UNIVERSITY of GLASGOW

IT Services
home > services > IT Services > Information Security > Security advice

Security advice

Security tips

Physical Security

Physical security is one of the most important aspects of computer security. It is also one of the most often overlooked. If anyone can just walk up to your machine, it can be compromised in a matter of minutes. That may seem like a remote threat, but there are other risks, such as theft, data loss, and physical damage that need to be addressed.

Below are some pointers on how to achieve an increased level of physical security for your system.

  • Control access to the machine itself. Only authorized people should be able to get to the machine. Remember, if someone can get physical access to the machine they can get administrative access to it.
  • Ensure machines are in rooms that can be locked when the machine is unattended.
  • Secure the machines to non-movable furniture (such as desks).
  • Many computers can be locked so that they can not be opened up. If possible, lock such machines closed.
  • Do not position your machine so that people can watch passwords being typed in. If machines are in front of windows, behind glass walls, avoid having the monitor or keyboard in a location where they can be seen from the outside.

It's important not to forget that physical security is as much about preventing computers or their components from being stolen as it is about preventing access to the operating system or data.

Workstation Security

There are many ways in which you can increase the level of security in relation to your workstation. Below are some examples of how you can achieve a more secure workstation.

  • Lock the screen of your machine if left unattended.
  • Use a password protected screen saver.
  • Do not share passwords.
  • Log off or disconnect from all network systems when leaving for a substantial length of time.
  • Lock up diskettes and CD-ROMS when you leave your work area.
BIOS security

BIOS settings can be utilised to add an extra level of security for a system. Below are some ways in which your BIOS can be configured to increase the security of your system.

  • Password Protect your BIOS configuration.
  • Password protect you system boot process.
  • Disable floppy and CDROM boot support.
  • Turn case open alerting on.

NOTE: The BIOS password can be overwritten if physical access to the computer is gained, and the system case has not been securely locked.

Downloading and Installing Software

You must be very careful when downloading and installing software, anything that you run on your system has the ability to perform some unwanted functions, such as deleting files, creating back doors for future attacks or capturing keystrokes.

Below are some guidelines to help you decide whether you should install a piece of software:

  • Understand what the program does. There should be a clear description of what the program does within the documentation. However consider the source and whether you can trust the information provided.
  • Read all the "Terms and Conditions" documentation. This is especially important when installing an application which has various components that may be from a number of vendors. There may be a clause in the "Terms and Conditions" of another product that you may not agree with. An example of this would be the Kazaa application which installs 10 component programs. The purpose of these programs range from monitoring your behaviour to installing advertising agents on your machine.
  • Look and see what files are installed and what changes are made to your system when installing and running the application.
  • Consider the author. Can they be contacted if a problem should arise with the application or your system in the event of a problem?
  • Try and gather information about other users experiences with the software. If you do not know of anyone then perform a search on the internet through a popular search engine such as http://www.google.co.uk/.
  • Always ensure that you have a current backup of your files when installing software that you are unsure about. This will allow you to revert back if a problem should arise.
  • Ensure that your Anti-virus software is up to date. This will notify you if there is a hidden virus with the software.
Home Computer Security

Your home computer is a popular target for intruders. Your computer may contain personal information such as credit card numbers, bank account information, and other pieces of valuable data. Intruders also want to steal your computers resources, i.e. your hard disk space, processing power and Internet connection.

Outlined below are a number of guidelines which will help you to ensure a higher level of security for your home computer.

  • Install and Use Anti-virus software.
  • Keep your system patched.
  • Use care when reading email with attachments.
  • Install and use a firewall program.
  • Make backups of important files and folders.
  • Use strong passwords.
  • Use care when downloading and installing software.
  • Install and use a file encryption program and access controls.
Monitoring CPU Activity

You can monitor the CPU activity through either a graphical tool or a command line tool. It is a good idea to monitor it at different times of the day and whilst running different applications so that you can build up a picture of your average usage. This can be used to alert you to a problem with the system or a breach in security. If there are unforeseen and unexplained CPU usage peaks when you are not using your system then it may be that you have an intruder who is stealing your resources.

