exploitation of weak passwords is still one of the most likely sources of security incidents. All passwords should be strong (not simple names or words, but employing a combination of letters, numbers and symbols, and of course never the same as a username or computer node name); secure (not written down, especially not on a post-it note attached to the computer); distinct (you should not use the same password for multiple systems); and not shared with others (there are better ways to share computing resources or accounts if necessary).
- unattended machines:
even with the current policy of restricted access to the lab, there are still computers that disappear under mysterious circumstances (and not only during nights and weekends). Moreover, it takes only a few careless clicks in a web browser by a passer-by to infect your desktop machine with worms or viruses. So, make sure that machines are physically secured and screens are set to be password-locked when a computer is left unattended.
- local system administrators:<
local admins are our first line of defense for computer security. They configure and maintain the local systems to allow work to proceed securely, they update the system with needed security patches, and they watch out for suspicious and unusual occurances that could indicate a security incident. Every machine at the lab must have a local admin. Make sure you know who the admin for your desktop machine is; and if it is you, be sure you are aware of the various duties incumbent upon a system administrator. In particular, all machines on the lab network must be registered and have a registered sys admin so that responsible parties can be located quickly during security incidents and can be kept informed of critical patches and updates for the system. Machines without a registered admin tend to be summarily blocked from the network at the first sign of trouble. If you are managing your own desktop make sure that you have registered; if your machine is managed by someone else check that they have registered your machine. You can check on the machine and system admin registration by clicking here and searching for your machine by system name, IP address, node name, property tag number or MAC address. Clicking on the system number after the machine is found will show you if there is a registered system administrator and who it is.
- Data backup:
one of the most important responsibilities of lab computer users is the custodianship of data. Computers are quite reliable but not infallible, so all data and other information stored on computers that might be needed in the future must be backed up. In most cases you probably will not perform the data backup yourself, but you should make sure you are aware of who is backing up your data, and perhaps even occasionally test that files can be retrieved from the backups.
- Reporting computer security incidents:
a suspected computer security incident must be reported. If the incident is ongoing or presents an imminent threat, call x2345 at any time during the night or day and the incident response team member on call will be immediately paged. For incidents that do not require prompt attention, you can report by email to firstname.lastname@example.org for followup within a few hours. When there is a potential incident the local user or admin should never attempt to "clean up" the suspicious activity before computer security experts have an opportunity to study the machine, since evidence of the incident will be needed by the laboratory and possibly by law enforcement personnel. The suspected infected machine should probably be physically disconnected from the lab network. Machines under investigation (which will normally have clear signs indicating they are to remain off the network) must never be reconnected before getting approval from the security team.
- Virus checking:
With the variety of different ways of delivering viruses it is critical to have up to date virus checking software on your PC. Email can reach your machine without going through the lab email gateways, and viruses can arrive from the web, from shared files,and when a portable machine is away from the lab. Make sure that your virus checking software is configured to run regularly and to be updated with new virus signatures. Your division/section support personnel can supply you with these items if you need them.
email atttachments are a very frequent source of infection of lab machines. You should be aware that you can never trust the "From:" field in an email message (it is trivial to forge), and should exercise extreme care in opening attachments. In a recent incident a lab employee was expecting a price quote from a colleague and received email purporting to come from them with the subject line "price", but the attachment was actually a virus from another source entirely. Your mail reader should be configured so that it does not automatically open or preview attachments and does not interpret html (web) code embedded in the email.
- web browsing:
The web is another frequent source of infection, as clicking on web links can easily cause malicious code to execute on your desktop machine. You should use a safe browser with up to date security patches (Internet Explorer is particular insecure, even when patched), and should use discretion in clicking on unfamiliar web links.