Safe Computing Guidelines

Securing your personal computer and other mobile devices
If your computer is insecure, you are putting not only your own work or data at risk but also that of others on the network. Following the steps outlined in this section will improve the overall security of your computer.

If you are in a Duke department or school with technical support staff, always consult them about the preferred practices in your area. (Don't forget to secure all operating systems on your computer - if you have a Mac that runs Windows, secure both.)


Set a Strong Password for Access to All Computers
If an unsecured computer is lost or stolen, anyone could access all the data on it and all the data to which it has access. Protect your devices with strong passwords.

Your computer must be configured so that when it starts up, you need to enter a password. This should be a strong password that is only used by you. It must be a password that is different from your NetID password. These requirements apply to all accounts on the computer.

For more information on creating strong passwords, see our Password Security page.

Keep Your Software Updated
Without up-to-date software, an average computer connected to the Internet can be compromised in less than a minute. Make sure you always have all the current updates to key software packages installed. This includes your operating system, web browser, email program, and all other applications that connect to the network. For automatic updates to work properly, you must only use legal copies of software. The Duke Computer Store can provide discounted licenses for some products.

This also includes your anti-virus software and any anti-spyware software you may have installed. Always run anti-virus software configured for daily updates and active monitoring. Duke provides McAfee AntiVirus software for Windows machines and for Macs. This software is free to members of the Duke community through a university site license.

 

(Don't forget to secure all operating systems on your computer - if you have a Mac that runs Windows, secure both.)


Protect your computers at home too! Current faculty, staff, and students are eligible to install the McAfee software on their home computers.If you use a personally-owned computer to connect to Duke resources and networks, you must secure it.

Enable A Firewall
All computers connected to the Internet are continuously being probed and scanned for vulnerabilities that might allow a virus, worm, or hacker to cause damage or take control. Firewalls can block unwanted network traffic that you don't need or that could pose a threat. Running a firewall on your desktop or laptop computer is one of the best things you can do to protect your computer. Mac and Windows machines have firewall capabilities built in, but you will need to configure them.

Set Your Screen to Lock Automatically
Unless your computer is in a secure, private space accessible only by you, you must run a screen saver that will, after a short period of inactivity (5 to 10 minutes), automatically lock your screen and require a password to unlock it. This is necessary because an unauthorized person could see sensitive information or exploit access to your computer.

Make a habit of locking your computer every time you leave it, so when you are ready to use it again it asks you for your password to log in. This will prevent someone from sneaking on to your computer and stealing data or impersonating you. (This will be the same account password recommended above, not an additional password.)

Use a Less Privileged Account
When you log in to your computer with a user name and password, you are using a specific account. The type of account determines what privileges you have on the computer, like whether or not you can install new software or change system settings.

An account that grants full privileges to make changes is generally called an "administrator account," and one that grants only restricted privileges is a "user account."

In your daily work, you should use a less privileged user account. If your computer is infected by a virus or suffers some other form of attack, the damage can be much greater if you are using an administrator account. Just as a user account restricts what changes you can make to your computer, it also limits what an attacker can do. This safety measure is especially important due to the proliferation of malicious web sites that try to install software without your knowledge, known as "drive-by downloads" or "drive-by attacks".

For most people, the need to install software or make other changes to the system is infrequent enough that switching to a privileged account for such tasks should not be a burden. Whatever inconvenience this may cause is greatly outweighed by the protection you implement when using a normal user account.

Depending on the practices of your department, you may already be using a less privileged account. Check with your local IT support to see what your options are.