Windows Vista Security Checklist
To immediately secure your Windows Vista system, take the three steps below:
- Install anti-virus software
If you do not have anti-virus software installed, you may leave your system vulnerable to viruses, Trojan horses, spam, and other intrusions. Students, faculty and staff can download anti-virus software from the BevoWare site. You should configure your software to scan regularly and set your virus definition (DAT) files to auto-update.
- Run the Windows Firewall to protect your machine against Internet attacks and
random network scans.
- From the Start menu, open the Control Panel, and select Security Center.
- Click Windows Firewall.
- Select On.
- Select the Internet Connection Firewall checkbox.
- Run Windows Update and Enable Automatic Updates
You should run Windows Update on your system or visit the Windows Update Web site to install all critical and recommended updates for your system. The ISO recommends that you also
configure Windows Vista to automatically update.
For increased security, you should also take the following steps:
Set strong passwords on all accounts
All users on the UT network are expected to choose
strong passwords and guard them well. If someone else obtains your
password, they can access your private data (including e-mail), alter
or destroy your files and perform illegal or inappropriate activities
in your name. To learn more about choosing strong passwords, visit the Password Dos and Don'ts topic.
Be careful when using peer-to-peer file sharing applications
Although peer-to-peer (P2P) applications such as Napster, Gnutella, iMesh,
Audiogalaxy Satellite, and KaZaA, are a good way of sharing information,
if you do not use them appropriately you may degrade the performance of
the Universitys network, unknowingly share your personal data, inadvertently
violate federal copyright law, or expose your computer to malicious code
use. Read What
You Need to Know about Peer-to-Peer File-Sharing Applications.
Use secure file transfer
When transferring files over the Internet you should always use a secured
connection. SSH and SFTP applications encrypt and protect your passwords
and information. If you use Telnet or a non-secure FTP program,
your information is sent in the clear for anyone to see. SSH and SFTP
clients are available for download on the BevoWare site.
Disable guest accounts
By default, the Guest account is disabled in Windows Vista. However, you may wish to verify this fact, because these types of accounts can provide information to hackers and increase your security risk.
Download the Microsoft Baseline Security Analyzer
Baseline Security Analyzer (MBSA) provides an easy and efficient way
to identify common security misconfigurations on your Windows-based system.
MBSA will scan your operating system and other installed components for
common system misconfigurations and check for missing security updates.
The ITS Web site has a tutorial on running the scan and fixing any problems.
Disable IPv6 support
The majority of networks only support IP version 4 right now. In order to get around this, Microsoft has included several technologies to allow IP version 6 traffic to cross these networks. At this time, there is no good reason to need this functionality. Network services requiring IPv6 are extremely rare.
The methods which Microsoft has chosen have proven to be problematic for several reasons. On a larger scale, networks have become congested with IPv6 traffic from computers running Windows Vista. This results in slower network performance and overwhelmed network services. What you will notice is that tasks that you use the network for, such as checking e-mail and browsing the Web, will take longer than they would if you disabled IPv6 support.
Because of the issues Microsoft’s IPv6 extensions cause, and the fact that IPv6 is not useful at present, we recommend disabling this support until it is actually needed.
For instructions on disabling IPv6:
- Go to the IPv6 for Microsoft Windows: Frequently Asked Questions page.
- Scroll down to the "IPv6 in Windows Vista and Windows Server 2008" section.
- Click "How do I disable IPv6 in Windows Vista and Windows Server 2008?."