How to Properly Secure a PC
There are plenty of people in the corporate world that know little bit about computer security. Companies will often tell their employees to have strong passwords with both letters and numbers and not something easily guessable such as a child’s name or birthdate.
There are also many home users who feel their computer is safe because they are running the latest Norton Antivirus, have all the latest Windows updates and only buy from online sites with the little SSL lock.
Here is a fact for those users who feel safe; a good computer technician can bypass all of this with great ease, sometimes within a matter of minutes.
Whether you are a computer technician or just a computer user, this guide will show you how to properly lock down a computer.
Leading security brands such as Symantec and McAfee will tell you the internet is not a safe place and that you should have a good antivirus and firewall to keep hackers from stealing your private data. This is good advice, however what they fail to mention is that according to a survey for top IT managers, taken in 2003 by the FBI and Computer Security Institute, reports that 45% of the companies had files accessed without authorization by insiders. Not by some hacker poking away at their firewall.
Having a strong Windows logon password with both letters and numbers is simply not enough as files can be accessed as easily as putting a CD into the CD-Rom and turning the computer on, without ever needed to log onto Windows. There are many freely available Operating systems such as Knoppix (linux based) and UBCD (windows based) which can be run from the CD and make it easy to read your files without ever entering Windows.
What about encrypted files? Breaking into encrypted files can be done, but without the original password it is incredibly time consuming. A much quicker way to get into encrypted files is for someone to install something called a “Key Logger” onto the computer using one of these CD’s. A Key Logger is an application that records the buttons you press on the keyboard, including that password you type in to access your encrypted files.
A computer that could be considered “locked down” should have all of the following security measures in place:
Being Boot Proof
By making a computer boot proof, it helps prevent attacks from boot CD’s such as Knoppix or UBCD.
To make a computer boot proof, go into the computers BIOS by pressing F1 right when your computers screen first turns on when you power it up. For some computers, especially brand name ones, it may be F10, F12 or F2 instead of F1.
Once in the BIOS, look for a Boot Order/Options section and change the boot order to boot from hard drive only. If there is no hard drive only option, make sure harddrive is first (eg. HDD, FDD, CDRom). Now, look for a Security/Password section and set a “boot password”. Be sure to write it down in a place that you will be able to find it and other wont and remember that the password is case sensitive. If you forget this password you will have to open up your computer to remove it (which of course, we have the instructions for here).
If your computer case doesn’t have a physical lock on it for preventing people from opening it (most computers don’t) then it might be a good idea to put on a “Harddrive Password†which can also be applied in the Security/Password section of your BIOS. The reason for a harddrive password is even if you have a boot password, someone can remove the harddrive from the physically unlocked computer, place it in another computer and totally bypass the boot password on your computer because your computer was never turned on.
Keep in mind though, if you forget a harddrive then your harddrive and all the data on it may be rendered unusable after 3 wrong password guesses. Most computer technicians will not be able to remove a harddrive password.
Physical Security Options
As mentioned in the previous section, boot passwords can be bypassed by physically moving a jumper on a motherboard or by removing the battery that powers the bios. To prevent such a thing, having a lockable computer case is a good option as it will also help prevent the theft of computer parts such as the hard drive.
If you have a laptop and use it in semi public places such as libraries, airports & coffee shops then leaving it alone is definitely a bad idea. Investing in a good laptop cable lock deters walk-by thieves in public and semi-public places (however, not in private locations such as hotel rooms as bolt cutters will cut through these like butter). Most laptops, some desktop PCs and even some flat-screen monitors have cable lock slots, just make sure you secure it to something escape proof like a wall pipe or the middle of a bed frame. Wrapping it around a table leg just won’t do.
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
Security is an illusion. A word created to make people feel safe. In reality, security does 3 things and 3 things only….
Let’s compare a PC to a house…
1) Security at one level is a locked door so it basically keeps people honest, BUT if they want in, then they can just bust a window to get in.
Enter #2 and #3…
2) Once they get in, hopefully they get caught in the act, or (leading into #3 here)…
3) or they leave enough evidence behind to catch them later on.
If its not a matter of “IF”, but “WHEN” someone will get in if they so desire to. If you want complete computer security, put your PC in a 55 gallon drum and pour conret on top it. Once it sets, your PC is now forever secure.
The weakest link in any security scheme is the end user. People are hacked far easier than any computer can be. Kevin Mitnick was good at what he did, but much of it was exploiting the weakest link in the security chain, the end user via social engineering.
Also automatic Windows Updates are a bad idea and can cause bloat in Windows. Better to have Windows notify you, but let you choose which ones to download and install.
Also, the Windows Firewall is pointless. If someone has hit your PC, they’ve already been too far. You need to stop them at OSI Layer Level 2 – the Router.
Lastly, if you want a secure OS, remember first and foremost security is an attitude, a way of thinking, NOT a software package or a setting. Windows is used by most, but not very secure when compared to say NetBSD.
Some people are helpless. I once had someone asking me for advice. So, I told her she needed to put a password if she had wireless internet connection. She argued with me as to why she should. I said, you don’t want other people logging into your network and stealing your information or using your internet connection to do illegal stuff and then you become the accused. She said, I don’t have any important data in my computer, and even if I did, I have no money in my bank account so I could care less. As to people using my connection to do illegal stuff, I will clearly explain that I didn’t do anything wrong and check my comp if the police don’t believe me. Then I said, even so, if you want a fast internet connection you need to put a password, because if people start logging on, it’ll slow down your entire connection. She said, no, I have subscribed for the fastest internet connection and it allows a lot of people to connect to my network. At that point I was like, screw you. Do whatever you want…LoL.