Best practices for computer security
This document details how you can secure your personal computer
accounts and the data stored on them.
Note: Following some of the suggestions below can
affect how your computer interacts with a network. If your computer
or local network is managed by a network administrator, you should consult with your administrator before making changes
to avoid disrupting your network connection.
On this page:
Top three things you can do to protect your
Use security software
The most important thing you can do to keep your computer safe is to
install and maintain security software, which protects your
computer from viruses and spyware. Such security
programs perform two general functions: scanning for and removing
viruses and spyware in files on disks, and monitoring the operation of
your computer for virus-like activity (either known actions of
specific viruses or general suspicious activity). Most software
can perform both of these tasks.
- Install antivirus software, and keep your virus pattern files up
Practice the principle of least privilege
Practice the principle of least privilege. Do not enable
administrative privileges until needed; in other words, do not log
into a computer with administrative rights unless you must
do so in order to perform specific tasks. Running your computer as an
administrator (or as a Power User in Windows) leaves your computer
vulnerable to security risks and exploits. Simply visiting an
unfamiliar Internet site with these high-privilege accounts can cause
extreme damage to your computer, such as reformatting your hard drive,
deleting all your files, and creating a new user account with
administrative access. When you do need to perform tasks as an
administrator, always follow secure procedures. For more, see In Windows, why should I avoid running my computer as an administrator?
Maintain current software and updates
Use a secure, supported operating system; see ComputerGuide: Recommendations and common questions.
Keep your software updated by applying the latest service packs and
patches. For Windows, you can schedule Automatic Updates
to automatically download and install available updates.
Avoid threats to your computer
Never share passwords or passphrases:
Pick strong passwords and passphrases, and keep them private. Never
share your passwords or passphrases, even with loved ones or computing
Do not click random
links: Do not click any link that you can't verify. To avoid
viruses spread via email or instant messaging (IM), think
before you click; if you receive a message out of the blue, with
nothing more than a link and/or general text, do not click it.
Beware of email or attachments from
unknown people, or with a strange subject line
Do not download unfamiliar software
off the Internet: KaZaA, Bonzi, Gator, HotBar, WhenUSave,
CommentCursor, WebHancer, LimeWire, and other Gnutella programs all
appear to have useful and legitimate functions. However, most of this
software is or contains spyware, which will damage your
operating system installation, waste resources, generate pop-up ads,
and report your personal information back to the company that provides
Obtain public-domain software from reputable sources, and then check
the newly downloaded software thoroughly using reputable virus
detection software on a locked disk for signs of infection before
copying it to a hard disk.
Log out of or lock your computer when
stepping away, even for a moment: Forgetting to log out poses
a security risk with any computer that is accessible to other people
(including computers in public facilities, offices, and shared
housing) because it leaves your account open to abuse. Someone could
sit down at that computer and continue working from your account,
doing damage to your files, retrieving personal information, or using
your account to perform malicious actions. To avoid misuse by others,
remember to log out of or lock your computer whenever you leave it.
- Remove unnecessary programs or
services from your computer:
Restrict remote access:
Disable file and print sharing. In rare
exceptions when you may need to share a resource with others, you
should format your drive using NTFS and correctly set the file and
directory permissions. With Windows 2000 and XP, new folders are
created by default with access granted to the "everyone" group. If you
do have file sharing enabled on your computer, be careful to set
permissions correctly when creating new folders so that you don't
inadvertently leave them open to everyone on the network.
Frequently back up important
documents and files: This protects your data in the event of
an operating system crash, hardware failure, or virus
attack.Save files in multiple places
using two different forms of media (e.g., USB flash drive, CD-R). Avoid using floppy disks
to save files, as they can wear out with frequent use.
Treat sensitive data
very carefully: For example, when creating files, avoid
keying the files to Social Security numbers, and don't gather any more
information on people than is absolutely necessary.
Remove data securely:
Remove files or data you no longer need to prevent unauthorized access
to them. Merely deleting sensitive material is not sufficient, as it
does not actually remove the data from your system.
Deploy encryption wherever it is
Securing your home network
- How can I secure my home wireless network?
- CERT Coordination Center's Home Network