System Protection

• No networked computer without operating virus detection software shall be operated. Virus detection software shall be updated a minimum of once per month and a complete system scan for viruses shall be done at least once per month.
• No unprotected shares
• Disable ActiveX code in all web browsers.
• Standard settings on web browsers for Java and Javascript code.
• Systems should be set not to hide file extensions for known file types. If hiding extensions for known file types is allowed, an attacker can disguise a file with a name like "FRIENDLYFILE.TXT.exe". This file will appear to be a text file to a user. If the user attempts to open it, it can be run in their system, and... To set this correctly, do the following:
1. Open "My Computer".
2. On the menu, select "View" and "Folder Options".
3. Select the "View" tab.
4. Uncheck "Hide file extensions for known file types".
• Disable/remove Windows Scripting Host (WSH)
1. Click on "Settings"
2. Select "Control Panel"
3. Click "Add/Remove"
4. Click on the "Windows Setup" tab.
5. Click "Accessories".
6. Uncheck "Windows Scripting Host" and click "OK".