This site is brought to you by the Electrical and Computer Engineering department

Windows Operating Systems

Note:  Microsoft is no longer providing support for Windows XP and Windows 2003 Server.  Please ensure a plan to upgrade your system(s) have been identified.

Antivirus-Malware-Spyware Protection

Cisco AMP - (only for UT systems).  Please email help@ece.utexas.edu and provide the UT asset tag number (silver sticker The Property of The University of Texas at Austin) for further details.  Your system will need to be verified it is property of the University.

Windows Defender - Windows Defender is a Microsoft antivirus, spyware, and malware protection program that is built in to Windows 10.

  1. Select the Start  button, then select Settings then Update & Security
  2. Select Windows Defender, then turn Real-time protection on or off

Additional information about how to use Windows Defender can be found at - Using Windows Defender in Windows 10

Immunet Free Antivirus (highly recommended by the ISO for non-UT systems)

http://www.immunet.com/index

Sophos Homehttps://home.sophos.com/

Applying Security Updates in Windows


Windows 10

  1. Press the Windows  +S key combination to display the “Search” box, then type windows update.
  2. Click Check for updates.
  3. Click the Check for updates button


Windows 7

  1. Click on Start, Click on All Programs, and scroll and click on Windows Update
  2. In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer
  3. If any updates are found, click Install updates.
  4. You might see both important and optional updates. Click install updates, click OK.
    1. Note: You might be prompted to enter your administrator credentials, installing updates requires elevated administrator privileges.
  5. Once updates are fully downloaded and installed a pop-up on the bottom left of your desktop screen might appear requesting a restart. 
  6. You may have the option to delay restart though we encourage you to restart your computer immediately.


Configure Event Log Settings

By default, Windows systems "should" be enabled for logging.  To enable logging:

For Windows OS:

  1. Click Start
  2. Click Control Panel
  3. Click Administrative Tools
  4. Click Event Viewer

Note:  For advanced or Windows 8 users, you can simply do a search for eventvwr and select the application.

In the left column, expand the Windows Logs folder.  The application, security, and system logs should now be visible.  To configure settings for each log file:

  1. Click on Application
  2. On the menu bar, click on Action, followed by Properties
  3. On the Log Properties view, verify that Enable Logging is checked
  4. Input 50000 KB as the maximum log size
  5. Under the When maximum event log size is reached, select Overwrite events as needed (oldest events first)
  6. Press OK
  7. Repeat the same steps for the security and system logs

Note: For the security log, input 100000 KB as the maximum log size.

Configure Portmap (RPC) Service

A system allows its portmap service to be queried from the public Internet. Portmapper is an RPC service, which always listens on tcp and udp 111, and is used to map other RPC 
services (such as nfs, nlockmgr, quotad, mountd, etc.) to their corresponding port number on the server. When a remote host makes an RPC call to that server, it first consults with 
portmap to determine where the RPC server is listening.Querying portmapper is a small request (~82 bytes via UDP) which generates a large response (7x to 28x amplification), which 
makes it a good candidate for DDoS attacks--especially considering its prevalence among virtually all modern Unix systems.

Portmap must be restricted from the public internet with access controls or authentication.

Inbound Rules to protect PortMapper TCP & UDP ports for Unix-based Software

How to check Windows Firewall settings for existing Unix-based software rules

       1.  Access the Windows Firewall with Advanced Security by going to Control Panel -> System and Security -> Windows Firewall and then click on Advanced settings.
       2.  In the navigation pane, click Inbound Rules.
       3.  Search for the following rules:
              Portmap for Unix-based Software (TCP-in)
              Portmap for Unix-based Software (UDP-in)
       4.  If the rules exist, move on to step 5. If rules are not present, create one PortMapper TCP port based rule and a second PortMapper UDP based rule by following
            the instructions under the "How to create rules to allow inbound network traffic for Portmapper TCP and UDP ports" section.
       5.  Highlight and double click on the Portmap for Unix-based Software (TCP-in) rule.
       6.  Select the Scope page where you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page.
            Under the Remote IP address section, select These IP addresses option and click the Add button to enter the subnets listed below:

             146.6.101.0/24
             128.83.190.0/24
             129.116.100.192/26
             129.116.238.128/26
             146.6.28.64/26
             146.6.53.0/24
             146.6.177.0/26
             129.116.140.0/24
             129.116.234.0/24
             172.25.1.0/27
             206.76.64.0/18
             198.213.192.0/18
             172.29.0.0/16
             10.0.0.0/8
           Once the subnets are entered, click Apply and then OK.

      7.  Highlight and double click on the Portmap for Unix-based Software (UDP-in) rule.
      8.  Follow the instructions outlined in step 6.
      9.  Close Windows Firewall with Advanced Security page.

How to create rules to allow inbound network traffic for Portmapper TCP and UDP ports

  1. On Windows Firewall with Advanced Security page, click Inbound Rules on the left window pane, click Action and then click New rule located on the top drop down menu.

