Software and Parameters

Software Updates

Security-relevant software updates (called patches) fix security holes that are being discovered almost daily. Security holes can allow unauthorised access to your data or worms to spread and exist both in operating systems and applications (e.g. Adobe Flash, Adobe Reader, Sun Java etc.). The installation of software updates is therefore very important to the security of your data.

What needs to be done

  • Regular updates of operating system and applications
    Some products have an automatic update function for this purpose. It is imperative that you use it. Check regularly if this function is active and is working properly. Information on the latest software updates can usually be found on the relevant vendor's web page.

  • Keep track of information on software updates
    Further sources provide regular information on newly discovered security holes (or vulnerabilities) and the relevant updates (or other measures to be taken).

Personal Firewall

A firewall protects computer systems by monitoring incoming and outgoing connections and rejecting them if necessary. It is comparable with a sentry at a castle gate. The decision to accept or reject a connection is based on simple rules that are checked each time a new connection is established. Firewalls reduce the risk of unauthorised access by hackers and the threat of Trojan horses, spyware and worms. Most companies protect their networks with a powerful firewall installed on a dedicated computer placed between the Internet and the local network. A personal firewall (also called a desktop firewall), on the other hand, is designed to protect a stand-alone computer and is installed directly on it.

What needs to be done

  • Use a personal firewall
    Like virus scanners, personal firewalls are available as add-on software. Some can be downloaded from the Internet for free. Some operating systems are already equipped with a personal firewall. Do make use of it.

  •  Personal firewall before connecting to the Internet
    If your computer has a personal firewall, it is important to enable it before connecting the computer to the Internet. Only download software updates and other programs and files once the personal firewall is active.

Virus Scanner

Virus scanner (anti-virus) software protects your data from viruses, worms or Trojan horses. It is therefore absolutely essential to have an up-to-date virus scanner if you download programs or files from the Internet or exchange them with other people. Regular updating of virus scanner software is crucial as several new viruses, worms and Trojan horses can emerge in just one day.

What needs to be done

  • Install a virus scanner
    Use an up-to-date virus scanner.

  • Update your virus scanner regularly
    Make sure that the virus scanner is updated at least two or three times a week. Most products have an automatic online update function that performs this work for you. It must be enabled.

  • Check that the licence is valid
    Check regularly whether the licence of the virus scanner is still valid. The software will still work after the licence expires. However, updates can no longer be retrieved.

Data backups

Data backups

There is always the possibility of data being partly corrupted or even completely destroyed due to incorrect handling, technical faults or viruses and worms. To minimise the risk of data loss, regular data backups are highly recommended.

What needs to be done

  • Regular data backups
    Data requiring backup should be regularly copied to external data storage devices (CD-ROM, DVD, USB memory sticks or external hard drive). Remember to make a full backup of all the data on the computer from time to time as well.

  • Keep data storage devices secure
    The data storage devices should be kept in places protected from external influences. Backups should not be kept in the immediate vicinity of the computer as they would also be destroyed in the case of fire, flood, etc.

  • Check the backups
    Data backups require regular checks for completeness and readability. Try restoring certain files from time to time.

Shares

Make sure that no Windows shares are configured on your computer. Shares on a Windows system make files or entire drives available to other users via the network. Shares are not only a point of attack for viruses and worms but can also make your (confidential) data available to a large number of users (in the worst case all Internet users).

Browser

Two-browser strategy and other options

It  has now become standard practice to regularly, and best of all automatically, download security updates of operating systems and applications. Nevertheless, 0-day vulnerabilities frequently do occur, i.e. vulnerabilities for which no security update exists. Almost every day, vulnerabilities of this sort surface in a wide range of applications. Internet browsers are likewise not immune to them. Depending on the seriousness of the known vulnerability, it may make sense to switch to a different browser, at least temporarily, until the vulnerability has been resolved by the manufacturer.

What is trivial for the private domain can lead to serious problems in the business world. Unlike in the case of private computers, it is not always that simple to switch to an alternative browser in the case of business computers - for instance if no two-browser strategy has been implemented. This is often the case, so that the responsible ICT division only has to maintain a single browser.

If a serious vulnerability occurs, private or even confidential data may be at risk. It therefore makes sense, both at home and in the business world, to prepare for an emergency, in order to switch to an alternative browser as quickly as possible.

The following possibilities are conceivable in the business world. The list is not exhaustive:

  • Comprehensive installation of two browsers on all workstations
    All workstations in a given company are supplied with at least two browsers. In an emergency, the employees can be instructed to no longer use the affected browser until informed otherwise. This may also be steered using the proxy by denying Internet access to the affected browser. This solution is relatively cost-intensive, however, since several browsers have to be maintained and it is not always clear for the user which browser can be used when.

  • Selective installation of at least two browsers
    Workstations that absolutely have to access the Internet are supplied with several browsers. If one of the browsers is affected by a vulnerability, Internet access can be denied. Access to the Internet is then only possible with an alternative browser. This solution has the serious disadvantage that, in the event of an emergency, part of the staff temporarily has no access to the Internet. Even though this may not have a major impact on work, the affected users may feel patronised or disadvantaged.

  • White list
    All divisions of a company notify their ICT division of those URLs that must be accessible even in the event of an emergency. These URLs are then entered on a « white list ». If a vulnerability occurs, all URLs are blocked that are not included on the white list. With this measure, alternative browsers can be dispensed with. The risk of damage is minimised, since only specific URLs are reachable. Nevertheless, a certain risk persists. It must be possible to install security updates quickly, so that the temporary blocking of URLs not on the white list can be lifted as soon as possible.

Last modification 03.07.2015

Top of page

https://www.melani.admin.ch/content/melani/en/home/schuetzen/grundschutz.html