Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Mac support 
 » Linux support 
 » Windows PC support 

Windows security

Hosts running Windows account for the majority of break-ins in SCS. Most of these break-ins are due to the following, mostly preventable, causes:

  • Viruses
  • Weak passwords for users and applications
  • Open shares
  • Unpatched or poorly configured software

For each of these causes, there are a few simple steps that you can take to make your PC more secure:

You should also take steps to protect your passwords when you connect to Unix hosts.

If you are running IIS, MS SQL Server, or other Windows network services, you should take special precautions to make sure that you have secured these services, as they are a major cause of break-ins.

For hosts in the SCS Windows domain that run Windows 2000 or Windows XP, we enforce a group policy that disallows remote logins by the Administrator account.

Firewalls

At this time we cannot provide support for setting up personal firewall software on Facilitized PCs. While setting up such software on your PC is not discouraged, you should be aware that, unless you are careful, doing so may prevent things such as network backups and software updates from working. We do provide an IPSec policy for Windows 2000 and XP that can be used to restrict access from non-CMU hosts to your PC:

IPSecPolicy.txt
Installation and usage instructions for the IPSec policy.
Windows.ipsec
Policy file to import for Windows 2000 and Windows XP hosts (the same file should work for both operating systems).

If your PC has been hacked or infected with a virus

If your PC is maintained by SCS Facilities, Facilities will fix it. Send mail to help+pc@cs.cmu.edu or call the SCS Help Desk giving the name and location of the host, why you believe it has been broken into or infected, and any other information you might have to help us fix it. Please include any information you may have as to when and how how the break-in or virus infection may have happened (open share, you ran an attachment, etc). Then, remove your PC from the network until we can take care of it, so it is not used to launch attacks on other hosts.

If your PC is not maintained by SCS Facilities but is on the SCS network, please send mail to help@cs.cmu.edu and let us know about the problem, including any information you may have about possible causes, when the break-in/infection happened, and what changes the intruder (in the case of a break-in) may have made to your PC. Doing so will help us possibly identify other PCs that may have been hacked in a similar manner, and help us respond to any complaints about your PC misbehaving on the network. If your PC is infected with a virus, see our anti-virus page for some information on how to take care of it and where to get anti-virus software. In case of a break-in, the safest thing to do is to re-install. Please see our documentation on dealing with Windows break-ins for additional information on how to deal with a hacked PC.

Related documentation

Adware and spyware
Prevent adware and spyware on your SCS Facilities-supported Windows PC
Internet hoaxes and scams
How to avoid being victimized by internet hoaxes and scams
X server security
How to configure X-Win32 securely and prevent people from snooping on your X server traffic.
Windows support
About Windows support in SCS and our Windows environment.

Additional information

The following off-site links will open in a new browser window:

CERT home computer security tips
Detailed information on how to keep a home computer secure. Much of this information is relevant to Windows hosts at SCS.
http://www.microsoft.com/security/
Microsoft main security page.
http://www.sarc.com/
Symantec Security Response site (mainly virus/worm-related, but has general Windows security advisories as well).
NetBIOS Null Sessions: The Good, The Bad, and The Ugly
A nice overview of null sessions in Windows and how to disable them.
Columbia University's Safe Computing on Windows guide
Long, detailed guide to Windows security practices.