Today we begin a series of articles about computer security. In this series we will look at the following aspects of computer security:
• Physical access to a computer and data
• Security of data and system
• Security of home network
• Anti-virus security
• Protection from spam and advertising
Physical Access to a Computer and Data
Protection for your PC and data should consist of several layers. In this article, we will describe how to secure and protect the contents of your computer from intruders and “curious” individuals.
Often, even those people who fastidiously protect their digital information do not pay enough attention to restricting physical access to the computer itself. It is no less serious a threat to the system than malware and hacker-incursion via the Internet.
We should be concerned about risk of loss or theft of data; damage to the operating system and software; accidental or deliberate deletion from unauthorized access, or even workplace colleagues. At home the risk arises from children, friends, or relatives who can unwittingly delete vital data from the hard drive.
By getting physical access to the computer itself it takes less skill to bypass software protection. Your sensitive data can be easily exposed and vulnerable – easy prey for your attacker.
In the absence of special protection within the system, the intruder can boot the PC with a portable HDD or USB-stick and undetectably download information, as well as introduce spyware or a virus to your system to continue gathering data after he has left! That data could be e-mailed to them, by your own computer, at their convenience.
Intrusion prevention must create multiple lines of protection, starting with the direct physical access control. To ensure reliable data storage, you can use built-in Windows tools, such as Parental Controls to restrict the rights of users. Only one person needs administrative access to your computer – You. There is third-party software, including integrated anti-virus and firewalls which stops access to ports and drives on the PC. In addition, there are hardware solutions, for security & access control called Biometrics, which include fingerprint scanners, retinal scanners, and facial-recognition software, which can identify the user, via the computer’s own camera.
We are starting a series of articles about computer security with the theme: “Physical Access to a Computer and Data“.
1. User Accounts
One of the first steps to protecting your computer is to create an individual account for each user in Windows. With accounts comes the flexibility to adjust the levels of access to the system. Accounts also serve to separate the private material so that each account holder can only access their own folders. Accounts also allow you to limit the rights of users to make changes to the system, and restrict or forbid installation of third-party software. For account creation, you need Administrator rights.
1. Open the tool for creation and account settings via the menu “Start | Control Panel | User Accounts (or User Accounts and Family Safety | User Accounts Household Users” if it exists in your version of Windows). Create a new account by clicking “Add or remove user accounts”.
2. In this window, click on the line “Create a new account“. You can then type a name for the account and select “Standard User”, which is restricted so that it cannot make changes to the Operating System, but will still be allowed to install programs which do not threaten the system. Set a password for logging into this account. For a visitor they may access the Guest account without need of a password. It allows access to common harmless programs such as graphic and text editors, browsers and so on, but is forbidden to install any program.
Be sure to create a “Standard User” (non-Admin) account for yourself to use on a daily basis so that you can safely get up to get a coffee without having to log out. No need to fear someone sneaking in and having admin access while you’re busy. Try to use the Admin account only when you need to make changes to the system. This will significantly increase the security of your system.
Note that for each account on the system, a custom folder is generated automatically; it contains all the typical subdirectories that you expect, such as “My Documents”, “Favorites”, “Contacts”, and so on as well as the ability to access all the files that are designated “public” for all users. When the need arises, you can edit the permissions on your non-Admin account with the “Add, Modify, or Remove User Accounts” tools.
3. If the Administrator Account does not have a password, any user can log in and access your system settings, rendering all these efforts useless. You MUST set a password for the Admin Account.
To do this, enter your Administrator account, open the “Start | Control Panel | User Accounts (or User Accounts and Family Safety | User Accounts Household users, if it exists in your version of Windows)” and click on the line “Create a password for your account.” If a situation arises where the password for the login fails, it can be removed by clicking on the line “Remove your password.”
4. Immediately after the installation of your new password protection, click on “Create a password reset disk”. A small USB-flash drive will be sufficient for this purpose. Insert the flash drive into an available USB port before you click Next. The subsequent screen will show a pull-down menu where you can select the flash drive you just inserted. Click Next. The Password Wizard will ask for the current password for the account. Type it in the box and click Next. A Progress Bar will move to 100% complete. Click Next. You have successfully created a password reset disk file named userkey.psw on the flash drive. Keep the drive in a safe place. Any person can use this drive to access your computer.
If you ever forget your password, click the arrow beside the blank box and you’ll see the option “I forgot my password“. Insert the USB flash drive, click “I forgot my password”, and enter the new password. Done!
This is first part of the article which is having two parts. You can read the continuation in the second part of the article.