  2. On the Rule Type page of the New Inbound Rule Wizard, click Port, and then click Next.

  3. On the Protocols and Ports page, click TCP and and under the select Specific local ports option and enter 111 in the empty field box. Click Next.

  4. In the Action page dialog box, select Allow the connections option and click Next.

  5. On the Profiles page, select the DomainPrivate, and Public options. Click Next.

  6. Within the Name page, click on the Name field box and enter the name Portmap for Unix-based Software (TCP-in).  Click Finish.

  7. Highlight the Portmap for Unix-based Software (TCP-in) rule and double click on it.  The Portmap for Unix-based Software (TCP-in) rule property dialogue box should appear.

  8. Select the Scope tab where you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. 

    Under the Remote IP address section, select These IP addresses option and click the Add button to enter the subnets listed below:

      146.6.101.0/24
      128.83.190.0/24
      129.116.100.192/26
      129.116.238.128/26
      146.6.28.64/26
      146.6.53.0/24
      146.6.177.0/26
      129.116.140.0/24
      129.116.234.0/24
      172.25.1.0/27
      206.76.64.0/18
      198.213.192.0/18
      172.29.0.0/16
      10.0.0.0/8
    Once the subnets are entered, click Apply and then OK.


  9. Create a second rule. Click Action and then click New rule located on the top drop down menu.

  10. On the Protocols and Ports page, select UDP and and under the Does this rule apply to all local ports or specific local ports? headingselect Specific local ports option and enter 111 in the empty field box. Click Next.

  11. In the Action page dialog box, select Allow the connections option and click Next.

  12. On the Profiles page, select the DomainPrivate, and Public options. Click Next.
  13. Within the Name page, click on the Name field box and enter the name Portmap for Unix-based Software (UDP-in).  Click Finish.
  14. Highlight the Portmap for Unix-based Software (UDP-in) rule and double click on it.  The Portmap for Unix-based Software (UDP-in) rule property dialogue box should appear.
  15. Follow the instructions outlined in step 8.
  16. Close Windows Firewall with Advanced Security page.

Enable Windows Firewall

For Windows OS, verify firewall settings:

  1. Got to Start  button, type Windows Firewall and select this option
  2. Select Turn Windows Firewall on or Off

Note: If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  1. Click Turn on Windows Firewall under each network location that you want to help protect, and then click OK

Encryption:  Enable BitLocker

Note:  Encryption via BitLocker in Windows requires the presence of the Trusted Platform Module (TPM) security chip.  

  • Sign in to Windows with an administrator account.

  • Go to Start  button, type encryption in the search field, and select Manage BitLocker from the list of results.

  • Select Turn on BitLocker, and then follow the instructions.

  • Be sure to escrow your BitLocker Recovery key in a safe location.  UT provide the escrow service - STACHE as a free service to store sensitive information such as passwords, license information, or encrytion keys.  For information on how to use STACHE, visit the documentation here


Operate with a standard Windows account


Running as an administrator?  Administrative accounts are granted the ability to virtually perform anything on the computer. Every computer has an administrative account, and many users have the tendency to operating their computer in an administrative mode.

With an administrative account, malware/viruses have an easier time:

  • Hiding itself in the system to install rootkits, backdoors, keyloggers.
  • Creating new administrative accounts
  • Accessing and running privileges services
  • Using an infected system to attack other vulnerable computers on the network

If your current account is now an administrative account, you should downgrade this account with only “user” privileges, while also creating a new account for administrative purposes.

Important:  Please Read - Information Security Office:  How to Not Login as Administrator (and still get your job done)

Create a new Administrative Account

  1. Click on Start, then navigate to the Control Panel
  2. Select User Accounts and Family Safety, then User Accounts
  3. If you are currently in Small/Large icon view, proceed to click on User Accounts.

Note:  Windows 8 and above, you can simply do a search for control panel and proceed with the remaining steps.

  1. Select Manage another account
  2. Select Create a new account
  3. Enter an account name, select Administrator, click Create Account

Assign a password to the new administrative account

  1. Click on the new account, select Create a password
  2. Enter a strong password and click Create Password when done

Demote the original user account to a standard user

  1. Select Manage another account
  2. Click on your original account from the accounts list (not the one recently created)
  3. Select Change the account type
  4. Select Standard User and click Change Account Type
  5. Close the Control Panel and then log off and back on the system with your primary/standard user account.

Password Complexity


Secure unattended computers

  1. Navigate to the Control Panel (varies between Windows 7, 8.1, 10)
  2. Select Appearance and Personalization
  3. Select Personalization
  4. Click Screen Saver, Set the number of minutes in the Wait box for a recommended 15 minutes
  5. Check On resume, display logon screen

Note:  Windows 8, 10 users, you can simply do a search for control panel and proceed with the remaining steps.