- — 18 November, 2002 13:55
Faced with the sheer volume of products now being offered, and with many computers and operating systems now including some of these security capabilities, it is important for users to understand their needs first before they decide in which products to invest.
First things first: Nail it down (Back to contents)
The idea of physical PC security is as simple as it is essential. Keeping people you don't trust away from your PC by locking the door is a great start - just being able to get to a PC's floppy drive and power button makes it quite easy to break into many systems. But if you've left your PC somewhere public or a would-be thief is already in your home or office, then there is still the idea of locking your computer to something immobile.
Most notebooks have a small opening on the side or back which is intended for third-party locks. There are many options on the market - some as simple as a lock with an attached steel cable for looping around a table-leg, others with locking plates and super glue to create anchor points. For the gadget fans, there are also many cables and locks with in-built motion-sensors and high-decibel alarms. Cables and locks are available in the $60-90 range, with motion sensors around $90-100.
For desktop systems, there are versions of the same - anchor points with special glues, cables and alarms. And to prevent access to drives, there are locks that attach to the case and physically prevent anyone from opening the CD/DVD drive or putting in a floppy disk. There are also chunkier enclosures available that physically surround the PC or PC and monitor, requiring a lot more effort than a pair of bolt-cutters to remove.
Should the thief manage to steal your computer anyway, several companies offer a tracking and recovery service. The recovery services work using software agents installed on your computer. Each time the computer is connected to the Internet it contacts the recovery service and sends either its current IP address or the phone number from which it is calling, allowing the computer's new location to be identified and police informed.Back to top
Keeping them out (Back to contents)Ensuring that only the people whom you want to have access to the computer system can access it is the task of access security mechanisms such as authentication. The first step is to use system accounts with usernames and passwords to control access to the computer. Having a strong password is the easiest method of greatly increasing the security of your computer and the privacy of the data residing on it. Using a weak password that's easy to guess (such as the username) isn't much of a hindrance to authorised users trying to get in. Most operating systems with accounts have policy enforcement mechanisms that allow control over such characteristics as the complexity of a password, how long it can be used, what times or days it can be used to log in to the system and, most importantly, the ability to lock out an account after too many mistakes. This is used to stop people from using programs that keep guessing passwords until they can break in. If your operating system doesn't support user accounts, consider if protecting your files using an encryption utility (see "Keep it secret" below) is sufficient for your security needs. You can also try using the BIOS; on many computers, passwords must be entered before they will boot an operating system. If encryption or BIOS passwords aren't the answer, upgrade to an operating system with system security built in, such as Windows 2000/XP, Mac OS X or any UNIX-style system. Taking it a step farther, there are many new products available which replace the password with additional forms of identification, making password guessing next to impossible. It is now easy to pick up fingerprint scanners that work with your operating system to control access, PC card devices for notebooks, and USB devices for either notebooks or desktops. There are also smart card systems that require the user to insert a card into a reader at the same time as entering a password. Both PC card readers and fingerprint scanners are usually available for around $400-$500. Just having a strong password isn't necessarily enough, however, if you are in the habit of leaving your computer logged in and wandering off for a cup of tea. To combat this opportunism, you need to configure your operating system to either lock the user account after a pre-determined interval of inactivity or to use a password-protected screensaver.
Don't forget to lock the back door as well (Back to contents)Often the easiest way to get into a computer is via the network. Not only do many Internet-connected PCs have network file shares with no passwords required, but attackers can also use bugs in parts of the operating system which listen to the network to break in remotely. Additionally, if your PC is connected to a broadband connection permanently, then it becomes an even more likely target for misuse.
To protect your PC from network threats, you can either read up on the subject and become a security expert, then patch and configure your operating system in a secure manner, or you can take the easy approach and get a personal firewall. Companies such as Linksys and Netgear sell hardware firewall solutions - small devices that plug into your modem, cable modem or ADSL modem on one side and your PC on the other. Typically, these devices use network address translation (NAT) to hide your PC from the network. NAT does this by assigning your computer an IP address that it isn't possible to use on the Internet, which makes it effectively invisible. Therefore the only place a would-be intruder can attack is the secure interface the firewall uses to talk to the modem, which is designed especially for this purpose. Hardware firewalls suitable for broadband home users cost $200-600 depending on additional features such as in-built 802.11b routers. Higher range devices include firewall software that provides better flexibility for controlling network traffic, but the downside to these hardware devices is that they often stop programs like ICQ or Windows Messenger from working without special configuration. However, they usually have a few network ports on the inside so can protect a home network instead of just a single PC.