Computer Security Tips for Everyone

Better be despised for too anxious apprehensions, than ruined by too confident security. Edmund Burke

Everyone has a responsibility to ensure that our computers and the data they contain are safe. Hopefully, these "security tips " in Interface will help users remain vigilant in safeguarding their data—and create a more secure IT environment at NIH.

Today, private and government computer systems are constantly under attack—and NIH is no exception. Hacking into computer systems seems to have become an international sport, with attempted break-ins a daily event. Because these attacks pose a constant threat, good security has become a critical element in the IT operations of all organizations.

Intrusions & Malicious Software

Adapted from the NIH Computer Awareness Training Webpage

Intruders employ a variety of techniques to gain unauthorized access. Sophisticated tools are readily available and easy to use, even for the novice hacker.

Password crackers use programs that repeatedly attempt to log onto a system by using a series of easily guessed passwords, or by using a dictionary as a source of potential passwords. This approach can be defeated, if users follow the guidelines for password selection and security.

Intruders can take advantage of vulnerabilities (such as a configuration error) that grant file access to all users, or make use of "trap doors" originally inserted by system developers to facilitate system maintenance. NIH system administrators are constantly monitoring our computer systems for these types of threats.

Network spoofing is a way for an intruder to gain access. An intruder sets up a program to trick a computer system into thinking it is being accessed by an authorized user. When the user attempts to log onto his or her system, the intruder’s program collects the user’s password and returns a message to the user that the system is unavailable. An intruder’s program can collect hundreds of valid passwords. Although NIH system administrators are continually on the lookout for intrusions, everyone should change the password on a regular basis to help protect against this type of intrusion.

Trojan horse attacks pose one of the most serious threats to computer security, typically disguising themselves as something harmless. A Trojan horse can cause havoc in a number of ways, including sending itself to everybody on an email address book, erasing or modifying files, and downloading another Trojan horse program that steals passwords. Trojan horses can also, by remotely controlling a computer, perform denial of service attacks.

How to Guard Against Intrusion

Federal law prohibits the purposeful alteration, modification or falsification of information stored in NIH computer systems. Although these break-in activities are strictly illegal, legal actions can never restore critical information that has been lost. Protection of NIH computer resources is everyone’s responsibility.

The following basic steps can help guard against illegal intrusion:

•	Create good passwords. (See the online guidance.)
•	Guard your passwords and change them regularly.
•	Never e-mail unencrypted passwords over the network.
•	Be alert to suspicious computer operations and report them immediately to your supervisor.

Computer viruses pose a substantial threat to computer system integrity. Viruses are programs that can "infect " other programs, damage hard drives, erase critical information, and take critical systems off-line. Symptoms of an infected system include:

•	unusual items appearing on the display, including graphics, odd messages, or system error messages
•	corrupted or inaccessible program files, hard disks, or diskettes
•	programs taking longer to start up, running more slowly than usual, or not running at all
•	unexplained decreases in the amount of available system memory

Take Steps to Protect Against Viruses—Now

Once symptoms of infection appear, it may be too late to save your information. The following steps will help users protect against viruses:

•	Do not open e-mail attachments unless you know the sender and are expecting the attachment.
•	Do not use pirated, hacked, or otherwise illegal copies of programs.
•	Do not run programs obtained from unfamiliar Bulletin Board systems or from the Internet without first scanning for viruses.
•	Make sure you log off or lock your system when you leave your desk.
•	Back up your files frequently in case you need to restore corrupted information.
•	Use antivirus software to scan for viruses on all new software—including an "off-the-shelf " product—prior to installing it onto your system.

NIH has site-licensed antivirus software downloadable from the Web [http://antivirus.nih.gov]. For information, consult your institute or center’s help desk, Information System Security Officer (ISSO), or TASC.