Introduction
Desktop security is not just a matter of protecting your own machine and the data on it. When a machine is compromised, one of the most common outcomes is that it is used to launch attempts to break into, or disrupt service on, other systems located at Penn or anywhere on the Internet. All computer operating systems have vulnerabilities that are targeted by are subject to security risks. In a networked environment, such as a college campus, a compromised computer can affect other computers and disrupt services throughout the campus, personal information can be compromised leading to identity theft and intellectual property can be stolen. In order to reduce the risk of a successful intrusion and to minimize the damage that can be done, this document provides you with an overview of the fundamental steps and procedures to be followed to minimize security exposures and resulting disruptions.
Why do you need to secure your Desktop?
We need to secure our desktop because a personal computer used without proper security measures could lead to exploiting the system for illegal activities using the resources of such insecure computers. These exploiters could be Virus, Trojans, Key loggers and sometimes real hackers. This may result in data theft, data loss, personal information disclosure, stealing of credentials like passwords etc. In addition, many desktop computers may be subject to the terms of Penn’s Computer Security Policy and thus must be maintained with adequate security precautions in order to comply with this policy.
Key Points
⦁ Encrypt your network connection.
⦁ Encrypt sensitive files stored locally.
⦁ Encrypt private information stored in the cloud.
⦁ Use a free VPN service to protect public Wi-Fi connections.
⦁ Prevent keystroke loggers, other data snoops.
⦁ Perform a manual virus scan with the free Malware bytes Anti-Malware.
⦁ Disable images in email.
⦁ Be wary of e-mail attachments
⦁ Use a standard (non-administrator) account in Windows
⦁ Destroy old data.
The Importance of Adequate Desktop Security
Desktop security is not just a matter of protecting your own machine and the data on it. Given the automated tools currently available to find machines that can be compromised and then exploit them, this is a serious concern.
In addition, many desktop computers may be subject to the terms of Penn’s Computer Security Policy and thus must be maintained with adequate security precautions in order to comply with this policy.
The Desktop Security Policy
The Desktop Security Policy has Inbound and Outbound rules.
⦁ Inbound rules – Enforced on connections going to the client computer.
⦁ Outbound rules – Enforced on connections that originate from the client computer.
Each rule defines traffic by source, destination, and service. The rule defines what action to enforce on traffic that matches.
⦁ Source – The network object that initiates the communication.
⦁ Destination – The user group and location for inbound communications, or the IP address of outbound communications.
⦁ Service – The service or protocol of the communication.
⦁ Action – Accept, Encrypt, or Block.
Connections to computers inside of the organization, for example, all of the machines in the VPN domain of the Security Gateway, are automatically encrypted, even if the rule that lets them pass is an Accept rule.
Examples of security policies
Negligence-based insider threat incidents cost organizations an average of $3.8 million per year – that’s a lot of money! Improved cyber security policies can help employees better understand how to maintain the security of data and applications.
⦁ Acceptable use policy (AUP):
An AUP is used to specify the restrictions and practices that an employee using organizational IT assets must agree to in order to access the corporate network or systems. It is a standard onboarding policy for new employees, ensuring that they have read and signed the AUP before being granted a network ID. A template for the AUP policy template is available at SANS for your use.
⦁ Data breach response policy:
The goal of the data breach response policy is to describe the process of handling an incident and remediating the impact on business operations and customers. This policy typically defines staff roles and responsibilities in handling an incident, standards and metrics, incident reporting, remediation efforts, and feedback mechanisms. A template for the data breach response policy is available at SANS for your use.
⦁ Disaster recovery plan:
A disaster recovery plan is developed as part of the larger business continuity plan, which includes both cyber security and IT teams’ recommendations. The CISO and assigned teams will then manage an incident through the data breach response policy. However, the business continuity plan is activated only when the incident has a significant impact on the organization. A template for the disaster recovery plan is available at SANS for your use.
⦁ Business continuity plan:
A business continuity plan (BCP) describes how the organization will operate in an emergency and coordinates efforts across the organization. Additionally, BCP will work in conjunction with the disaster recovery plan to restore hardware, applications, and data that are considered essential for business continuity.
⦁ Remote access policy:
According to an IBM study, remote work during COVID-19 increased data breach costs in the United States by $137,000. Organizations can implement a remote access policy that outlines and defines procedures to remotely access the organization’s internal networks. Organizations require this policy when there are dispersed networks with the ability to extend into unsecured network locations, such as home networks or coffee shops.
⦁ Access control policy:
An access control policy (ACP) defines the standards for user access, network access controls, and system software controls. Additional supplementary items often include techniques for monitoring how systems are accessed and used, how access is removed when an employee leaves the organization, and how unattended workstations should be secured.
General Desktop Security Guidelines
The following general guidelines are relevant for all users, no matter what operating system is being used:
⦁ Maintain up to date and properly configured anti-virus software. Windows machines which are on campus should generally use Symantec in Managed Mode. For others, see ISC’s Virus Information. Be sure that real-time protection scans all files.
⦁ Don’t open any e-mail attachments unless you know the sender AND know that it was intentionally sent to you.
⦁ Use complex passwords. Never write down your passwords or share them with anyone else. SASC staff will never request your password.
⦁ If you share any files from your machine (not recommended in most cases), be certain that access is protected with a complex password.
⦁ Keep backup copies of any important documents. Contact your LSP for information about data backup systems.
⦁ Periodically check web site of the OS vendor (e.g. Microsoft or Apple) for critical security updates that may need to be applied.
⦁ Penn insurance regulations for Property Insurance and Claims require that computing equipment be properly secured if it is to be covered for property loss.
Things to remember while using your personal computer
⦁ Always install Licensed Software so that you have regular updates of your Operating system and Applications. In case of open source software, make sure to update frequently.
⦁ Read the “Terms and Conditions” / “License Agreement” provided by vendor/software before installation.
⦁ Properly shutdown and switch off your personal computer after the use along with your external devices like Monitor, Modem, and Speakers etc.
⦁ Disable Windows 10 automatic login.
⦁ Set a password with your screensaver.
⦁ Turn on your firewall.
⦁ Disable remote access.
⦁ Enable or install antivirus protection tools.
⦁ Enable auto-updates for your operating system.
⦁ Set up file backups.
⦁ Turn on encryption.
⦁ Set up your user accounts.
⦁ Set up a password manager.