HostedDB - Dedicated UNIX Servers

fips191_46 FIPS PUB 191 Appendix B - Personal Computer Considerations Personal  computers  typically  do  not  provide  technical  controls  for  user  authentication,  access control, or memory protection that differentiates between system memory and memory used for user applications.   Because the lack of controls and the resultant freedom with which users can share and modify software, personal computers are more prone to attack by viruses, unauthorized users and related threats. Virus  prevention  in  the  PC  environment  must  rely  on  continual  user  awareness  to  adequately detect  potential  threats  and  then  to  contain  and  recover  from  the  damage.   Personal  computer users are in essence personal computer managers, and must practice their management as a part of their general computing.   Personal computers generally do not contain auditing features, thus a  user  needs  to  be  aware  at  all  times  of  the  computer’s  performance,  i.e.,  what  is  normal  or abnormal activity.  Ultimately, personal computer users need to understand some of the technical aspects  of  their  computers  in  order  to  detect  security  problems,  and  to  recover  from  those problems.    Not  all  personal  computer  users  are  technically  oriented,  thus  this  poses  some problems and places even more emphasis on user education and involvement in virus prevention. Because of the dependence on user involvement, policies for LAN environments (and thus PC usage) are more difficult to implement than in a multi-user computer environment.   However, emphasizing these policies as part of a user education program will help to ingrain them in users’ behavior.  Users should be shown via illustrated example what can happen if they do not follow the  policies.   An  example  where  users  share  infected  software  and  them  spread  the  software throughout an organization would serve to effectively illustrate the point, thus making the purpose of the policy more clear and more likely to be followed. (It is not suggested that an organization actually enact this example, merely illustrate it).   Another effective method for increasing user cooperation is to create a list of effective personal computer management practices specific to each  personal  computing  environment.   Creating  such  a  list  would  save  users  the  problem  of determining how best to enact the policies, and would serve as a convenient checklist that users could reference as necessary. For  guidance  on  general  protection  of  PCs  see  [STIE85].   For  guidance  on  protecting  against malicious software see [WACK89]. 48