|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
SLAC Safety and Security Briefing 2005 - Computer Security Notes
- Safer Electronic Communications
- Use Plain Text E-mail
- Why? The simple act of viewing an HTML e-mail can infect a Windows computer by exploiting known (or as yet unknown) vulnerabilities in the Operating System. You can also be sure everyone who receives your e-mail will be able to easily read it if it is formatted in plain text.
- Change Outlook to use plain text for sending and receiving e-mails. Instructions to change your e-mail client.
- Outlook users can easily switch the format back to original format (html or rtf) by right-clicking on the grey bar at top of message.
- Outlook will also automatically prevent the download of pictures but it is still possible to download them by right-clicking in the message where pictures are. Caution: downloading pictures can confirm to the sender that your e-mail address is valid.
- Don't Click on "Remove Me"
- Why? The "remove me" or "unsubscribe" links in spam are most often useless because the site they point at is non-existent. However, if clicking on them actually took you somewhere you might be risking getting your e-mail confirmed as valid (and you'd get more spam) or you might be executing a program. The program could be installing something on your computer or taking you to a website designed to get you to do unwise things.
- E-Cards = Bad News
- Why? You could be infecting your computer if you run/install ActiveX programs to read any e-card. Do not download any plug-in software to read any e-card. Legitimate e-cards don't normally need either.
- Beware of Phishing E-mails
- Why? Last year we talked about phishing (forged e-mails related to forged web sites) and this problem continues to grow. Lately the "phishers" have been taking advantage of people's good will and creating fake web sites purporting to be for Katrina relief when they are only going to take your money for themselves.
- Check E-mail Hoaxes *
- Why? We do not want to forward on hoaxes. It is easy to check if an e-mail is a hoax by looking it up on the web. Example site to check for hoax: http://www.snopes.com
- Beware Free Software *
- Why? Sometimes you'll get spyware when you download free software. (Sometimes you get it when installing paid-for software too, but much less often). You should be running an anti-spyware software and sweep your system weekly.
- Appropriate Use of Computers
- P2P is Not Allowed
- Peer to Peer (P2P) software is not allowed at SLAC. Examples: BitTorrent, Grokster, eDonkey, Kazaa. These programs can be used to place virus or trojan horses on your computer. SLAC monitors port activity and if P2P traffic is identified then Human Resources is notified and the user of the computer will be contacted. In addition, using P2P may expose you to violating copyright infringement laws.
- Warnings on Use of Web and VPN
- Key Loggers
- Visiting risqué web sites (with any web browser) and clicking on links could get you the gift of a key logger on your computer. The key logger program will capture all your keystrokes (e.g. account names and passwords) and pass them back to "home base".
- Screen Scrapers
- A screen scraper is part of a Trojan Horse which could be waiting in background on your computer. When you go to a banking web site and enter your account number and a pop-up comes up for you to enter your PIN the program will capture your account number and then take screen shots as you use mouse to press buttons to enter your PIN. Now they have your bank name, your account number, and your PIN.
- VPN Bypasses Firewalls
- If your home computer is sitting behind a home network firewall then your computer is "protected" (to the extent that you've configured that protection in the firewall, of course). However, if you start VPN to connect to the SLAC public network you are no longer protected by your home network firewall. If your computer is not fully patched then you could be getting it infected within minutes. If your computer got infected while out of your private network, when you drop VPN connection and go back behind your firewall your computer can infect other computers in your private network.
- If you are using VPN just to read Outlook e-mail then you should switch to RPC over HTTPS Outlook: http://www2.slac.stanford.edu/comp/messaging/Using/rpc-http.htm or use web e-mail https://www-mail.slac.stanford.edu. Neither of which needs VPN to work.
- If you need additional windows services then use Citrix: http://www2.slac.stanford.edu/computing/windows/services/citrix/ which doesn't need VPN either.
- Advice to Update Your Computer
- Keep PC Current
- Keep your self-managed (at home and work) computer up to date with operating system and patches. Older systems will stop getting security patches (possibly without your knowledge) and your computers are much more at risk to getting attacked. This applies to all operating systems.
- Use anti-virus and anti-spyware, and update them frequently.
- Restrict X-Windows Access *
- Be sure your x-display software is not allowing any system to display to your computer. Never use xhost+ and try to limit what computers can display to your computer by using ssh tunneling.
- Instant Message Virus *
- It is possible to get a virus through Instant Messaging now by clicking on links sent in IM messages. We recommend that SLAC Windows users use our internal IM server as it is cut-off from Internet (restricting your exposure to your "friends" at SLAC): http://www2.slac.stanford.edu/comp/messaging/Installing/instant_messaging_sip.htm
- Anti-Virus Scan Limitations *
- Virus writers are now creating viruses with limited propagation which may escape the notice of anti-virus vendors.
- Reporting Computer Security Problems
- E-mail security@slac.stanford.edu. If after-hours please call x4357 (Helpdesk).
* = Not included in the talk on 9/20/05 due to time limitations
Owner: SLAC Computer Security |