Securing Your Laptop or Workstation

Some general guidelines on how to reduce your exposure

Reviewed by Bil Hays 04/29/2014

Getting Started

First, assess what degree of risk you have. If you do not have sensitive data, the basics presented here are a good start.

Make backups

You are more likely to suffer data loss from other causes, but making backups is a good measure to take in order to preserve your data. You should have three copies of everything important, in two different locations–you mightn’t know that a backup instance has failed until you need to restore from it.

Use antivirus and antimalware software

ITS provides Symantec’s Antivirus software from their Shareware Distribution site. If this does not suit, a free alternative is ClamAV, which is cross platform and open source. Also consider using antimalware software to detect problems.

Enable the firewall

Most operatings systems come with the firewall enabled by default. If you want to test your firewall, the easiest way is to use Gibson Research’s Shields Up, a free online scanning service (do keep in mind that if you do this from behind a NAT hosted in a cable modem router or wireless access point, what you are really scanning is the NAT). But these firewalls offer minimal protection, and you may wish to go further. We have more detailed information on firewalls if you want to pursue more advanced options.

Use encrypted connections wherever possible

Using encrypted connections helps prevent others from being able to read the data that you are transmitting over the network. On campus, this is not much of an issue, but when you are out and about in the world, keep in mind that the networks you are using vary widely in terms of their relative security.

  • For any web site that requires a password, use https:// instead of http://
  • For imap connections to read email or smtp connections to send mail, use the encrypted ports and enable ssl, see our SMTP Configuration and ITS’s doc on SSL and TLS for details. But keep in mind that email is generally not considered a secure means of communication for sensitive data.
  • Use SFTP and SSH to move files and login, and avoid use of FTP and Telnet.

Install VPN software on portable computers or pdas

ITS provides Virtual Private Networking through a cisco system. What this does is enable encryption on all connections to and from unc.edu, so it is a good security measure if you travel. See the Best Practices for Using the Campus VPN for more details.

Use strong passwords and require their usage

The password rules we use in Computer Science yield relatively strong passwords, but make sure you use strong passwords for any important data. Also, disable autologin and require a password to wake from sleep and at the screen saver.

Be careful where you click

Much of the malware out there these days can infect your system when a web page or similar link is clicked. Be careful to not open attachment or click on links as they are provided to you unless you are sure of their source.

Keep your system up to date

Installing system updates in a timely fashion reduces your exposure.

See Also