Use a firewall

• Network firewalls (whether software or hardware-based) can provide some degree of protection against attacks

• No firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.

Don't open unknown email attachments

• Before opening any email attachments, be sure you know the source of the attachment.

If you must open an attachment before you can verify the source, we suggest the following procedure:

• be sure your virus definitions are up-to-date

• save the file to your hard disk

• scan the file using your antivirus software

• open the file

Don't run programs of unknown origin

• Never run a program unless you know it to be authored by a person or company that you trust

• Don't send programs of unknown origin to your friends or coworkers simply because they are amusing -- they might contain a Trojan horse program.

Disable hidden filename extensions

• Windows operating systems contain an option to "Hide file extensions for known file types"

  • The option is enabled by default, but you can disable this option in order to have file extensions displayed by Windows.

  • After disabling this option, there are still some file extensions that, by default, will continue to remain hidden.

• There is a registry value which, if set, will cause Windows to hide certain file extensions regardless of user configuration choices elsewhere in the operating system.

  • The "NeverShowExt" registry value is used to hide the extensions for basic Windows file types.

    • For example, the ".LNK" extension associated with Windows shortcuts remains hidden even after a user has turned off the option to hide extensions.

Keep all applications, including your operating system, patched

• Look on your vendor's web site for information about automatic notification.

• If no mailing list or other automated notification mechanism is offered you may need to check periodically for updates.

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

• Be aware of the risks involved in the use of "mobile code" such as ActiveX, Java, and JavaScript.

  • A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. Later, when the web site responds to you, the malicious script is transferred to your browser.

• The most significant impact of this vulnerability can be avoided by disabling all scripting languages.

  • Turning off these options will keep you from being vulnerable to malicious scripts. However, it will limit the interaction you can have with some web sites.

  • Many legitimate sites use scripts running within the browser to add useful features.

  • Disabling scripting may degrade the functionality of these sites.

     

    More information on ActiveX security, including recommendations for users who administer their own computers, is available in http://www.cert.org/archive/pdf/activeX_report.pdf

Disable scripting features in email programs

• Because many email programs use the same code as web browsers to display HTML, vulnerabilities that affect ActiveX, Java, and JavaScript are often applicable to email as well as web pages.

• Therefore, in addition to disabling scripting features in web browsers, we recommend that users also disable these features in their email programs.

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised