|Computer security breaches can be prevented with proper vigilence.|
Spring is just around the corner. It brings warm weather, with Fermilab employees shedding their winter wear after months of cold. While you recover from the chill, there’s a fresh batch of things to think about, from seasonal allergies to sunscreen. Even though the season changes, you still need to protect yourself and those around. This should extend to your computer, as well.
Your computer probably has old software no longer needed or sorely out of date and in need of freshening up. Leaving software installed that is no longer needed, or not keeping it updated to the latest versions, clutters up your hard drive. It also makes it extremely easy for attackers to compromise your computer. A simple email containing a malicious attachment can take advantage of old software to control your computer. Every day, your email is bombarded with fake emails with attachments posing as pictures, documents or movies, all of which are carefully designed attempts to exploit holes in your software.
We are constantly under attack. In the last week alone, we have received six new alerts from DOE about new security vulnerabilities and ongoing attempts to exploit these vulnerabilities. Also in the last week, another DOE laboratory suffered penetration of its cyber infrastructure by malicious outsiders. Our chain of defense is only as strong as the weakest link, which can be any single user on site running vulnerable software. One such example is Fermi Scientific Linux version 4, for which the vendor no longer distributes security patches.
To aid the defense, take care when opening emails and attachments. Keep your antivirus software running and updated. Be sure to routinely apply patches to your computer by enabling automatic updates or by visiting your operating system and software vendors’ websites. Be particularly careful of third party software (Flash and other Adobe products, for example), which are often not automatically updated.
A lot of software has a menu option to check for updates, which makes the process easier. If you are unsure if you are running latest software versions, ask you system administrator to check. You can find out who that is by going to the Computing Sector website and clicking “Verify your node registration.”