The ABC of computer security: Physical Access to a Computer and Data (Part 2)

Posted: October 20, 2014 in Articles
Tags: , , ,


Physical Access to a ComputerWe continue our series of articles on COMPUTER security. Today we offer the second part of the article “Physical Access to a Computer and Data”.

Here’s the first part of the article

This part of the article describes following questions of the computer security:

  • Limited Access to Programs
  • PROHIBITION ON USE OF USB AND DVD-drives
  • LOCK ACTION WITH Kaspersky Internet Security
  • Control Access to Files And Folders
  • ON GUARD – Bio-Scanners
  • Restricting access to the BIOS

Limited Access to Programs

Using the Parental Control in Windows 7 allows you to limit and control the actions of other users, particularly children. This tool can be used to enhance PC security.

1. To set up Windows 7 “Parental Control”, click on ‘Start | Control Panel | (User Accounts and Family Safety, if on your version of Win7) | Parental Control, or ‘| Start | Control Panel | Parental Control | for many installations.

Windows 7 Parental Controls

2. Click on the icon of the account to which you want to apply parental controls. Select “Activate using the current settings” or “On, enforce current settings” (depending on your system).

Enforce current settings

3. You must activate the options for “Time Limits”, “Games” or “Allow or Block specific programs” if you intend to use them. Time Limits are set by clicking and dragging in the box shown. Blue means the hours are blocked; white means those hours are permitted. In Games there are many categories (Sexual themes, Tobacco use, Drug use, Bloody Violence, and many, many more), so be prepared to spend some time reading the choices. In the Allow or Block specific programs list, it will scan your system and create a list of programs. You may click the Check All box so you can disallow just a few specific programs, or go through the list and only allow a few specific programs. Be careful: the prohibition of certain utilities can lead to conflicts with other software.

Block Specific Programs

PROHIBITION ON USE OF USB AND DVD-drives

To help prevent data leakage, use the program Deskman from Anfibia Software. With its help, you can restrict access to your computer, including fixed, hidden, network, and USB-drives.

1. Install and run it. In order to protect the internal and USB-drives and prevent unauthorized users, go to the «Policies». Check the box «Disable External USB Drives» and «Drives (A, B. C, D, …)» specify which disks to deny access. Click «Save» in the top menu. You will be prompted to restart the system.

2. To allow access to ports and drives you must set a password for Deskman. To do this, open the top menu «Setings |  Basic | Deskman Authentication» and enter your password in both fields. Click on “Save”.

Below you can see a video guides on how to setup and manage Deskman, the advanced security tool for Windows.

LOCK ACTION WITH KIS (Kaspersky Internet Security)

Kaspersky Internet Security provides an antivirus package, a wide range of tools to manage users, and methods to limit their actions.

1. Open the control window of Kaspersky Internet Security and select “Parental Control” in the ribbon menu. When prompted for a password, click “Ignore”.

Kaspersky Internet Security

2. Select the user to which the restrictions will apply, and then click “Enable.” Select “Settings” in the ribbon menu.

Parental Control Settings

3. In the window that opens, you can find many useful tools, such as the restriction of access time to a computer and the Internet; it will run only the selected programs and ban the publication of important data in social networks and personal correspondence. In addition, you can, for example, prohibit Internet download programs and files, which will create an additional barrier against assault by malicious programs on the PC due to inexperienced users.

Control Access to Files And Folders

To restrict user access to documents and directories, you can use the standard tools of Windows. To do this, open Windows Explorer, right-click the drive, folder or file, click on the context menu to select “Properties”, go to the “Security” tab and press the “Advanced” and “Change Permissions” to adjust the rights for users and groups. You can allow only certain people to view, edit, delete or create, and deny access to an object generally or, on the contrary, provide full read, write and edit (delete) access to everybody.

ON GUARD – Bio-Scanners

The use of biometric sensors for authentication and access to the PC has been practiced for several years. Fingerprint scanners on mice, keyboards, and laptops can, on the one hand, prevent access to the system at the hardware level, and on the other – make life easier for the user, because he will not have to remember a complex password, or worry about losing it.

Retinal scanners are in limited use because they are very difficult to defeat. They are limited to highly secretive industries and governments.

Facial Recognition is so popular and simple now that it is being used with Smartphones. It can easily be installed on a desktop, laptop or tablet equipped with a camera or webcam (which are readily and inexpensively available in all computer stores). As for the software, these utilities in the software market are relatively inexpensive. Keylemon (keylemon.com) is a free version of this type of software, and VeriFace comes preinstalled on Notebooks by Lenovo – however, it can be used on most other laptops. Similar more secure programs require the user to blink their eyes to demonstrate that it is not a photograph of the user. HDD and Flash drives are now available with biometric fingerprint scanners.

Lenovo VeriFace

Restricting access to the BIOS

Restrict access to your PC with a BIOS password – a radical measure – which prohibits unauthorized access of a computer through external channels (such as use of mobile HDD, flash drives). Creating a password to log into the computer via the BIOS is simple.

After turning on the PC, hold down the key normally used to access the BIOS. Depending on the type of BIOS, the key may be «Del», «F2», «F10», «F11», or «F12». Use the «Supervisor Password» to protect against changes in the BIOS settings — and in combination with the «User Password» – to protect against unauthorized booting of the OS (the password will be required to boot up the machine).

BIOS Restricting access

If you want to protect your PC from auto-starting from removable media such as DVDs, USB sticks/Flash Drives or portable HDDs, go to the menu BIOS «Advanced BIOS features» or «Boot» (depending on the motherboard manufacturer) and ensure your boot HDD is the first item in the boot methods list (and you may wish to disable other boot methods altogether. You can re-enable them if the need ever arises). The «Supervisor Password» will not allow outsiders to change this setting. This protection method should be combined with sealing the computer case; this will prevent someone from disconnecting your Hard Disk Drive and plugging in another of their own to gain access.


Here’s the first part of the article

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s