February 2000
Volume 3, Issue 2

Inside this Issue...

Social Science Computing Laboratory
Faculty of Social Science
Room 1228, Social Science Centre
The University of Western Ontario
London, Ontario, Canada, N6A 5C2

E-mail: ssts@uwo.ca
Web: ssts.uwo.ca
Phone: 519 661-2152
Managing Editor: Ramona Fudge

SSC Network Update

Security Tips for Windows 95/98 Users

Les Flodrowski

A very positive spin-off resulted from the Y2K preparations and disaster recovery contingency planning that took place at UWO over the past year. Users have begun to take personal responsibility for the well-being of their desktop computers and everything that they entrust to it. In particular there is a heightened awareness for the importance of routine file backups and virus "sentry" software in everyday computer use.

Computer security is the next and without doubt the most important personal computer awareness issue facing everyone. System professionals, the keepers of our networks and servers struggle daily with increasing occurences of "hackers" who originate from across the world using the Internet and from within our own campus. Hackers use whatever system weaknesses they can exploit to illegally access corporate and personal computer facilities and information. Ultimately, all individuals must assume some responsibility for ensuring the level of personal privacy and security that they want. Issues of file encryption, complex and secure passwords, personal network system settings and Internet worm virus interception are just the beginning. This and future issues of the SSC Network Update will raise security awareness through a series of articles and tips that can assist individuals for taking more personal control of their desktop security.

File and Print Sharing
When you use the Internet, no matter how you're connected (dial-up, ROGERS@Home, SSC Network, Sympatico, etc.) you're at risk of someone making an attempt to break into your computer. In fact, one of the most powerful features of Windows, file and print sharing, is also one of the greatest risks to security on your PC since it makes your computer vulnerable to Internet hackers.

TIP:   Disable file and print sharing
If you have never disabled this feature, do it now - by default it is turned on. Removing this feature will block attempts to access your computer.

On the SSC Network:
Start Þ SSC Network Þ Software Installs and Downloads Þ Disable File and Print Sharing
From Home:
Start Þ Settings Þ Control Panel Þ Network Þ File and Print Sharing Þ Check off two check-boxes Þ OK.
After turning the settings off, Windows will automatically restart your computer.

Maximize File and Print Sharing Security
If you do need to share files across the SSC Network, please follow these tips:

TIP:   Never share out your entire hard drive.
Windows stores sensitive information on your hard drive including usernames and passwords. For this reason, only share out those resources (individual files, folders, or printers) that another user must access.

TIP:   Specify explicit access rights and set them to read-only.
Be specific when sharing out resources and only list those users who absolutely need access. Limit access to read-only. This will prevent anyone altering or deleting files.

File Security
What would you do if you lost an important file, an entire directory or even your entire hard drive? The issue of file security and being able to restore lost files should be a major concern of most users. Files can be lost due to hard drive failure, virus attack, user or software error, or a corrupted floppy disk. In fact, students routinely lose files and valuable work because of floppy disk failure.

TIP:   Create backup copies of your important files.
Unlike files stored on the server (see next tip), files stored on your hard drive are not automatically preserved in any way. You should always have a backup copy of important files in case of loss. Some departments now backup their hard drives to ZIP disks to help protect against loss. If you store files on a floppy disk, you should also save a second copy on another diskette, your hard drive or the H: drive.

TIP:   Take advantage of automatic server backups.
Every user can take advantage of storage space located on the SSC Network servers by storing files on the H: or S: drives. Since the server is backed up nightly, any files that are accidentally lost can be restored from the previous night's backup. Files are restored online by clicking Start Þ SSC Network Þ Accessories Þ Recover Personal Files.

Faculty, staff and graduate students can keep up to 20 megabytes of data on their H: drives, while students can save up to 10 megabytes. In addition to the H: drive, users can take advantage of the Scratch drive service to obtain even more storage space. Although each user's Scratch storage must be renewed at the end of each academic year, files are secure because they are also backed up nightly. For more information about Scratch, click on Start Þ SSC Network Þ Accessories Þ Scratch Request.

Passwords
Your password is the key to your account and is only as secure as you make it. For this reason, you should change your passwords occasionally, choosing one that is difficult to crack.

TIP:   Learn how to make an easy-to- remember password.
Many people do not change their password because it is too difficult to create a new one that conforms to the ITS password rules. Some even carry around that piece of paper ITS gave them with their password written on it! Here is a simple formula for creating a new password that is easy to remember and conforms to the rules:

Pick any six-letter word that you will remember. For this example, "peanut" is used
Split the word in half and insert a punctuation character, for example a period (pea.nut)
Capitalize any one of the letters (Pea.nut)
Add a digit to the password. In this example the digit "1" is added to the beginning. The final password becomes "1Pea.nut". Other examples of valid, easy to remember passwords include "www.Com1", "4Me.2see", "Net.w0rk".

TIP: Change your SSC Network password.
The default password given to new SSC Network accounts is not very secure. If you have not one so yet, change your network password to an eight-character password using the formula described above.