• Home
• About Us
• About
• People
• Faculty Scientific Interests
• Faculty Directory
• Graduate Student Directory
• Staff Directory
• Admissions
• Introduction
• Affirmative Action
• Undergraduate
• Introduction
• Concentrations
• Announcements
• Curriculum
• Honors
• Recent Honors Theses
• Advisors
• Psych Courses Offered
• Teaching
• Research
• Careers
• Graduate
• Introduction
• Financial Aid
• Training
• Curriculum
• Psych Courses Offered
• Teaching and Research
• Recent Dissertations
• Department
• Facilities
• Colloquia
• Forms/Lists/Downloads
• Class Downloads
• Documentation
• About
• Links
• Psychology Links
• Graduate Student's Pages
• Participate in Research
• Memory Laboratory
• Perception Laboratory
• Timing Lab Archive
• Primate Newsletter

Connecting your computer to the network at Brown

Robert Moore, DCC Psychology

Background:

• You must not connect a computer to the Brown network unless it meets certain configuration standards. This requirement applies to desktop or laptop computers, to ethernet or wireless connections, and to all operating systems. The policy is detailed in the Network Connection Policy. This is one of a collection of policies related to the individual and policies related to hardware and software. Users are therefore responsible for having reviewed the listed policies and for complying with their requirements. The concern is to configure and use computers in a way that minimizes the chances they (or the data on them) will be compromised or that your computer will compromise others. In general, talk with your department's DCC or System Administrator, or talk with the Help Desk (x3-HELP) for advice.
• Windows computers need several patches applied before the computer is placed on the network to limit vulnerabilities.The first patch is the NetBIOS Null Sessions patch which will disable what is called "NULL user account enumeration". This prevents a worm from determining what accounts are on your system. You can read more about this here. The second patch is the Distributed Component Object Model (DCOM) patch. You can read more about this at GRC and at Microsoft. Both these vulnerabilies are patched by the Windows Update Configuration Tool available from Brown's Computing and Information Services (CIS).
• Both Windows and Macintosh computers need to have the latest version off Symantec anti-virus installed with the most recent virus signatures. Your DCC or System Administrator can assist.
• Computers placed on the physical network within the Psychology Department need to be checked by the DCC in order to be configured with a fixed or dynamic network address and to record the machine's physical (or MAC) address.
• One particularly good approach for DCCs who need to configure many windows computers is to burn an installation CD. And print out the latest configuration guidelines from Black Viper . . . (I keep a folder full of the latest pieces I need to configure a new computer.) Much of what follows is for computers that are not pre-configured for the Brown environment by a vendor such as Dell. In any case, it is useful to try to get as much of what should be configured on a computer before it goes on the network.

Checklist:

• Thing 1. Ensure the computer is NOT on the network. Good. Turn it on. You may be able to log on as the account named Administrator. Else boot into safe mode which will permit you to do this. In Users Control Panel configure an Administrator password and at least one user who is Administrator equivalent with a password. All users must have passwords. We STILL see computers coming from vendors with an account called "service" with password "service" . . .
• Thing 2. If you can, download the Windows Update Configuration Tool obtained from the software server to a CD or USB key and install from that before attaching to the network.
• Thing 3. At this point you can connect the computer to the network. Your DCC may have a "safe" ip number to use in the remaining configurations. This "safe ip" will prevent connections being initiated from other devices on the network.
• Thing 4. Run Windows update and get all critical updates.
• Thing 5. Install Symantec anti-virus from the software server and ensure Live Update ran properly (check the date.) If you are doing this offline (perhaps because the computer was compromised) get the latest Symantec Intelligent Updater (see below) and apply from a CD or USB key.
• Thing 6. Install Windows Defender(see below) and configure it to run a "Full Scan" under "Scan Options".
• Thing 7. Install SpyBot from the software server and update the detection rules. If you are doing this offline (perhaps because the computer was compromised) get and apply the latest detection rules update (see below) and apply from a CD or USB key.
• Thing 8. Install PageDefrag from Sysinternals (see below.) The Defrag tool included with XP will not defrag your Paging File (aka Swap File) or the Registry hives.
• Thing 9. Use RUN then SERVICES.MSC to disable un-needed services (processes.) By default XP Pro runs about 44 services. You can cut this down to about 20 using Black Viper's recommendations from the Black Viper mirror. See below for where to get these recommendations.
• Thing 10. The computer probably has Microsoft Office installed. You need to ensure that is fully patched. The best way to do this is to run Windows Update and upgrade to Microsft Update. This will then automatically include Office and Defender in automatic updates.
• Thing 11. The computer may have been configured temporarily to a "safe" ip number. Finalize that by giving it an assigned (fixed) ip number (with the help of your DCC or Sysadmin) or configuring it into the DHCP pool. (Remember you can turn off the DHCP service if using a fixed ip.)

Where to find all this:

• Black Viper mirror Configuration document
• Windows Update Configuration Tool
• Symantec Anti-Virus
• Symantec Intelligent Updater
• Windows Defender
• SpyBot
• SpyBot Detection Updates
• PageDefrag