Saturday November 7th, 2009

Search

• Home
• Help Desks
• Applications
• Services & Support   »
  • UCInetIDs & Identity Management
  • Email & Webmail
  • WebFiles
  • Calendaring
  • Sofware & Hardware Purchases
  • Virtual Server Hosting
  • Instant Messaging
  • Mailing Lists
  • Streaming Server
  • Security
  • Safe Computing
  • zotALERT
  • More...
• Instruction & Research   »
  • EEE - UCI's Course Management
  • Computer Labs
  • Research Computing
  • Distributed Computing Support
• Network   »
  • UCInet Mobile Access (WiFi)
  • 800 MHz Radios
  • UCInet Tools
  • Service Request Form
  • Server Registration Form
  • IP Address Request Form
  • More...
• Telephone   »
  • Service Request Form
  • Campus Telephone Services
  • Cisco IP Phones
  • Conference Call Services
  • Cell Phone Services
  • More ...
• About OIT   »
  • IT Consolidation
  • Contact Us
  • Organization Chart
  • IT News
  • More ...

 

Best Practices for a Safe Installation of Microsoft Windows

Summary: How to safely install Microsoft Windows on your UCI computer.

Introduction

As many users on UCInet may have already discovered, installing a Windows OS on the campus network presents special challenges. Because nearly all IPs on UCInet are world-reachable, and because, as an education and research institution, we are a mostly open architecture, it is more than likely that a newly installed system will be infected before the process is complete.

Therefore, steps need to be taken to mitigate against this reality. The following assumes a workstation installation of Windows 2000 or XP. Windows 95, 98, and NT are no longer supported products and not recommended for use on campus. If you are part of a campus-supported environment, always check with your computing support group before adding new machines to the network, or reinstalling a system. (Note: Servers should also be installed off the network, but given their nature as sometimes critical systems, it is important to understand the affects of anti-virus and firewalling software, as well as patches and service packs, using a tested environment on a case-by-case basis.)

Installing Windows

1. Disconnect the computer from the network.
2. Run the installation and skip the network setup.
3. After the installation is finished,

If you are installing Windows 2000:

Install a personal firewall.
There are many commercial options and many of the latest antivirus products now come with a personal firewall as part of a package. Some options available are Norton, McAfee, Zone Alarm, and Sygate. Zone Alarm has a free download available at:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Whichever one you choose, you will need to have the executable installer available off the network of course, via CD, USB storage, or other removable media.

If you are installing XP (or XP SP1):

Install a personal firewall.
Install a personal firewall as described above, or you can turn on the native firewall included with XP (see instructions below).  If you are planning on running the native XP firewall on a permanent basis, it is recommended that you install Service Pack 2, as this firewall has much improved functionality.

If you are installing XP SP2:

Service Pack 2 for XP will also install a personal firewall that denies incoming connections, which runs by default whenever you boot the machine.

4. Leave your firewall settings in the default mode which they were installed with. After installing the personal firewall, and rebooting if necessary, plug into the network and finish the network setup.
   Let your computer boot up fully before you plug back into the network.
5. Go immediately to Windows Update:
   http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
   and install ALL security patches and service packs. It is also recommended that you enable the auto-update feature for Windows Updates and enable auto-install mode to acquire and install all future security releases from Microsoft.
6. Install an anti-virus program (unnecessary, of course, if you installed your anti-virus product as part of a personal firewall installation). Enable auto-updates to keep your virus signatures up to date. It is also a good practice to schedule a weekly scan of the entire system. If you are installing a later version of antivirus, make sure that you don’t install a secondary firewall on top of the one you are running (this is especially true if you are utilizing the Microsoft firewall that comes with SP 2, there will be conflicts).

Again, if your computer is serviced by a campus computing support group, it is important that you check with them before doing any of the above. They know your infrastructure and can advise you of any caveats relating to your unique situation.

Instructions for enabling the XP (SP1) firewall:

• Right-click ‘My Network Places’ from the Desktop or on the ‘Start’ menu and choose ‘Properties’. This brings up ‘Network Connections’
• Find the icon that represents your network adapter and right-click it and choose ‘Properties’
• Choose the ‘Advanced’ tab at the top of the window and check the box under Internet Connection Firewall that says: Protect my computer and network by limiting or preventing access to this computer from the Internet.

You must be an administrator to complete this task. There is no need to reboot for the firewall to take affect.

Please note that this is NOT a complete “Best Security Practices” for your computer! The purpose of this document is only to allow someone to complete an installation without having their computer compromised in the process. NACS has (and it is recommended you read) a very thorough and more detailed explanation of securing Windows installs at:

http://nacs.uci.edu/windows/SecurityPrimer.html

Updated: October 26, 2005

Comment on this page.

Office of Information Technology
Contact Us — (949) 824-2222 or oit@uci.edu