Articles
Blogs
Kits
Forums
Software Security Options
Once you are done with the physical security considerations of locking down a PC, you need to turn on alot of security features that software vendors such as Microsoft leave off by default.
The first step with software security is to always use a login password for your copy of Windows. When you first install Windows, it does not require you to use a password, in fact, it will automatically log you on with the all-powerful Administrator account. Without a password, anyone walking by can take over the computer by putting on a password themselves and locking you out. Some internet viruses and worms may take advantage of blank passwords to do their damage so having a password in place will help protect against some viruses and worms.
To set a password in Windows XP, goto: Start > Control Panel > User Accounts.
Find the user account that says “Computer Administrator†below the name and click on it. It will now give you the option to use or change a password, click on it to do so.
To set a password for Windows 2000, goto Start > Settings > Control Panel > Users and Passwords. Fill in the checkbox labeled “Users must enter a username and password to use this computerâ€Â. Then, press CTRL-ALT-Delete and click the change password button
When creating a password, you should always use a password which isn’t easily guessable such as birthdates and names. A good password has both letters and numbers and is at least 8 characters long. For extra protection, use special characters like exclamation marks and full stops. A good example of this would be something like “t3chnibble.964!â€Â.
Encryption
If you must store sensitive files on your harddrive it would be a good idea to consider encryption. Windows XP Professional and Windows 2000 have encryption built in (XP Home doesn’t). To encrypt a folder, right click it in Explorer, choose “Propertiesâ€Â, press the “Advanced†Button, tick the “Encrypt contents to secure data†checkbox and press OK twice. Click the OK button again to access default options, “Apply changes to the selected items, subfolders and filesâ€Â.
Automatic Updates
Every day new viruses are written and people try to figure out ways to break into a Windows based system so it is a good idea to keep your software up to date. The two most important updates to do are Windows Update and the updating of your Antivirus.
To turn on Windows Updates so they update automatically for Windows XP goto: Start > Control Panel > Automatic Updates and choose “Automatic (recommended)†and set a time that your computer will be turned on and connected to the internet. Press OK.
To turn on Windows Updates for Windows 2000 with SP3 is a little harder. Microsoft has a tutorial located here
With automatic updates for your Antivirus you will have to look around for the setting and each brand is different. If you do not have an antivirus at all, then I recommend AVG Free which is very effective at detecting viruses.
Firewall
Having a firewall in place is a must for any internet connected PC as this can help prevent certain worm attacks and hackers from getting into your system. For 95% of computer users, the built in WindowsXP firewall is sufficient. However, if you want more control over what data goes in or out of your system then a third party firewall such as Zonealarm is a good choice.
To turn on the built in Windows XP firewall, goto: Start > Control Panel > Network Connections and find the connection you are currently using to access the internet. It may be named “Local Area Connectionâ€Â, “Surfboard ADSL Modem Connection†or something similar. Right click on it and goto “Propertiesâ€Â, then the “Advanced†tab. Under the heading “Windows Firewall†press the “Settings†button and turn on the Firewall then click OK.
Testing your Computer for Holes
Once you have done all of the above, you can test your computers security using Microsoft’s Baseline Security Analyzer which will probe your computer looking for patches that need to be installed, weak passwords and misconfigured settings. To test your firewall you can use an online tool called Shields UP by GRC.com that will probe your computer for any open holes that a hacker might exploit.
Security is an illusion. A word created to make people feel safe. In reality, security does 3 things and 3 things only….
Let’s compare a PC to a house…
1) Security at one level is a locked door so it basically keeps people honest, BUT if they want in, then they can just bust a window to get in.
Enter #2 and #3…
2) Once they get in, hopefully they get caught in the act, or (leading into #3 here)…
3) or they leave enough evidence behind to catch them later on.
If its not a matter of “IF”, but “WHEN” someone will get in if they so desire to. If you want complete computer security, put your PC in a 55 gallon drum and pour conret on top it. Once it sets, your PC is now forever secure.
The weakest link in any security scheme is the end user. People are hacked far easier than any computer can be. Kevin Mitnick was good at what he did, but much of it was exploiting the weakest link in the security chain, the end user via social engineering.
Also automatic Windows Updates are a bad idea and can cause bloat in Windows. Better to have Windows notify you, but let you choose which ones to download and install.
Also, the Windows Firewall is pointless. If someone has hit your PC, they’ve already been too far. You need to stop them at OSI Layer Level 2 - the Router.
Lastly, if you want a secure OS, remember first and foremost security is an attitude, a way of thinking, NOT a software package or a setting. Windows is used by most, but not very secure when compared to say NetBSD.