Steps Before Connecting to the Network

What should be accomplished prior to connecting a new computer to the network/Internet is as an important security measure as any other maybe more. According to research a computer can be infected with malicious software within 12 minutes of connecting to the Internet. Once infected it can be almost impossible to get the computer clean again with out doing a complete re-install of the operating system.

It is a natural tendency for a user to want Internet access almost immediately but it is prudent to restrain that urge until you complete at least the following recommendations before plugging in that network cable.

The following recommendations are for the Windows system since it is the predominant operating system installed on today's computers. Take the necessary steps to protect yourself and your computer before you start web surfing.

Software Removal

Most new computers come with a plethora of software that usually expire within sixty days unless you make a purchase. If you do not plan on using that software then you need to remove it immediately. Remove all promotional applications installed on the computer. Make sure you do not remove programs that come with the system you purchased. An example is the toshiba computer system. Toshiba installs their own management software in their computers in lieu of the Microsoft version. Do some research on your new system so you don't inadvertently remove the wrong software package.

Harden the Operating System

This is crucial! Windows operating systems come with a variety of services that run by default. If the service is not needed then turn it off, disable it, or remove it as applicable. The less unnecessary services/software running on your machine the less avenues a hacker can use to compromise your system. (See Hardening)

IDS (Intrusion Detection Systems)

Intrusion Detection Systems are those systems implemented that provide a wall between you and those on the Internet with malicious intent. An IDS for the host based system (that is your computer) consist of a firewall, anti-virus program, and spyware protection systems. There are other forms of protection but these are the necessary ones for minimal security. Installing all the programs and being ready to perform updates immediately upon network connection is a very important step. Make sure you complete this list of steps before connecting but when you do make sure the update of these programs starting with the firewall and anti-virus programs is FIRST!

Before installing third party IDS turn off the Microsoft firewall and other security suite settings (see Microsoft Security (XP systems)).

After installing the firewall make sure you set it to its highest security setting. This is a little troublesome in the beginning but will quiet down after you initial settings are implemented. Set it to update automatically on a daily basis.

Set the anti-virus program to update automatically on a daily basis and to do a complete scan at least weekly.

System Accounts

The windows system comes with a variety of user and group accounts. Start off by creating and implementing a password for the Administrator account then rename it to some innocuous name. Then create a user account named Administrator with absolutely nor privileges or permissions and make sure you give that account a good password as well.

Set a good password for all the other accounts on the user account list. DO NOT MAKE ALL THE USER ACCOUNTS PASSWORDS THE SAME!!!!!

Create all the user accounts for persons accessing this computer and make sure you set a good password. Remember that the first line of defense for most networked systems is a authentication method using passwords. The authentication method is only as good as the password set for it. If the password is easy to guess or crack then it is that easy for the hacker to access the system and anything connected to it.

Login Settings

Change the login settings for the operating system so that all users are required to login with the user name and password. Later you will want to establish the habit of locking your computer system each time you walk away from it. You will also want to set the screen saver so it will come on after five or ten minutes of idle time and require the login password to shut off the screen saver.

Printers

If the printers are connected directly to the computer you can install these now. If they are networked printers then wait until you have done everything else to protect your system and only then install them.

Router Firewalls

As an additional security measure you should install a router with firewall (hardware firewall) on your system. A router with firewall is a good idea for you home connection if you use DSL, etc. The router firewall runs like a NAT server which is configured with your TCP/IP information and then assigns a private IP address to your computer. This method hides your computer from the internet and the only thing a hacker will encounter is the router hardware firewall.

An ethernet router with firewall are inexpensive and the investment makes it more that worth it.

Sensitive Data Protection

If this system is to store any sensitive and/or restricted data then you need to set up its protection prior to connection to the internet. The windows system comes with its own protection called EFS (Encryption File System) Make sure you implement it immediately.

Set the TCP/IP Configuration

Go into the operating systems TCP/IP settings and set the appropriate information so when you do plug in the connection you will have access to the internet/network.

System Restore Point (XP Systems)

System Restore Points are a windows feature that allow a user to back out changes made to the operating system when it becomes corrupted, etc say after installing a new program or hardware device. If the system becomes unbootable then you can go back to a point prior to the problem and bring your system back to life. Make sure you create this restore point prior to connecting to the internet as the updates you will need to implement for the firewall, antivirus, sypware programs and the windows operating system could cause your system to die.

Lets Connect and Update

All things being equal and done correctly (you may want to go back and check everything) it is now time to connect. Make sure your computer is up and running, you are logged in, and you have the firewall open on the desktop (you are going to upgrade this one first). Go ahead and plug in your network cable to the NIC (Network Interface Card) on your machine.

Now, click the update feature on your firewall (if the firewall and anti-virus are a security suite such as Zone Alarm or Symantec then both will be updated) and wait for the program to update itself.

After updating the firewall and anti-virus program run updates on all your spyware programs.

Run Internet Explorer and install all the operating systems critical security updates/service packs. This is a requirement and for UCB the minimum security standards. When done with the O/S run the update feature for installed Microsoft programs such as MS Office Professional.

After updating the operating system and the programs check your operating system security feature to ensure you have the O/S firewall etc turned off.

Done?

Did you update everything? Go back and check it all.