This page is not intended as a comprehensive guide, but illustrates a few of the
problem areas that I have routinely had to address, some suggested solutions and
sources for more information.
There are two main ways that the data on your computer can be accessed by
others, direct access where someone gets to sit at your PC
and browse through your files and perform almost any action and remote
access via a local network or the internet. The first tends to get
overlooked in many discussions of computer security issues but it is important
to prevent unwanted casual access to your computer whether it's your children at
home or the cleaner at the office. If your computer holds commercially sensitive
data you should also consider the consequences if it were to be stolen.
unwanted direct access to your computer
Screensaver password protection
Set up a screensaver to activate when the computer has not been actively used
for a period of say 5 minutes, and password protect it. Whatever work you are in
the middle of, if you walk away to deal with something else the computer will
soon hide it from the casual observer and prevent them from accessing your
You can set up a screensaver from the Display Settings Control Panel.
Password security for Windows 9.X
When you set up Windows 9.X or add a Windows 9.X
system to a peer-to-peer network, you may be asked to create a username and
password to use to identify yourself and (presumably) to restrict unwanted
access. Unfortunately the security offered by this type of password is very
weak. For instance, you can simply press the Escape key when being asked for
your password to gain access to the computer. In the absence of a Windows
NT/2000 server to validate the password and reject unidentified users there is
no point in having the password dialog pop-up when you start Windows.
To prevent this dialog appearing, change your Primary Network Logon to Windows
Logon in the Network Control Panel, then set a blank Windows password via the
Passwords Control Panel.
Add a BIOS level password for Windows
A BIOS user password can prevent someone gaining access to your system by simply
rebooting it. Used with a screensaver password this will provide adequate
security for Windows 9.X standalone systems or those on a peer-to-peer network.
You can set the BIOS password from the configuration utility that is available
when you boot your computer. Access to the BIOS differs from system to system,
but typically you need to press a particular key such as F1 or DELETE as the
computer starts up. There should be a message during the boot sequence that
details the available options.
Note It is usually possible to reset the BIOS password by removing the
internal battery that retains your BIOS settings and thus gain access, however
it would be evident that someone had tampered with the computer so this would
not be classed as a casual event.
unwanted remote access to your computer
As well as the threat posed by viruses, your computer may be
under siege whenever you connect to the internet. It is possible to set up
Windows in such a way that makes your computer relatively secure, but there are
also plenty of opportunities for software to undermine your security by
providing a route for data to flow in and out of your computer without your
knowledge. Firewalls provide a way of restricting and monitoring which programs
are connecting to the internet and the routes they use. By limiting the programs
which may connect to your local network and/or the internet it is possible to
reduce the risks of malicious data traffic.
It is important to keep up-to-date any software that you do
allow to access the internet to minimise the risk that it can be subverted. I
recommend BigFix to help in this task as it
will let you know automatically when updates become available.