Virus protection (internal)
Safeguarding ePHI
Securing a non-Partners PC
Securing a NT server
InfoSec scans & firewall exceptions
Partners Information Security (internal)

 
Securing a non-Partners PC

Though your new PC may seem ready to be placed on the network, there are a few steps that must be taken in order to ensure that it is going to be secure on the Partners Network. Many trojans and worms can be avoided by ensuring that your PC has all the up-to-date Microsoft patches before connecting to the Partners network. If you have a new Windows XP or 2000 PC or laptop, or one you haven't used before on the Partners network, you need to secure it before connecting to the network. If you have a Windows XP or 2000 PC or laptop already on the network and haven't taken the precautions below, do so now.

The following instructions can be downloaded as a .pdf.

Before you connect your PC or laptop to the Network:

You should run the updates and install the software noted below with your PC disconnected from the network. Given that, you will need a CD or a thumbdrive (512MGB+) that has the updates and fixes listed below. If you'd like one of our techs to visit you and take care of this, call the Help Desk at 617-726-5085 and ask that you call be placed in the "research queue".

1. Windows Service Packs: Windows 2000: Service Pack 4 & Windows XP: Service Pack 2  http://www.microsoft.com/downloads/

2. For both: Dcombob.exe vulnerability fix

3. For both: UmPnP.exe vulnerability fix

4. For both: Anti-virus software:

a. McAfee Virus software and the latest .dat (virus definition file) follow these instructions. (internal only)

*Warning: McAfee is only for those computers used on campus. Installing on home computers violates our license agreement and is illegal.

b. Or, Norton Anti-Virus software and the latest .dat (virus definition file)  http://www.partners.org/rescomputing under “Security Alerts”

Insert the CD/connect the thumbdrive and:

  1. Upgrade to the appropriate Service Pack for the version of Windows you are running.
  2. Turn off DCOM by using Dcombob.exe (requires reboot)
  3. Turn of UPnP by using UnPnP.exe
  4. Turn off Null sessions  by using regedt32, set the following value “RestrictAnonymous” to 1, found in: HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > LSA
  5. Disable remote access vulnerabilities – Control Panel > Admin. Tools > Services. In the Services (Local) list find Computer Browser and Server
    Change the Startup Type from Automatic to Disable in both, Stop if running.
  6. Turn off Netbios Over TCP/IP. Go to Network Connections > Local Ethernet > TCP/IP > Advanced > WINS Change Netbios to Disabled  (This has caused some to have problems with connecting to Windows network shares. If you do, reactivate it, but be aware that this is a vulnerability)
  7. Verify that all accounts on the machine, especially the Administrator accounts, have strong passwords. There are viruses with dictionary files guessing common passwords.
  8. Install Anti-Virus software on the machine.
  9. Set the Anti-Virus software to Update virus .dat files daily, and to scan weekly.
  10. Connect the PC to the network and run all available windows updates

You can set your PC to automatically retrieve and install updates for Windows XP & 2000; see this Microsoft documentation.

Last, if you connect portable storage media to your PC (floppy disk, zip disk, thumbdrive, external hard drive, or CD) scan the media with your anti-virus software before opening files on them; a couple minutes could save a couple days spent rebuilding your PC.

ATTENTION Windows XP users: DO NOT connect a XP PC/laptop to the Network without first turning off Bridging. Many out of the box” XP PC’s/laptops are set up to “Bridge” network connections. This setting will cause your Partners Network port(s) to be disabled. Before connecting to the Network, turn off Bridging. Use an existing PC/Mac on the network to download the online instructions.

Once your PC is secure and on the Network, did you know?

1. You can use Microsoft Outlook with your Partners email account including full calendaring. Call the Help Desk (617-726-5085) and ask for a research tech to stop by and install/configure Outlook for you.

2. You can access many Partners applications using Citrix software. Citrix is software that allows non-Partners build PC users to access applications that were built to run only in a Partners-build PC environment (e.g., PCIS/CAS, RPDR, PAS) from work and from home while connected to the Partners Network via remote access.

a. To install Citrix, you must be on the Network (after completing steps a. through f. above) and navigate to the Partners Portal webpage.

b. You will be prompted for your Partners username and password.

c. You will then be prompted to install the Citrix client; this must be done while logged on to the Partners Network in the office or from home via remote access.

d. Instructions on installing Citrix are located on the Research Computing website

3. You can use your Network H: drive just as you would with a Partners PC.

a. The H: drive is secure, safe, personal storage for everyone with Partners credentials; it is backed up nightly.

b. Call the Help Desk (617-726-5085) and ask for a research tech to stop by to help you “map” your PC to the H: drive

OR

c. Do it yourself by following these directions.

4. You can also connect any Shared File Area (SFA) or Folder to which you’ve been granted access.
Search: