Rohos How-To center | Desktop security How-to.

The basics of computer protection. Data security and access control tips.

 

 
 
 

Published : June 25, 2005
Summary: If you are the only holder of a computer or owner of a shared family PC - you might still want to set up your computer with user accounts, privilegies and other security rules and software. Doing so prevents unauthorized access to the Windows computer, make it more stable and gives you joy sharing the home computer or surfing the WEB online.

Remember that even the most higher computer security can be broken due to certain factors that you've missed. Check-out your system with the followig list of security measures.

List of Measures

Disable computer boot from CD-ROM and floppy
(CD/DVD-ROM, floppy, flash drives) The data security of your computer can be easily broken by the aid of bootable CD-ROM. This simple trick allows intruders to do the following:
  • Get full access to your disk drive and all the files on it without the need of logging in.
  • Reset the administrator password to a blank one.
  • Steal your email correspondence stored in Outlook.
  • Install a Trojan or virus program.

    If one can boot from CD-ROM, your files can be accessed in your absence. You should disable all the boot devices except the primary hard disk HDD-0 (see picture below).

    Here's how to disable system boot from Floppy/CD-ROM:


    First, boot device should be always your primary Hard Drive Disk. (The second can be any other but we recommend none;)


    Top of page


    Password protect the BIOS
    All computers have the option to set up a password for entering BIOS. This allows to protect from changing 'First boot device' option in the BIOS. BIOS also has some important settings that are:
  • Option to require password to turn-on computer.
  • Computer date and time.
  • Protection of first boot sector of the Hard Disk Drive.
  • Wake-up-on-LAN option that allows to remotely turn-on your computer.

    How to set BIOS password:


    How to set a password to BIOS to protect from changing the vital system options (first boot device, access password, etc.).


    Top of page

    Use encryption
    Use     disk encryption to enhance your privacy.
    For safe and 100% data protection we recommend to use data encryption software. Why? Learn here

    Top of page



    Avoid unknown applications
    Don't open or execute files you are not sure by 100% of, no matter where or how you get them (email attachments, etc.).
  • Get a good antivirus program: NOD32 or Norton Antivirus and keep it updated!
  • Get spyware cleaner program.

    Some unfair (XXX) web sites use the security defects (bugs and 'holes') of the popular operating systems (web browsers) in order to install malicious programs and modules on any computers, without any permission.
    Top of page


    Use different passwords
    The same password is a common mistake most of us commit.

    Imagine the following situation: you have 2 email accounts, an ICQ account, one computer at home, one in the office, and a handheld device. All of them are protected with the same password.

    Imagine that certain circumstances forced you to connect to ICQ from a computer in an Internet cafe. Public terminals are beyond your control, hence you are unable to assure that there is no spyware running on them, or that all the security measures were taken. In this case, your ICQ password is likely to be recorded somewhere.

    If that happens, then all your accounts\computers have become unprotected, even if you follow the guidelines mentioned in this manual.

    This threat could have been minimized if you used different passwords.

    In case your memory is not your strongest point, we have the solution - multifactor authentication. You can store your passwords on a USB flash drive, use password hint or     PIN code.
    Top of page


    Use two-factor authentication through USB stick
    This is secure, reliable and cost-effective way to log in into Windows and access your private files. Tesline-Service SRL has developed a convenient solution for     replacing your Windows password with a USB flash drive.

    The idea behind two-factor authentication is that more than one factor (password) is required for the authentication to succeed.

    For instance, Rohos Logon Key can enhance a password prompt with the requirement to plug in a USB flash disk (or USB stick, pen drive) into the computer.

    One-click USB key setup and your regular USB flash drive is ready for secure Windows login.
    Top of page


    Tips
    - How to choose a correct password? Which guidelines should I follow when creating a password?

  • The password should be not shorter than 7 characters;
  • It should be random, without any meaning;
  • Use UPPER case and lower case letters in your password ;
  • Use special characters like these: _,&,~,(,.

    So the ideal password should be like: Usa24_JD
    (legend: Usa-smth. you like, 24 - smb. age, JD-smth. abbreviature).

    Strong but not for human?
    A big lie of computer security is that security improves as password complexity increases. In reality, complex passwords that comply with the above list of "security-enhancing" principles lead to one outcome: Users write down their passwords. Security is better increased by designing for how people actually behave: -     Use hardware USB key to access your Windows account and private files.
  • Update/patch your software now and then.
  • Use firewall, like ZoneAlarm to control what goes in and out from your computer.
  • Check / adjust your Windows security settings so they are safe.
  • Don't use public computers for anything you need to type in your logins, they usually have keyboard monitors that capture your passwords/keystrokes.
  • Make backups and store them in safe place (at least once per month). Easiest way to do a total-backup is to make an "Image" of your harddrive or partition and store it on safe location.

    Top of page

    Links
    • How to use disk encryption to protect your privacy.
      Sharing a computer with someone else means that others could see your private files, install games or software you didn't want, or change your computer settings.
      Learn the most appropriate ways to protect your sensitive information.
    • Virtual encrypted disk inside-out
      Rohos software creates a virtual encrypted disk within a file and mounts it as a real disk drive. Encryption is automatic, real-time (on-the-fly) and transparent.


    Software Links
    Rohos Logon Key - Smartest, most feature-rich USB security Windows login solution. Two-factor authentication via USB stick for fast login.

    Rohos Disk - Smart disk encryption program. MS Office integration. Using two-factor authentication to access your files.



    Top of page

    • Go to How-To center

    How to use your USB stick for secure Windows login without the need to type your password every time?

     
    		 
     
         
     
     
    © 2004-2008, Tesline-Service SRL, Privacy policy|Site map|Press Resources|