For more thorough and tailored information on monitoring CPU activity, please use the below links to find resources specific to the operating system that you wish to install.

  • Monitoring CPU activity
Monitoring Ports

Applications and services that run on your system use ports to communicate with themselves or other devices on a network. A system's services will tend to use standard ports for standard services, i.e. the HTTP (normal web page browsing) service uses port 80.

You should know what ports are being used on your system and what process is using that port. This can be very useful in determining a problem with the system. If you know what ports should be communicating then you will be able to tell if there is any that are, but shouldn't be. This is a tell tale sign that the system has had a piece of software installed without the administrators knowledge or that the system has been compromised.

For more thorough and tailored information on monitoring the ports of your operating system, please use the below links to find resources specific to the operating system.

  • Monitoring ports
Updating Drivers

Updating your drivers is an important part of maintaining your system. Although you do not need to update every day, it's a good idea to update drivers every couple of months, or at least check to see if there is a newer driver for your hardware.

You will want to periodically check for driver updates for the following hardware devices:

  • Motherboard
  • Video card
  • Sound card
  • CD-ROM
  • SCSI Adapter
  • System BIOS *

There may be other devices with drivers, but these are the most common.

Most drivers can be changed through the driver properties, but we recommend following the manufacturer's instructions for updating your drivers. You can usually find driver updates on the Internet. Make sure you check your manufacturer's web site as there are probably updated drivers posted.

* The system BIOS update will come from your system vendor or motherboard manufacturer. You should only have to update your system BIOS every year or so.

For more thorough and tailored information on updating drivers for your operating system, please use the below links to find resources specific to the operating system that you wish to install.

System Processes

A process is the name given to software that is running on your system. They will typically be started by different users on the system and relate to the operating system, automatic user processes or applications that are running.

It is a good idea to get to know what is running on your system. There will be a number of system processes required for the operating system to run. When you login use your process listing tool to see what they are. When you launch an application you will see another process or a number of processes start. These relate to the application.

This can be very useful information to know. You can use this information as a warning of an intrusion by knowing and comparing what processes should be running and what processes are actually running.

For more thorough and tailored information on getting to know the processes of your operating system, please use the below links to find resources specific to the operating system that you wish to install.

  • Windows processes
Deleting Unwanted Programs

This is a good idea for several reasons. This will free up system resources such as hard disk space, you will not have to maintain the software and once it is removed the system security is increased as issues relating to the software will be eradicated.

For more thorough and tailored information on reducing services, please use the below links to find resources specific to the OS that you wish to install.

MD5 Fingerprints

An MD5 hash of a file or program creates a unique fingerprint which can be used to ensure that the file or program has not been changed or that it is what it claims to be. MD5 fingerprints can be used for a variety of tasks. If you have downloaded applications from the Internet and need to verify their integrity, there will often be an accompanying MD5 fingerprint.

MD5 hashing can also be used to help you keep a track of your system files and work. You can created ond store hash values of anything, this information can be used to monitor and verify your files, applications and processes. A good baseline test if you become suspicious and think that they may have been altered. For Windows you can use WinMD5, others are available.

UNIX/Linux can also perform this function with automated applications for you to utilise. A popular example would be Tripwire, open source for linux and available for purchase for UNIX systems. Tripwire can be easily customised to alert you of any changes to system binaries or files.

Solaris has an alternative method called the Fingerprint Database, where it maintains a databse of MD5 hashes for all it's applications and packages. You can query this online database with MD5 hashes created from your own system to compaire values. As with tripwire if there are any discrepancies you are alerted.

Some firewalls, such as ZoneAlarm and Outpost, use MD5 hashing to verify applications which try to make a connection from your system to the Internet. This way they can tell whether or not the application is what it claims to be and not a trojan horse masquerading as the program.