Previous Page | Next Page

  1. Introduction
  2. Your Needs
  3. What to Protect
  4. Security Policies
  5. Security Policy Requirements
  6. Incident Procedures
  7. Security Categories
  8. Software Vulnerability Control
  9. Hostile Software
  10. Network Layout
  11. Traffic Filtering
  12. Mail
  13. Firewall Protection
  14. Network Intrusion Detection
  15. Network Port Scanning
  16. Network Tools
  17. Passwords
  18. Types of Attacks
  19. Protocol Use
  20. Entry Points
  21. Cost
  22. Application Level Protection
  23. System Protection
  24. User Issues
  25. Other Recommendations
  26. Terms
  27. Credits

System Protection

  • No networked computer without operating virus detection software shall be operated. Virus detection software shall be updated a minimum of once per month and a complete system scan for viruses shall be done at least once per month.
  • No unprotected shares
  • Disable ActiveX code in all web browsers.
  • Standard settings on web browsers for Java and Javascript code.
  • Systems should be set not to hide file extensions for known file types. If hiding extensions for known file types is allowed, an attacker can disguise a file with a name like "FRIENDLYFILE.TXT.exe". This file will appear to be a text file to a user. If the user attempts to open it, it can be run in their system, and... To set this correctly, do the following:
    1. Open "My Computer".
    2. On the menu, select "View" and "Folder Options".
    3. Select the "View" tab.
    4. Uncheck "Hide file extensions for known file types".
  • Disable/remove Windows Scripting Host (WSH)
    1. Click on "Settings"
    2. Select "Control Panel"
    3. Click "Add/Remove"
    4. Click on the "Windows Setup" tab.
    5. Click "Accessories".
    6. Uncheck "Windows Scripting Host" and click "OK".