Following is a list of “best
practices” for Windows users. We recommend WindowsXP for all remote Windows
users.
The RUNSAFE site (http://www.jmu.edu/computing/runsafe)
provides additional detail and instructions to help make your computing
experience as safe as possible.
-
Use the NTFS File System
-
Keep your operating system patched
-
Apply security patches for other software such as Office, instant messaging software, etc.
-
Run the JMU-provided Symantec AntiVirus software that auto-updates itself, is supported, and is provided for free
-
Require a password to use the computer; set password policies and enable account lockout
-
Do not share passwords between accounts or people
-
Disable password caching
-
Disable remote login to administrator account
-
Disable any unnecessary accounts on the computer (e.g. Guest)
-
Create strong passwords for all local and remote accounts including shares (especially accounts with administrator-level privilege)
-
Use a firewall (either hardware or software)
-
Configure Windows to show full file names with extensions
-
Set up Internet Explorer so trusted sites are in the trusted zone and set the security level for the Internet zone to high
-
Setup and use a non-privileged account on the computer for general work
-
Disable file and printer sharing
-
Turn on auditing and increase security event log size
-
Keep important files backed up
-
Ensure you are complying with the Data Stewardship Policy for any JMU data you access (http://www.jmu.edu/JMUpolicy/1205.shtml)
Keep computer turned off when not in use -
Be cautions about entertainment and shared use. Children and other users should have restricted accounts. Entertainment and non-business use should be minimized (music, streaming media, games, etc.) This is particularly important if you access sensitive information (e.g. elevated privilege accounts, confidential student/employee information, critical processes like payroll)
-
Under no circumstances should remote access to sensitive accounts be performed from computers whose security, maintenance, or installed software is unknown (kiosks, labs, internet cafes, hotel computers, neighbors, etc.)
-
Downloaded software, utilities, enhancements, patches, etc. should only be installed from trusted vendor and distribution sites