Keep your computer secure

Connecting your computer to the Wolfson network makes it reachable via the Internet from anywhere on the planet. Not everyone out there is friendly. Attempts to attack computers in College are observed many times each hour, and many have succeeded in the past. If your computer is "hacked" into, this will not only put your own data at risk. Compromised machines are also used to eavesdrop on other's communication and launch further attacks elsewhere. Compromised machines can severely disrupt the functioning of the College's network connection and can cause us significant cost, both in terms of the network traffic we are charged and the time we spend on identifying and fixing the problem. It is therefore the responsibility of everyone connecting a computer to the Wolfson network to actively and continuously take care of its secure configuration.

Security updates

The operating system version that came with your computer is likely to contain many known loopholes that are today easily exploited by attackers. Therefore:

  • Make sure you install regularly all the security patches, updates and hot fixes provided by your operating system manufacturer.
  • If you use Microsoft Windows, then run Microsoft Update at least once every week. Better even, configure it to install all critical updates for you automatically.
  • If you use Microsoft Windows XP, please update to Service Pack 3 and enable the Internet Connection Firewall.

You may also want to join your operating system vendor's security-announcements mailing list. This will keep you informed about the availability of new security updates for your system. More information is available from MicrosoftAppleopenSUSEUbuntuRed HatFedoraDebianFreeBSDOpenBSD.

Third-party applications can also contain security vulnerabilities and therefore also need to be updated regularly. However, the operating system’s update tool usually does not update those. For Windows, a simple free tool to regularly scan for out-of-date software that needs updating is Secunia Personal Software Inspector.

Firewall

A firewall is a software that provides additional protection against malicious attempts to connect to your computer through the network. We highly recommend to activate the firewall that comes with your operating system. For Windows versions older than Windows XP SP3, please upgrade to a more recent operating system.

Virus scanner

On Microsoft operating systems, make sure you use a recent virus scanner.

You can download a virus scanner for free from the Computing Service virus page. Make sure the virus scanner is configured to automatically update its virus database over the network. More information ...

Make sure you have at least the version shown on the above web page.

Dealing with a virus infection

If your machine was affected by a worm or virus, avoid keeping it connected to the network unnecessarily, as it might be sending out data to infect others. Ideally, you should disconnect it instantly and not reconnect it before you have removed the virus and applied all necessary updates to the operating system and virus checker.

Make sure you shutdown and reboot your Windows after you have removed a virus or installed a security update and before you reconnect it to the network.

In case of doubt, ask the IT Manager.

Encryption

With the Ethernet technology currently used in the College network, every computer can in principle see the full data traffic of every other computer on the network. Special software can be used quite easily to eavesdrop passwords, email, etc. It is therefore important that you avoid software that sends your password unencrypted over the network. In particular:

  • Avoid telnet to connect to your departmental machine. If possible, use one of the many available secure shell (ssh) programs instead. The commonly recommended one for Windows is putty, which you can download freely. This program, along with equivalent ones for other operating systems, is also on theUnix Support SSH CD that is freely available from Computing Service reception. If you use Linux, you are likely to find the ssh command preinstalled already.
  • If you use the imap protocol to retrieve your mail (e.g., when you use Microsoft Outlook), then activate the SSL encryption option to make sure nobody can steal your password.
  • Change your passwords after you started using encryption.

Passwords

When you connect your computer to the network, then normally – unless you disable this explicitely – your computer can be used remotely just as you can use it from your own keyboard. It is therefore extremely important that you protect access to your computer with a carefully chosen password. Make your password a random sequence of letters and digits. Chose it such that it is extremely unlikely that anyone else throughout the history of computing could ever come up with the same password. Never use common dictionary words or the names of persons, pets, brands, bands, literary figures, etc., because these are the first passwords that attackers will try, and they can easily try thousands of passwords per second. Never use anything related in an obvious way to your own person to form a password, such as your initials, email address or date of birth. Make sure that every user account on your computer is protected by a strong password, especially any administrator or root account. Never type your password on anyone else’s computer if there is the slightest chance that this computer might have been broken into. Keyboard eavesdropping software is one of the first things that hackers install after breaking into a computer over the network.

Email attachments

Do not install or execute programs and attachments that you have received unexpectedly via email. Doing so would be like swallowing pills given to you by strangers. You have no idea what they contain and will do to you.

Also be very suspicious about any warnings or technical instructions sent to you unexpectedly, as many of these may be hoaxes or attempts of fraud.

Theft

Several students have suffered laptop theft recently. Please lock your room each time you leave, even if you go only to the bathroom or kitchen for a minute. Do not hesitate to report any suspicious activity you see to the porters (phone 35900). A convenient way to protect laptops is a Kensington security cable, available from various computer stores in Cambridge.

Other things

Please have also a look at the Computing Service security pages, which contains valuable additional information.