers.
  
• Word or number patterns like "aaabbb", "qwerty", "zyxwvuts", "123321", etc.
  
• Any of the above spelled backwards.
  
• Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Strong passwords have the following characteristics:
1. Contain both upper and lower case characters (e.g., a-z, A-Z)
2. Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
3. Are at least eight alphanumeric characters long.
4. Are not a word in any language, slang, dialect, jargon, etc.
5. Are not based on personal information, names of family, etc.
6. Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
NOTE: Do not use either of these examples as passwords!

With the continuing increases in processing capabilities and available disk space desktop PC’s are maintaining more mission critical information important to end users, departments, and the University in general. Backup procedures have been around since the days of large mainframe computers. These same procedures are expected to be implemented in server/workstation environments. The area that is most commonly overlooked is the backup of desktop PC’s. Most campus users conduct their campus business via documents created on their local desktop PC and transmit correspondence via email. Given this, PC’s should be backed up with the same care and schedule as previously afforded to servers and mainframes. The thought that must always be considered, is that ANY data entered since the last backup is subject to be lost in the event of a drive failure. Another thing to consider is that you might be required to revert to a previous backup in the event of an electronic break in. If a criminal illegally gets in your computer, confidence in all your documents must be questioned; whether financial or personnel information. The CERT site has a good informational document on backups to read when developing backup procedures.