Taking responsibility for securing the desktop environment is a critical part of network security. If a user allows access to their computer, or allows files or folders to be accessed without appropriate controls, then all other attempts at security are useless.
The chapter summarized this material as follows:
1. File sharing
One can allow access to a designated folder in two ways. A default share does not require and sort of access control, and allows any user to read, write or execute the files contained within the shared folder.
A restricted share is more secure, and requires the user to present credentials that are established when the user logs onto the machine.
2. Hiding Files or Folders
It is possible to hide specific files or whole folders so that the casual user cannot see them. This allows data to hide in plain sight. Shares can be hidden so that users who are aware of them can gain access.
3. File Encryption
Users on operating systems that use the Windows NTFS file system can easily encrypt and decrypt files using the Windows Encrypting File System (EFS). This process is seamless to the end user and makes it possible for easy encryption to guard against unauthorized access to user data.
4. Setting a Screen Saver Password
In the Windows Control Panel it is quite simple to require the use of a user password, and then to set the machine to require the entry of that password when the screen saver kicks in. This ensures that a user is protected from unauthorized access when one walks away from their computer.
Lots more stuff in this chapter, but I'm out of time!
Sunday, June 29, 2014
Sunday, June 22, 2014
Chapter 2: Basic Security Procedures
Online security is more important today that it has ever been. Every day there are more and more methods that can be used maliciously to gain access to your system or your data. A few simple procedures and tools can help to safeguard your information from access by unauthorized users or keep your computer from being used without your knowledge or consent.
Basic security procedures can be divided into two spheres: one regarding the maintenance of your operating system, and the other that mandates good personal security measures such as adequate password security.
Operating system maintenance is extremely important. Although Microsoft Windows security took a leap forward with the recent sunsetting of Windows XP, it is still vital to maintain Windows 7 and Windows 8. This involves making sure that Windows is set to download critical updates at a set time every day, and to ensure that the Windows Firewall is turned on and is set correctly. Additional procedures involve making sure that the system time and date are set correctly, unnecessary system services are disabled, and that all user accounts are protected by the use of strong passwords.
In addition, it is vital to make sure that a quality antivirus product is installed and set to update its virus definitions automatically without the need for user intervention. It's not necessary to spend money on antivirus protection, there are several free products that do a very good job of protection. I prefer Avast, and am presently using their Internet Security product, which retails for about twenty dollars annually.
However, all the hardware security in the world if a user password is weak, or easily guessable. There are many methods to generate strong passwords that are not readily machine crackable. A common scheme to ensure a decent level of security is to randomly alternate upper and lower case characters, and to replace letters with "look alike" numbers or other keyboard characters.
With a little effort and constant vigilance, users can have the peace of mind that comes from knowing that their personal data and computer systems are not at risk of being stolen or used against them.
Basic security procedures can be divided into two spheres: one regarding the maintenance of your operating system, and the other that mandates good personal security measures such as adequate password security.
Operating system maintenance is extremely important. Although Microsoft Windows security took a leap forward with the recent sunsetting of Windows XP, it is still vital to maintain Windows 7 and Windows 8. This involves making sure that Windows is set to download critical updates at a set time every day, and to ensure that the Windows Firewall is turned on and is set correctly. Additional procedures involve making sure that the system time and date are set correctly, unnecessary system services are disabled, and that all user accounts are protected by the use of strong passwords.
In addition, it is vital to make sure that a quality antivirus product is installed and set to update its virus definitions automatically without the need for user intervention. It's not necessary to spend money on antivirus protection, there are several free products that do a very good job of protection. I prefer Avast, and am presently using their Internet Security product, which retails for about twenty dollars annually.
However, all the hardware security in the world if a user password is weak, or easily guessable. There are many methods to generate strong passwords that are not readily machine crackable. A common scheme to ensure a decent level of security is to randomly alternate upper and lower case characters, and to replace letters with "look alike" numbers or other keyboard characters.
With a little effort and constant vigilance, users can have the peace of mind that comes from knowing that their personal data and computer systems are not at risk of being stolen or used against them.
Subscribe to:
Posts (Atom)