Critical Security Control #3, as proposed by the Center for Internet Security (CIS), is called Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. This nerdy, wordy tome is written mainly for I.T. security pros and folks who secure large networks. However, there is much information here that, if properly interpreted, can be valuable to all computer users, not just high-end geeks.
This Control is important because, unlike the promotions from computer manufacturers, their products are not safe to put on the Internet in their brand-new, “right out of the box” state. The operating systems and programs they contain are configured for ease of use and convenience, usually only paying lip service to safety and security. New computers, laptops, phones and tablets need to be properly “set up” before they are turned loose on the Internet.
I usually start setting up a new computer by getting rid of unneeded, unnecessary, and otherwise stupid apps and programs. Most companies, in an effort to be all things to all people, load up new computers with a ridiculous amount of junk, known in some circles as “bloatware.” Besides simply wasting hard drive space and sacrificing performance, these programs also leave things running in the background that are constantly accessing the Internet, and, if not reigned in, can put a computer at serious risk.
Next on the list is to make sure the computers operating system (Microsoft Windows, Apple OS X) is as updated as possible, along with associated programs like Microsoft Office, Java, Adobe Reader, etc. For Windows computers, I will go to Control Panel (Vista, Windows 7 and 8) or PC Settings (Windows 10) and run Windows Update over and over again until it says there are no updates left.
This usually involves restarting the computer numerous times, going back to Windows Update and running it again, making sure the computer is receiving updates for all Microsoft products, and not just Windows. The “optional” updates section should also be checked, and updates that say they will “resolve issues with Windows” should be installed. Apple Mac users should click the Apple symbol in the upper left corner, then look at “About this Mac” and “Updates.” Again, I will run it over and over again until it says no more updates are available.
These chores should be done before installing any other programs, and especially before doing anything like checking email or viewing Facebook pages. Getting the cart before the horse in these areas is asking for trouble.
Quoting from the CIS document: “Developing configuration settings with good security properties is a complex task beyond the ability of individual users, requiring analysis of potentially hundreds or thousands of options in order to make good choices.” It is my goal to boil down these complex tasks into ones that all the readers of this column can benefit from.
Next time: antivirus programs, password policies, user accounts, wireless networks, and more.