16 November 2006 - Must read: Windows Users
Please practice these security measures on your PC:
1. My suggestion/request/recommendation, whatever you may call is that all windows users should now switch to Windows XP service pack 2, unless you have some critical applications which only work on earlier versions. Though XP is prone to attacks but at the same time if you follow a few security measures, which is given in the following discussion, it is much more secure than earlier versions of windows (98/Me/2000/NT)
2. All Windows NT/2000/XP users MUST put a password for all users on the machine. This means that when you start your computer your computer should require you to authenticate by giving a login and password prompt. By default the Windows XP computers are configured in such a way that it logs you automatically in. Also, File and Printer sharing is by default on. So this means that any person with a very basic knowledge of Windows can access your secret information without your knowledge.
To create a password in Windows XP (NT and 2000 are quite similar), go to Control Panel, switch it to Classic View, then go to “Administrative Tools”->”Computer Management”. Find “Local Users and Groups” on the left pane, expand it by clicking on the + sign, then click on “Users”. Confirm that the guest account is disabled. If not right click on “Guest” and go to properties and check the box “Disabled”
Next, for each user, including Administrator but excluding “Help assistant”, Support _386” and “ASP.NET” right click and select “set password”. Type a STRONG password DIFFERENT from your CC password and confirm it.
3. It is very essential that now all windows XP users in campus should be using Service Pack 2. If still you have not updated your PC please download windows XP service pack 2 from ftp://ftp.cc.iitk.ac.in/pub/windows/Updates/WindowsXP-KB835935-SP2-ENU.exe If you are not sure whether your PC has service pack 2 installed type “winver” on Start->Run and press enter. You will be shown the version of windows you are using.
4. Please make sure that firewall is enabled on your XP computer. To do that go to Control Panel, switch to classic view, double click Windows Firewall. On the “General” tab, make sure that the radio button “On (recommended” is selected. Next go to “Exceptions” tab. Uncheck all check boxes corresponding to entries which you do not use, especially “File and Printer Sharing” and “Remote Desktop” if you do not use these.
5. This part is only for users who use “Remote Desktop” feature of XP. Users who use “Remote Desktop” to access, for example, their office computer from home PC should take this extra precaution. Of course you will have to check mark “Remote Desktop” in the exceptions but then you should limit the scope to known PCs. To do that go to “Exceptions” tab, check mark the “Remote Desktop” check box and then click Edit. Check the check box TCP 3389 and click “Change Scope”. Change the radio button from “any computer“ to “Custom List”. Type the IP address(es) from where you would like to access this PC from remote. More than one IP addresses can be given, separated by comma. (This means that you type the IP address of your home PC here). This will make sure that only your home PC, or a few known PCs is/are allowed to open a remote desktop session to your office PC. Students normally access their hostel PC from Lab PCs and vice versa. This same logic applies to them.
6. All windows users in the campus are requested to use one uniform antivirus (CC recommends Nod32, download and configuration information available here: http://www.iitk.ac.in/nt/mailimages/Nod32.htm
7. CC also recommends putting a good anti-spyware program. Please see here for details: http://www.iitk.ac.in/nt/mailimages/latest.htm (see dated 10 Nov 2006)
8. Regular backup is highly recommended by CC. Please use one of these software to maintain your backups. These will be discussed in detail in the next mailing
To download these software go to http://www.iitk.ac.in/nt/ftp and search for “CPP” and “Allwaysync”