Follow secure computing practices
The following are good security practices that will help protect you and your computer.
- Do backups regularly
- Check for secure connections before entering sensitive information
- Completely quit your browser after connecting to sites that require logging in
- Control network shares by setting permissions and groups
- Set a password for your account
- Set administrator passwords
- Use a screensaver with a password
Do backups regularly
No matter how carefully you work to protect your computer, bad things can happen. Regularly making backups is one of your best defenses against loss caused by viruses, worms, or software and hardware failure.
- Settle on one method for doing backups, such as using the backup utility that comes with your operating system. Other excellent utilities are also available. The point is to pick one, learn about its features, and use it in a consistent manner.
- Do your backups on a regular schedule. How often you do backups depends on how much your files change, but once a week or once every other week is a good interval for many people.
- Keep copies of the backups off-site. Your diligence in doing regular backups is wasted if you keep them next to your computer and you have an office fire.
- Important Note: Backups, which are usually done to support recovery in the event of an accident, attack, or disaster, do not meet the requirements for records retention. You should have an additional systematic process for copying records to a secure yet readily accessible location and a schedule for eliminating records that are no longer needed.
Check for secure connections before entering sensitive information
Protect the personal information you submit via the Web by ensuring that there is a secure mode symbol in the bottom bar of your browser, and that the Location or Address bar on your browser begins with "https:" (rather than "http:"), indicating that your data will travel over a secure channel. When both are showing, the information you submit in the form will travel over a secure connection from your browser to the server. All official UW Web pages that prompt for your UW NetID and password operate on secure servers, so when you connect to those pages you should see the secure mode symbol. If you do not see the correct symbol, the page may be a fake and you should carefully recheck the URL. If you suspect that a fake page is requesting your UW NetID and password, contact help@u.washington.edu immediately.
| Browser | Insecure Mode | Secure Mode |
|---|---|---|
| Internet Explorer | None |  |
| Netscape 6 |  |
 |
| Netscape 4, 5 |  |
 |
| Netscape 2, 3 |  |
 |
Completely quit your browser after connecting to sites that require logging in
Browsers remember your ID and password until you completely quit the browser. Simply closing the window you logged in to the service will not clear its memory. You must close all windows of the browser program and quit the program itself.
Otherwise, after you leave your computer, someone could bring up one of the unclosed windows, go to the service, and get in without being prompted for an ID or password. The browser will thoughtfully provide the ID and password from its memory.
In a related situation, anytime you have to give your UW NetID and password to get into a computer, such as in a computer lab or when using a kiosk, you should go through the complete logout and exit process before leaving the computer. DO NOT just walk away from your session.
Control network shares by setting permissions and groups
With networked computers, it is easy to allow others to connect to your computer and share your files. For example, in all versions of Windows you can turn on file sharing in the Network control panel.
Any computer connected to the Internet or to a local area network is vulnerable to viruses if file sharing is turned on and care has not been taken in setting file and directory permissions.
In general, do NOT turn on file sharing unless you need it and be sure that the files being shared do not include private information, such as passwords or credit card numbers. When the need to share files is over, turn off file sharing.
Methods for controlling file sharing and permissions vary with different operating systems. In Windows XP Home Edition, for example, shares go through the Guest account. By setting the privileges of the Guest account, you can control whether files can be read, created, changed, or deleted.
Set a password for your account
Windows 2000, Windows XP, and Macintosh OS-X have methods for setting passwords for each user account. By setting passwords on all accounts you prevent someone from simply walking up to your computer and using it. In addition, each of these operating systems has methods for "locking down" folders so that only their owner can access them.
Set administrator passwords
Operating systems like Windows 2000, Windows XP, and Macintosh OS-X and many network programs (such as servers) arrive with a default password set for the administrator, or no password set at all. It is very important to promptly change the administrator passwords to a good, difficult-to-guess password. Many viruses check for default or unset passwords. When a virus or hacker gains access to an administrator account, it is particularly serious because such accounts have powerful privileges.
Use a screensaver with a password
Password protected screensavers offer a simple method to prevent someone from using services you are logged into when you are not at your computer.
It is important to understand that such screensavers do not provide much protection for your computer by themselves. An intruder could simply turn the computer off and on again and start using your computer, unless you have set passwords on the computer's accounts. However, turning the computer off would exit any services you have logged in to, thus preventing the intruder from using those services in your name.
