Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
    Network Setup
   Security
   Software
   Printing
   File Storage
Unix/Linux System
Pangea Server
School Resources
Using Unix

Run a security analyzer to test your computer

last revision August 10, 2004

Steps to secure your Windows PC:

  1. Use strong passwords
  2. Install security patches
  3. Share files correctly
  4. Use anti-virus software
  5. Protect against email viruses
  6. Install PCLeland
  7. Minimize open network services
  8. Run a security analyzer
  9. Do regular backups
  10. Apply special Windows XP fixes
 

Stanford's Information Technology Systems and Services (ITSS) department has created a Security Self-Test Utility for Windows. Anyone who is connecting a Windows PC to the Earth Sciences network is required to download and run this tool, and then to correct any serious problems (red X marks) that it finds. This tool does very basic tests for such items as Administrator accounts with no passwords, open guest accounts, and whether you have Norton Anti-Virus installed and up-to-date. After running the basic test, which only takes a few seconds, you are encouraged to run the Full Password Check, which checks your account passwords against a list of about 3000 common passwords that are easily guessed. This check can take several minutes, but could save you from being hacked.

Microsoft has recently released a Baseline Security Analyzer tool to examine Windows NT, 2000, or XP computers for security vulnerabilities. This will first check to make sure that you have correctly installed all Windows security fixes. It will then examine many of your specific system configurations, such as guest account status, file sharing status, non-existent or trivial account passwords, which network services are turned on, etc. It will indicate which settings are potential security holes. In all cases, it offers complete explanations of the scanned items and how to fix the problems that are found. Run this after you have taken all the steps listed above to secure your computer. Request help via HelpSU from our desktop support consultant if you don't understand the recommendations. Users of Petroleum Engineering department supplied computers should consult Nick Petalas first before making any changes to the registry, services, accounts, or file shares.

You can also run a network scan of your Windows system to find out which ports and services are visible on the network, and thus potential points of attack for a hacker. Gibson Research Corporation provides a free testing service called ShieldsUp!. Start at http://grc.com and click on the ShieldsUp! link. When you get to the ShieldsUp! page, click on the Probe My Ports! button. This page will launch a network probe of your computer and display results indicating which service ports are open and accepting connections. This can be useful to tell you, for example, that you may have a telnet or web server running on your PC.

Be cautious about implementing any of Gibson's recommendations for closing open ports. Some of his recommendations conflict with needed settings for the Stanford network. For example, he recommends removing NetBIOS over TCP/IP, which will prevent outside hackers from probing for insecure file shares. But this will make a computer that is part of a Windows NT domain, such as those in Petroleum Engineering, completely unusable (can't even login). For stand-alone computers, disabling NetBIOS over TCP/IP will prevent you from accessing any campus file servers. Similarly, Gibson says that the IDENT service is unnecessary and should be blocked by a firewall. But at Stanford, this is the port used by PCLeland, which is essential. If you run this test on a Stanford computer and are concerned about the results, enter a HelpSU ticket to ask for recommendations from our desktop support consultant, or consult Nick Petalas if you are using a Petroleum Engineering department supplied computer.

 


Comments?

Stanford University    |