There are plenty of people in the corporate world that know little bit about computer security. Companies will often tell their employees to have strong passwords with both letters and numbers and not something easily guessable such as a child's name or birthdate.There are also many home users who feel their computer is safe because they are running the latest Norton Antivirus, have all the latest Windows updates and only buy from online sites with the little SSL lock.Here is a fact for those users who feel safe; a good computer technician can bypass all of this with great ease, sometimes within a matter of minutes.Whether you are a computer technician or just a computer user, this guide will show you how to properly lock down a computer.
Leading security brands such as Symantec and McAfee will tell you the internet is not a safe place and that you should have a good antivirus and firewall to keep hackers from stealing your private data. This is good advice, however what they fail to mention is that according to a survey for top IT managers, taken in 2003 by the FBI and Computer Security Institute, reports that 45% of the companies had files accessed without authorization by insiders. Not by some hacker poking away at their firewall.
Having a strong Windows logon password with both letters and numbers is simply not enough as files can be accessed as easily as putting a CD into the CD-Rom and turning the computer on, without ever needed to log onto Windows. There are many freely available Operating systems such as Knoppix (linux based) and UBCD (windows based) which can be run from the CD and make it easy to read your files without ever entering Windows.
What about encrypted files? Breaking into encrypted files can be done, but without the original password it is incredibly time consuming. A much quicker way to get into encrypted files is for someone to install something called a “Key Logger” onto the computer using one of these CD’s. A Key Logger is an application that records the buttons you press on the keyboard, including that password you type in to access your encrypted files.
A computer that could be considered “locked down” should have all of the following security measures in place:
Being Boot Proof
By making a computer boot proof, it helps prevent attacks from boot CD's such as Knoppix or UBCD.
To make a computer boot proof, go into the computers BIOS by pressing F1 right when your computers screen first turns on when you power it up. For some computers, especially brand name ones, it may be F10, F12 or F2 instead of F1.
Once in the BIOS, look for a Boot Order/Options section and change the boot order to boot from hard drive only. If there is no hard drive only option, make sure harddrive is first (eg. HDD, FDD, CDRom). Now, look for a Security/Password section and set a boot password. Be sure to write it down in a place that you will be able to find it and other wont and remember that the password is case sensitive. If you forget this password you will have to open up your computer to remove it (which of course, we have the instructions for here).
If your computer case doesn't have a physical lock on it for preventing people from opening it (most computers don't) then it might be a good idea to put on a Harddrive Password which can also be applied in the Security/Password section of your BIOS. The reason for a harddrive password is even if you have a boot password, someone can remove the harddrive from the physically unlocked computer, place it in another computer and totally bypass the boot password on your computer because your computer was never turned on.
Keep in mind though, if you forget a harddrive then your harddrive and all the data on it may be rendered unusable after 3 wrong password guesses. Most computer technicians will not be able to remove a harddrive password.
Physical Security Options
As mentioned in the previous section, boot passwords can be bypassed by physically moving a jumper on a motherboard or by removing the battery that powers the bios. To prevent such a thing, having a lockable computer case is a good option as it will also help prevent the theft of computer parts such as the hard drive.
If you have a laptop and use it in semi public places such as libraries, airports & coffee shops then leaving it alone is definitely a bad idea. Investing in a good laptop cable lock deters walk-by thieves in public and semi-public places (however, not in private locations such as hotel rooms as bolt cutters will cut through these like butter). Most laptops, some desktop PCs and even some flat-screen monitors have cable lock slots, just make sure you secure it to something escape proof like a wall pipe or the middle of a bed frame. Wrapping it around a table leg just won't do.
Download the security softwares mentioned in this articles, you can visit this security software website.
No comments:
Post a Comment