Six Steps to Secure Your Computer


1. Install antivirus software and keep it updated daily

There are plenty of great anti-virus software packages in the market. They check for known viruses by scanning your computer periodically. Most of them also check for viruses on incoming email.

An anti-virus program identifies viruses according to its virus signature file and takes appropriate actions to handle infected files based on user’s preference. Obviously, if the virus signature file is outdated, the anti-virus program may be totally ignorant of new viruses. As new viruses and variants of existing viruses appear every day, it is important to update the virus signature file and scan engine regularly by setting the scheduler of the anti-virus program.  Advanced endpoint protection software also combines industry-best AI and behavior-based protection to block advanced malware.

CityUHK Campus PCs are already protected by Sophos Endpoint Protection and Palo Alto Cortex XDR.

2. Apply software updates regularly

Almost as often as new viruses are discovered, new software bugs or vulnerabilities are discovered in operating systems (for example, Windows), tools or applications (for example, web browser and email software) and other third party tools. Given that zero-day attack is not uncommon, keeping your computer patched against known vulnerabilities is essential. Unpatched vulnerabilities may be exploited by hackers to gain control of your computer.

Staying up to date can be difficult and therefore, some vendors (for example, Microsoft) have provided users with utilities to check for updates and notify them automatically. Other vendors allow users to join an email mailing list so that they can be notified of any new updates. If a vendor doesn’t offer any of these solutions, users may need to periodically visit the product’s support website to check for available new patches or updates.

For CityUHK Campus PCs, Microsoft critical updates will be pushed through Microsoft's patch update server automatically.

3. Use strong passwords and change your password regularly

A simple password can be cracked in seconds while a complex password may take days or weeks to break. If you change your password regularly, you will make it harder for someone to use your password without your knowledge. All accounts in Windows must be modified to have a secure password.

A good password should contain

  • at least 8 characters containing both Alpha (lower and upper case) and Numeric characters

Password should NOT be

  • your personal information, such as name, birth date, telephone numbers, any IDs, license numbers, etc.
  • your computer account name, or the reverse of it
  • a word that appears in a dictionary (i.e. apple or boy)
  • abbreviations of common phrases or acronyms
  • an alphabetic or a numeric series (i.e. ABCDEF or 12345678 or abc123)
  • a string of all identical letters or numbers (i.e. AAAAAA or 88888888)
  • sequences of numbers or characters, or consecutive keys on a keyboard

Best practice for handling passwords

  • Change your password regularly
  • Do not let others know your password
  • Do not share your password with others including your friends or family members
  • Do not use the same password for different systems or applications, especially those critical ones
  • Do not use the same password that you use in the university with services provided by ISPs or public services
  • Avoid using password-saving features, such as Microsoft's Auto Complete feature
  • Do not write down your password. Do not store any password in any system including your own PC
  • Use a password-protected screen saver provided by Windows if you leave your computer unattended even for a few minutes
  • Pay attention to the login page of application to avoid using disguised pages. In case of doubt, please report to the CSC and the application providers (if different) immediately
  • Log off or shut down your computer at the end of each day
  • Do not use your account to login a service through a public terminal, the security protection of which is unknown. Always logout, and/or reboot, before and after using a public terminal
  • Do not download, install or use software from unknown source. They may implant Trojans or keyboard logging programs to trap your passwords

4. Lockdown unnecessary network accessible files/software

Don't run any unnecessary files sharing and network services on your computer. Every additional service you run offers opportunities for hackers to find security hole there. Followings are the services that you should disable as far as possible.

The 'File and Printer Sharing' service may allow hackers to access your files. You can disable it by following these instructions:

  1. Open Control Panels
  2. Click Network and Internet
  3. Click View network status and tasks
  4. Click Change adapter settings on the left side of the screen
  5. Right-click Local Area Connection and select Properties.
    In the middle of the properties window, you will see the list of networking components used by this connection.
  6. If File and Printer Sharing for Microsoft Networks is listed, uncheck the item and click OK. This change goes into effect immediately.

The 'Remote Registry' service allows hackers to modify your registry remotely. You can disable it by following these instructions:

  1. Select System and Security of Control Panel then Administrative Tools
  2. Select Computer Management
  3. Expand Services and Applications on the left panel
  4. Click Services
  5. Double-click Remote Registry; a Remote Registry Properties window opens.
  6. The General tab window should be selected.
  7. Click the Stop button under Service Status if the service is currently running.
  8. In the center of the window, there is a Startup Type drop-down menu. By default, the menu is set to Automatic. Instead, select Disabled so the service will never start again.
  9. Click the OK button in the Remote Registry Service Properties window.
  10. Close the Services window.

The 'Internet Information Services (IIS)' and 'FTP' services, which you can remove by following these instructions:

  1. Open Control Panels
  2. Click Programs
  3. Click Turn Windows features on and off of Programs and Features on the top of the screen.
  4. Uncheck the Internet Information Services checkbox and click OK.

The 'Remote Desktop' and 'Remote Assistance' services, which you can disable by following these instructions:

  1. Select System and Security of Control Panel then System
  2. Click Remote settings in the left panel.
  3. Uncheck the box next to Allow Remote Assistance connections to this computer.
  4. Select the radio button next to Don’t allow connections to this computer of Remote Desktop.
  5. Click OK.

5. Remove unknown or suspicious email

Email is indispensable to daily life. However, it is also the best channel to spread viruses and trap careless users. There are numerous topics to attract users to open malicious attachments or click on enclosed links. For example, after a holiday trip, you may expect greeting emails from your friends with attached photos for sharing. Research results show that computer users usually think warning messages are irritating and attempt to get rid of them immediately, resulting in thoughtlessly "OK" clicks.

As a responsible service provider, the CSC has deployed various tools to keep the incoming email clean and safe. However, users still need to take cautious steps to avoid opening emails from unknown senders. If an email is not from someone you know, you are recommended to simply delete it without reading it. If the email appears to be from someone you know, you should read the message carefully before opening any attached files or click on the links enclosed. Consider whether the person you know would really have written that message or forwarded you the attached file. If in doubt, contact that person you know to confirm before taking further action.

Free software, music, screensavers, file-sharing programs and even anti-virus programs often contain spyware. These spyware programs slow down your computer, cause pop-ups to appear and are generally undesirable. It is best not to download any program from unknown sites.

6. Backup your files periodically

The Internet has become more turbulent and methods of attack could never be exhausted. Even if you follow all the above recommendations, your hard disk could simply fail due to normal wear and tear, making your data unable to recover. Therefore, it is important to backup your files periodically so that you can restore them when necessary. At the very minimum, you should backup your most important files by copying them to a flash drive, external hard drive, or a CD/DVD disk.

Data is a valuable asset that you may have spent countless hours to create. Obviously, it is worthwhile to make backups whenever possible. It only takes a little time and money to set up automatic full system backups that give you peace of mind and protection from data disasters. With full system backup, you can restore your data with just a few clicks. Backup software can help you to automate the process of making automatic full or incremental backups, and to restore just one deleted file or the entire drive. A good backup program will even allow you to store multiple versions of a file, so you can go back in time and restore a file to the way it was a day, a week or a month ago.

Detailed guidelines on backing up PC can be found at http://www.cityu.edu.hk/csc/deptweb/support/guidelines/guideline_on_backing_up_pc.pdf

 

IT.ServiceDesk@cityu.edu.hk