Information Security Training

Desktop Security Video (Courtesy of ISO, University of Tennessee) To watch the video, click on the icon below that matches your media player. If you don't have a player, go to our download page. If you need a video with text captions, please visit our text-captioned page.

Desktop Security Practices

Information Technology security can be compared to an onion because it uses layers to protect devices from hackers. Examples of these layers include anti-virus software, firewalls, passwords, and intrusion prevention systems. However, the most important security measure is the individual. If a computer is not protected by the individual using it, a hacker can gain access and send malicious e-mails or destroy valuable files. The best way of preventing this from happening is to be aware of hacker tactics.

One method used by hackers is shoulder surfing. This is when a stranger or colleague looks over your shoulder and obtains private information such as your user name and password. The best way to prevent this is to arrange your monitor away from windows, hallways or other ways others can see your keyboard, monitor, or screen. Another preventive method is to use a mirror in order to see anyone behind you that may be looking. Also use a screen protector that blocks anyone from seeing your monitor.

Another method is to use an automatic password protected screensaver for when you are away from your computer for a few minutes. Your screen saver should activate after 5 minutes of inactivity. This action requires the entry of a password before anyone can disable the screen saver and allowing access to the computer.

If you will be away from your computer for an extended period of time during the work day; a good practice is to lock your keyboard. On Windows PCs, this can be done by pressing and holding down the key with the “flying window” (usually next to the ‘Alt’ key) and then pressing the “L” key. This will lock the keyboard and blank the monitor screen until a valid password is entered.

Desktop hackers can also capture files you send to other systems in an insecure manner. Files sent using File Transfer Protocol (FTP) or TELNET is sent in plain text. This means that anyone can read the contents of the communication to include your user ID, password, and other personal information. The best defense is to use secure file transfer applications such as SSH and PGP. These applications provide encryption for file transfers and e-mails.

Some other best practices to follow include:

• Log off you computer when leaving for the night, weekend or going on holiday
• Keep computers physically secure — lock unattended offices when necessary.
• When you are viewing confidential information, be aware of whether others can easily view your computer screen.
• Do not leave machines logged on to administrative systems for long periods when inactive.
   
• Do not use your password or username for external internet sites that allow you to choose a username and password to log in to them.
• If a systems offers to ‘remember’ a username and password for you, say ‘no’.
• Do not use Windows file sharing to share data on your hard drive. On a Windows machine, if you do not need to give others access to shared printing on your PC, then ensure that file and print sharing are disabled.
• Do not install or run any software (including scripts or macros) unless you trust the source, and always check software for viruses first.
• Do not run server software (for example web server software) on your desktop machine.
• Set programs such as web browsers and e-mail clients to prompt you before running any programs or scripts.
• Back up important data regularly, or save them on a file space that is backed up (such as your H-drive or Department directory). Store safely any backup disks you make yourself.
• Take special care with confidential information held online. Particularly sensitive information should not be kept on C-drives/home directories, and email should be used with caution.
• Do not retain sensitive information for longer than necessary.
• Do not connect any systems or other networks, either directly or indirectly) to the University data network without checking with OTS that it is safe to do so. Do not dial out to another network (ISP) from a desktop machine while it is still connected to the University's data network.
• Do not set-up modems to receive incoming connections.

What more?

• Microsoft Security Guidance for Desktop Security
• PGP
• Montana State University Desktop Security
• Purdue University Best Practices
• Home User’s Security Checklist for Windows
• Penn State Desktop Security 101

If you need further assistance, email infosec@towson.edu for help.
 

Information Security Office
Office of Technology Services
Cook Library, 4
Hours: Monday - Friday, 8:30 a.m. to 4:00 p.m.
E-mail: infosec@towson.edu