Taking responsibility for securing the desktop environment is a critical part of network security. If a user allows access to their computer, or allows files or folders to be accessed without appropriate controls, then all other attempts at security are useless.
The chapter summarized this material as follows:
1. File sharing
One can allow access to a designated folder in two ways. A default share does not require and sort of access control, and allows any user to read, write or execute the files contained within the shared folder.
A restricted share is more secure, and requires the user to present credentials that are established when the user logs onto the machine.
2. Hiding Files or Folders
It is possible to hide specific files or whole folders so that the casual user cannot see them. This allows data to hide in plain sight. Shares can be hidden so that users who are aware of them can gain access.
3. File Encryption
Users on operating systems that use the Windows NTFS file system can easily encrypt and decrypt files using the Windows Encrypting File System (EFS). This process is seamless to the end user and makes it possible for easy encryption to guard against unauthorized access to user data.
4. Setting a Screen Saver Password
In the Windows Control Panel it is quite simple to require the use of a user password, and then to set the machine to require the entry of that password when the screen saver kicks in. This ensures that a user is protected from unauthorized access when one walks away from their computer.
Lots more stuff in this chapter, but I'm out of time!
No comments:
Post a Comment