If your computer is insecure, you are putting not only your own work or data at risk but also that of others on the network. Following the steps outlined in this section will improve the overall security of your computer.
If you are in a Duke department or school with technical support staff, always consult them about the preferred practices in your area. (Don’t forget to secure all operating systems on your computer – if you have a Mac that runs Windows, secure both.)
If an unsecured computer is lost or stolen, anyone could access all the data on it and all the data to which it has access, unless it is protected with strong passwords.
That's why your computer must be configured so that when it starts up, you need to enter a password. This should be a strong password that is only used by you. It must be a password that is different from your NetID password. These requirements apply to all accounts on the computer. Any access to your system must be protected by a strong password.
For more information on creating strong passwords, see our Password Security page.
Without up-to-date software, an average computer connected to the Internet can be compromised in less than a minute. So, a very important step to securing your computer is making sure you always have all the current updates to key software packages installed. This includes your operating system, web browser, email program, all other applications that connect to the network, and Microsoft Office. For automatic updates to work properly, you must only use legal copies of software. The Duke Computer Store can provide discounted licenses for some Microsoft products.
This also includes your anti-virus software and any anti-spyware software you may have installed. Always run anti-virus software configured for daily updates and active monitoring. Duke provides McAfee AntiVirus software for Windows and Virex AntiVirus for Macintosh. This software is free to members of the Duke community through a university site license.
Protect your computers at home too! Current faculty, staff, and students are eligible to install the McAfee or Virex software on their home computers.
All computers connected to the Internet are continuously being probed and scanned for vulnerabilities that might allow a virus, worm, or hacker to cause damage or take control. Firewalls can block unwanted network traffic that you don’t need or that could pose a threat. Running a firewall on your desktop or laptop computer is one of the best things you can do to protect your computer.
Unless your computer is in a secure, private space accessible only by you, you must run a screen saver that will, after a short period inactivity (5 to 10 minutes), automatically lock your screen and require a password to unlock it. This is necessary because an unauthorized person could see sensitive information or exploit the access to your computer.
Make a habit of locking your computer every time you leave it, so when you are ready to use it again it asks you for your password to log in. This will prevent someone from sneaking on to your computer and stealing data or impersonating you. (This will be the same account password recommended above, not an additional password.)
When you log in to your computer with a user name and password, you are using a specific account. The type of account determines what privileges you have on the computer, like whether or not you can install new software or change system settings.
An account that grants full privileges to make changes is generally called an "administrator account," and one that grants only restricted privileges is a "user account."
In your daily work, you should use a less privileged user account. If your computer is infected by a virus or suffers some other form of attack, the damage can be much greater if you are using an administrator account. Just as a user account restricts what changes you can make to your computer, it also limits what an attacker can do. This safety measure is especially important due to the proliferation of malicious web sites that try to install software without your knowledge, so-called "drive-by downloads."
For most people, the need to install software or make other changes to the system is infrequent enough that switching to a privileged account for such tasks should not be a burden. Whatever inconvenience this may cause is greatly outweighed by the protection you enjoy when using a normal user account.
Depending on the practices of your department, you may already be using a less privileged account. Check with your local IT support to see what your options are.
You may use a smart phone (like a Treo or Blackberry or iPhone), a PDA (personal digital assistant) or some other mobile device at work. While such devices cannot be secured in the same way as your desktop or laptop computer, you should still take some precautions.
Since smart phones and PDAs are susceptible to a few viruses and similar threats, you should make sure your software is always up-to-date.
If there is information that you wouldn't want others to find if you lost your smart phone or PDA, you should set a password that has to be entered before the device can be used.
Do not store protected information on your work or home computers, or on smart phones, PDAs, thumb drives, or other devices. Duke has created an Information Classification Framework to help Duke users understand what institutional data needs to be protected. In addition, you should take precautions to protect your own private information so that it is not accessed without your permission.
This checklist is intended to address some configuration issues for improving the default security of your wireless connection on a home router. For a faq about wireless connectivity on Duke's campus, see the OIT faq.