Infosec
English 繁體版 简体版 Text Only Version

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
Infosec

Navigation Menu 2
Home > Common Best Practices PrintPrint
 

General Information  

 
 

Common Best Practices

The following best practices can protect your computer(s) more effectively against virus and malicious code attacks:

Guidelines and Tips

Do's

  • Do install an anti-virus program to protect your machine and make sure that an up-to-date virus signature file as well as the detection and repair engines have been applied. There are security products that can provide anti-virus abilities, while at the same time provide other security features such as a personal firewall, anti-spyware, and anti-phishing features etc. These products are sometimes branded and packaged under different names such as an Internet security package. You should select an anti-virus software package which fits your needs.

  • Do install and enable a personal firewall.

  • Do enable and properly configure real-time detection to scan your machine for computer viruses and malicious code running active processes, executables and document files that are being processed.

  • Do ensure that your computer has the latest security patches to reduce the chance of being affected by fraudulent emails or websites riding on software vulnerabilities. This also helps to protect your computer from other security or virus attacks. Many software packages and operating systems now have an auto-update feature. You may consider having these enabled to ensure your system is kept up-to-date automatically.

  • Do schedule a daily scan to check for viruses. The scheduled scan could be done during non-peak hours, such as during lunch-break.

  • Do check all removable disks and files downloaded from the Internet (especially those from an unknown origin) with anti-virus software before using them.

  • Do stop all activities on a computer if it becomes infected by malicious code. Continuing to use an infected computer may help further spread the virus or malicious code.

  • Before installing any software, do verify its integrity (e.g. by comparing checksum values) and ensure it is free of any computer virus or malicious code.

  • Do backup your programs and data regularly. Recovery from a clean backup is the most secure way to restore the files after a virus attack.

  • Do learn about Internet fraud. The Hong Kong Police provide tips on preventing technology crime.

  • Do learn to protect yourself from visual spoofing. Some criminals try to use visual spoofing techniques to collect personal information or make you believe you are installing and accepting software / plug-ins / active content from a safe source.

  • Do constantly be aware of any suspicious activities. For instance, check if there are any abnormal activities on your computer, such as abnormal hard disk usage, abnormal Internet traffic etc. Abnormal activities may be a symptom of a malicious code infection.

  • Do enable security protection of your applications and software. Many software packages, such as browsers, email applications, spreadsheets, and word processors come with security features. You should make sure they are properly configured.

Don'ts

  • Don't use software from a dubious source under any circumstances.

  • Don't visit suspicious websites.

  • Don't execute any attachment in an email or instant messaging client unless you are sure what it will do. Beware of viruses that come as email or instant message attachments from unknown sources. Some viruses / worms will disguise themselves as a greeting card or message.

  • Don't relax your file access permissions or use personal passwords when you are connecting to the Internet from public or insecure computers, unless absolutely necessary.

Further Tips for Network / Gateway Administrators

  • Put in place a robust IT Security Policy or framework.

  • Ensure that the IT Security Policy, particularly the use of freeware and/or shareware, is properly communicated to all users.

  • Monitor and regularly review audit trails for suspicious activities such as a sudden surge in network traffic.

  • Put in place security protection at the Internet gateway. For example, install anti-virus and content filtering controls for all incoming and outgoing messages and files to guard against malicious content. The gateway should be configured to stop, quarantine or drop messages or files with malicious content. There should also be proper logging for subsequent reference purposes.

  • Put in place security measures against zero-day malicious code attacks where corresponding virus definitions may not yet be available. Automatic or manual filtering mechanisms should be established to identify and block suspicious traffic from malicious codes.

  • Ensure all workstations have anti-virus software installed with the latest virus definitions and detection and repair engines. Virus signatures and malicious code definition updates should be applied automatically and the update frequency should be at least daily. If automatic updating is not possible, manual updates executed at least once a week and whenever necessary should be performed.

  • Perform a full system scan on all new computers before they are allowed to connect to your corporate network.

  • Apply, as far as practical, the same information security requirements and procedures on systems under development or being used for testing purposes.

While managing servers, LAN/System Administrators should observe the following security guidelines:

  • Always boot the server from the primary hard drive. If a machine needs to be booted from removable storage media such as floppy diskettes, USB thumb-drives, USB hard drives, CDs or DVDs, it must be scanned for computer viruses before booting. This can eliminate the chance of boot sector viruses from infecting the server.

  • Protect application programs running on the server by using an access control facility, e.g. directories containing applications should be set to 'read only'. In addition, access rights, especially the rights to 'Write' and 'Modify', should only be granted on a need-to-have basis.

  • Consider using a document management solution to share common documents so as to minimise the propagation of infected files in an uncontrolled manner.

  • Scan all newly installed software packages before they are released for public use.

  • Preferably, schedule a full-system scan to run immediately after a file server has started-up.

  • Perform regular data backup and recovery.

  • Check all backups regularly to ensure they can be restored when needed.

In addition, LAN/System Administrators should keep abreast of the latest security advisories and educate users on the best practices to protect against computer viruses and malicious code:

  • Subscribe to notifications / advisories to receive critical computer virus /malicious code alerts at the earliest possible opportunity.

  • Promptly disseminate all computer virus alerts to every end-user and take necessary action to mitigate the problem.

  • Educate users on understanding the impact of a massive computer virus attack, recognising ways computers can become infected with viruses and malicious codes in order to prevent virus infections, (e.g. educate users that a sender of an email containing a computer virus or malicious code could have forged their identity as a friend or colleague).

Detection and Recovery

The following symptoms may indicate a computer is infected with a virus or malicious code:

  • A program takes longer time than usual to execute.

  • A sudden reduction in system memory or available disk space.

  • A number of unknown or new files, programs or processes on the computer.

  • Popping up of new windows or browser advertisements.

  • Abnormal restarts or shutdowns of the computer.

  • An increase in network usage.

If a computer is suspected to have been infected with a computer virus or malicious code, users should stop all activities. Continuing to use an infected computer may help spread the virus or malicious code further. Users should report the incident to the management and LAN/System Administrator immediately. Users should also try to use any installed anti-virus software to clean the computer virus on their own. Clearing a computer virus or malicious code does not necessarily imply that contaminated or deleted files can be recovered or retrieved.

The most effective way to recover corrupted files is to replace them with original copies. Therefore, regular backups should be done and sufficient backup copies should be kept to facilitate file recovery whenever necessary. After clearing a virus from a computer, users should perform a complete scan on the computer and other removable storage media to ensure that everything is virus-free. Failure to do this may lead to a resurgence of the computer virus.

  
 
     
Back back to topTop
 

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
 

Copyright 2002. The Government of the Hong Kong Special Administrative Region.
General Users Youngsters & Students Parents & Teachers IT Professionals SME