BEST PRACTICES

3.14 Understanding patches, upgrades, versions and installing them

Patches

A patch (sometimes called a "fix") is a quick-repair job for a piece of programming.

It is also called a service patch, a fix to a program bug. A patch is an actual piece of object code that is inserted into (patched into) an executable program. Patches typically are available as downloads over the Internet.

A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker's Web site.

system security patches

server operating systems are primarily software based and are constantly being upgraded. Some of the software upgrades become available in the form of "patches"

or small sets of software code. Security updates, or patches, need to be kept current.

Upgrades

A new version of a software or hardware product designed to replace an older version of the same product. Typically, software companies sell upgrades at a discount to prevent users from switching to other products. In most cases, you must prove you own an older version of the product to qualify for the upgrade price. In addition, the installation routines for upgrades often check to make sure that an older version is already installed on your computer; if not, you cannot install the upgrade.

Versions

Version is a state of an object or concept that varies from its previous state or condition. The term "version" is usually used in the context of computer software, in which the version of the software product changes with each modification in the software. Revision control is very useful for keeping track of different versions of information.

3.15 General Security Concepts

Computer security is a field of computer science concerned with the control of risks related to computer use.

A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied access accordingly.

Criticality of Password

Password Security: Appropriate security and access controls based on the criticality of the system must be implemented and enforced to protect passwords that provide access to network resources. The following password strength rules are minimum requirements that must be followed by the user and enforced as far as possible by the system for any system active in the network in which accounts are provided.

Encryption of Passwords: All passwords stored on a system must be encrypted.

Forming New Passwords

The following format restrictions are designed to help prevent passwords from being compromised.

• Passwords must be a minimum of 8 characters.

• Passwords must incorporate at least 3 of the following: upper case, lower case, numbers, and special characters (i.e. punctuation and symbols).

• Passwords must not include any portion of the user's logon name or the user's first or last name or a word commonly found in any dictionary.

• Password expiration: Passwords must be set to expire at least once per year.

• Reuse of old Passwords: Users must be prevented from reusing their previous three passwords.

Account Protection

Account locking: The system must be set to deny access for a period of time consistent with the criticality of the system after 6 consecutive, unsuccessful logon attempts.

Access: To prevent unauthorized access to System resources, changes in role or separation from the must result in corresponding changes or deletion of information technology account access privileges. It is the responsibility of the unit to which the person reported to ensure that these changes occur.

Operating Systems/Network Applications: System administrators are responsible for installing operating system and network applications updates of all manufacturer recommended security patches and for turning off all identified unnecessary services.

Virus Protection: It is the responsibility of each unit to ensure that the virus protection software is installed and enabled on unit computers. Unit computers must be set to update virus definitions daily. A scan of local storage must be scheduled to run minimally weekly.

Physical Security: The physical security of the resources (including, but not limited to the facility, equipment, software and information) must be maintained. Individuals

and units are responsible for implementing security measures for the resources within their purview, commensurate with the criticality of each information technology resource.

3.16 Disk Cleanup

The Disk Cleanup tool helps you free up space on your hard disk by searching your disk for files that you can safely delete. You can choose to delete some or all of the files. Use Disk Cleanup to perform any of the following tasks to free up space on your hard disk:

1. Remove temporary Internet files.

2. Remove downloaded program files. For example, ActiveX controls and Java applets that are downloaded from the Internet.

3. Empty the Recycle Bin.

4. Remove Windows temporary files.

5. Remove optional Windows components that you are not using.

6. Remove installed programs that you no longer use.

You can start Disk Cleanup, by doing any of the following:

1. Click Start, and then click Run. In the Open box, type cleanmgr, and then click OK.

2. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.

3. In Windows Explorer or My Computer, right-click the disk in which you want to free up space, click Properties, click the General tab, and then click Disk Cleanup.

Remove Files Stored on Your Hard Disk

1. To remove files stored on your hard disk that you no longer use, follow these steps:

2. Click Start, and then click My Computer.

3. Right-click the disk in which you want to free up space, and then click Properties.

4. Click the General tab, and then click Disk Cleanup.

5. Click the Disk Cleanup tab (if it is not already selected), click to select the check boxes next to the files that you want to remove, and then click OK.

6. Click Yes to the proceed with this action, and then click OK.

Remove Windows Components

To remove Windows components that you are not using, follow these steps:

1. Click Start, and then click My Computer.

2. Right-click the disk in which you want to free up space, and then click Properties.

4. Click the More Options tab, and then under Windows components, click Clean up.

The Windows Components Wizard starts.

5. In the Components list, click to clear the check box next to the component(s) that you want to remove.

6. A shaded check box next to a component indicates that only some of its subcomponents are installed.

If you want to remove a subcomponent, click Details, click to clear the check box next to the subcomponent(s) that you want to remove, and then click OK.

7. Click Next.

8. In the Completing the Windows Components Wizard page, click Finish.

9. Click OK, click Yes to proceed with this action, and then click OK.

Remove Installed Programs

To remove programs that you no longer use, follow these steps:

1. Click Start, and then click My Computer.

2. Right-click the disk in which you want to free up space, and then click Properties.

3. Click the General tab, and then click Disk Cleanup.

4. Click the More Options tab, and then under Installed programs, click Clean up.

The Add or Remove Programs dialog box is displayed.

5. In the Currently installed programs list, click the program that you want to remove, and then click Remove (or Change/Remove).

6. If you receive a prompt to confirm the removal of the program, click Yes.

7. Repeat step 5 and 6 to remove other programs that you no longer use, and then click Close.

8. Click OK, click Yes to proceed with this action, and then click OK.

Remove Restore Points

To remove all restore points except the most recent restore point, follow these steps:

1. Click Start, and then click My Computer.

2. Right-click the disk in which you want to free up space, and then click Properties.

3. Click the General tab, and then click Disk Cleanup.

4. Click the More Options tab, and then under System Restore, click Clean up.

5. Click Yes to remove all but the most recent restore point.

6. Click OK, click Yes to proceed with this action, and then click OK.

3.17 Regular Updating of Antivirus Software

There are three steps to complete protection from menacing computer viruses:

1. Get a good virus protection program.

2. Install the software; set it to run in the background and keep it on.

3. Update the your anti-virus software on a regular basis.

All three of these steps must be followed to have a good virus protection program in place.