Using Software

A wide range of software can provide tools for ensuring information security.

Dos

• Use anti-virus software with frequent updates.
  
• Scan floppy disks, compact disks and other storage media, especially those from unknown sources, before use.
  
• Consider installing/enabling security measures such as a Personal Firewall to protect your computer if it has a broadband connection to the Internet.
  
• Apply updates and patches to your computer to fix known security vulnerabilities in a timely and responsive way.
  
• Perform regular back-ups on your system and data and store the backups securely. Recovery from a full backup is the most secure and effective way to recover any lost configurations and data.
  
• Install software according to installation instructions.
  
• Use software according to license terms and agreements.

Don'ts

• Don't use illegal software and programs or those from untrustworthy or doubtful sources.
  
• Don't download programs without permission of the copyright owner or licensee.

Guidelines for using Open Source Products

Open source software usually refers to software whose source code is open and available to anyone to study, use and adapt. Open source software is gaining in acceptance, even in enterprise environments.

To use open source software safely, the following are general security tips for your reference:

• Download open source products only from trusted sites, such as the official website of the software developer, to avoid potential risks caused by malicious code.
  
• Download the source code rather than a compiled package. In this way, the source code can be verified against the MD5 / SHA-1 checksums provided, analysed for security vulnerabilities, and then compiled for your own specific needs.
  
• Study the product's documentation carefully for explanations regarding secure configuration.
  
• Check whether there is any process for reporting a discovered vulnerability of the product, and ensure that security issues are well maintained and addressed.
  
• Regularly examine common security vulnerability databases, such as CVE (Common Vulnerabilities and Exposures), for publicly-known information on security vulnerabilities of the open source product your organisation is using.

If your organisation is using open source software, you should also consider the following:

• Set up a well-documented security policy and ensure the policy is strictly adhered to. This policy should be revised as business needs change.
  
• Adopt a "Defence-in-Depth" strategy so that various threats at various levels right from the open source product to the network can be tackled effectively.
  
• Provide appropriate training to in-house staff for the support and maintenance of the open source product. Get proper documentation done for all practices and configurations to avoid problems that might arise due to job rotations or employment termination.