Hosts running Windows account for the majority of break-ins in SCS. Most of these break-ins are due to the following, mostly preventable, causes:
- Weak passwords for users and applications
- Open shares
- Unpatched or poorly configured software
For each of these causes, there are a few simple steps that you can take to make your PC more secure:
- Use an anti-virus program & beware of attachments.
- Set good passwords for accounts and applications.
- Don't have open shares on your PC.
- Regularly patch operating system & application software.
You should also take steps to protect your passwords when you connect to Unix hosts.
If you are running IIS, MS SQL Server, or other Windows network services, you should take special precautions to make sure that you have secured these services, as they are a major cause of break-ins.
For hosts in the SCS Windows domain that run Windows 2000 or Windows XP, we enforce a group policy that disallows remote logins by the Administrator account.
At this time we cannot provide support for setting up personal firewall software on Facilitized PCs. While setting up such software on your PC is not discouraged, you should be aware that, unless you are careful, doing so may prevent things such as network backups and software updates from working. We do provide an IPSec policy for Windows 2000 and XP that can be used to restrict access from non-CMU hosts to your PC:
- Installation and usage instructions for the IPSec policy.
- Policy file to import for Windows 2000 and Windows XP hosts (the same file should work for both operating systems).
If your PC has been hacked or infected with a virus
If your PC is maintained by SCS Facilities, Facilities will fix it. Send mail to email@example.com or call the SCS Help Desk giving the name and location of the host, why you believe it has been broken into or infected, and any other information you might have to help us fix it. Please include any information you may have as to when and how how the break-in or virus infection may have happened (open share, you ran an attachment, etc). Then, remove your PC from the network until we can take care of it, so it is not used to launch attacks on other hosts.
If your PC is not maintained by SCS Facilities but is on the SCS network, please send mail to firstname.lastname@example.org and let us know about the problem, including any information you may have about possible causes, when the break-in/infection happened, and what changes the intruder (in the case of a break-in) may have made to your PC. Doing so will help us possibly identify other PCs that may have been hacked in a similar manner, and help us respond to any complaints about your PC misbehaving on the network. If your PC is infected with a virus, see our anti-virus page for some information on how to take care of it and where to get anti-virus software. In case of a break-in, the safest thing to do is to re-install. Please see our documentation on dealing with Windows break-ins for additional information on how to deal with a hacked PC.
- Adware and spyware
- Prevent adware and spyware on your SCS Facilities-supported Windows PC
- Internet hoaxes and scams
- How to avoid being victimized by internet hoaxes and scams
- X server security
- How to configure X-Win32 securely and prevent people from snooping on your X server traffic.
- Windows support
- About Windows support in SCS and our Windows environment.
The following off-site links will open in a new browser window:
- CERT home computer security tips
- Detailed information on how to keep a home computer secure. Much of this information is relevant to Windows hosts at SCS.
- Microsoft main security page.
- Symantec Security Response site (mainly virus/worm-related, but has general Windows security advisories as well).
- NetBIOS Null Sessions: The Good, The Bad, and The Ugly
- A nice overview of null sessions in Windows and how to disable them.
- Columbia University's Safe Computing on Windows guide
- Long, detailed guide to Windows security practices.