Data security
There are quite a few things you can do to improve the security of the most valuable thing on your computer, your files, let's look at some of them.
The level of security needed will vary depending on a number of factors, home or business, single or multiple users
Logins
| Both Windows 2000 and XP usually require you to login. One account, the Administrator is created when the OS is installed and the Administrator, or other user with Admin privileges (given by the Administrator), can create new users and set their rights. |  |
| When The PC starts, or if a password protected screen saver is running and the mouse or keyboard are touched, you will be presented with the login screen. Move the mouse over the users icon and click and the password entry box will appear (assuming a password is set for that user). |  |
Creating users and limiting their rights.
Allowing others to access resources on your PC(s) can be worrying, however since Windows NT, Microsoft have began to get their act together as far as security (apart from the odd breach). on any sized network, or for that matter stand alone PC that's open to other users, they are likely to do something that will at the very least annoy you. There are steps you can take to limit their rights over both your system and the files on it, primary of these is to assign privileges to them.
The Administrator and any Admin level users, have complete rights over the entire PC, or network, but with other users you can limit what each user can do, or put them into a group with similar privileges.
Attrib
one of the easiest ways of stopping a file being deleted, or overwritten is to change its attributes.
Attrib.exe was and still is a DOS level application, which allows you to apply, or remove attributes from specified files. The Utility continues in use in Windows, but is accessed via the file properties.
The Level of security you will need depends a great deal on the environment you are working in and the sophistication, or lack of it of your users. The last thing you, as an administrator of even a single PC at home need is for the inexperienced user to delete vital files. Attrib will allow you a good degree of protection against the foolish deletion of important files.
[drive:][path]filename
Specifies the location and name of the file(s) you want to process.
Switches
+R Sets the Read-Only file attribute.
-R Clears the Read-Only file attribute.
+A Sets the Archive file attribute.
-A Clears the Archive file attribute.
+S Sets the file as a System file.
-S Clears the System file attribute.
+H Sets the file as a Hidden file.
-H Clears the Hidden file attribute.
Attrib in Windows
To read or change the attributes if a file in windows.
(1) Locate the file
(2) 'Right click' the mouse over it
(3) Move over 'Properties' and 'Right click' on them.
a dialogue box will appear showing the current properties of the file and allow you to change tham.
BIOS Security
The PC’s BIOS (Basic Input/Output System) is a chip in the motherboard, which keeps an electronic record of the PC’s physical configuration(number and size of drives) and other details such as the real time clock, date settings.
It is also possible to password lock the PC within the BIOS. This is possible at two levels:
BIOS password
You may by setting a BIOS password, prohibit unauthorised access to the BIOS settings. You may for example wish to ban users starting the PC from a bootable disk, in the A: drive, bypassing any anti-virus software loaded onto the hard drive, this can be set in the BIOS by an authorised user.
Startup password. By setting a password in the BOIS option that requires a password to be entered on startup, you can stop your PC from being used by unauthorised users.
As a system administrator, you may come across an instance where a user has ‘forgotten’ their BIOS password (two weeks on holiday can do this) and you are presented with what may seem to be an unusable PC, This is not the case!. The settings generated by the BIOS are kept in a CMOS (Ceramic Metal Oxide Semiconductor) chip on the motherboard. The PC’s Battery keeps these settings active. However on most motherboards there is a jumper which, depending on the type of board, either by moving the jumper to a different position , or making a connection, will clear the CMOS. This information is contained in the PC’s Motherboard manual. You should bear in mind that doing this will clear ALL the settings in the BIOS, so you will need to reset the information about the disk drives and. Time /Date.
Cookies
Most cookies are harmless and some will make your life easier, however you should be the judge of what cookies you allow on your pc.
Some, such as those from your ISP, mail host, or online banker should be allowed, but as a rule of thumb if you don't recognise the name block the cookie.
| Cookies are kept in a folder called 'Cookies' in your user area in the 'Documents and settings directory' Should you wish to delete them you can, however as I've said elsewhere you might as well leave those from organisations such as your ISP, or bank. |
|
| The cookie can be opened with a package such as notepad, but probably won't tell you much. The cookie shown tells me that I've logged on to the Bonsai Primer 142 times and that's about as much sense as I can get out of it. |
|
Blocking Cookies
| Allowing you to chose which cookies to block is easy. Open your browser (In this case Internet Expolorer), select 'Tools' in the menu bar then 'Internet options' |
|
| The 'Internet Options' dialogue box will appear. Click on the 'Privacy' tab |
|
| Click on the 'Advanced' button.this is white text and will not appear (i hope) |
|
| The 'Advanced Privacy Settings ' box will appear. Click on 'Override automatic cookie handling'. My advice is to select 'Prompt' for both classes of cookie, allowing you the choice of what you have on your machine. |
|
Pop ups
Not as such a security problem, but a real annoyance if you don't want to visit 'grannyspankers.com'. Pop ups will appear while you're on the net at odd times, usually as you're about to do something important.
They're a function of Windows networking, allowing system Administrators to send messages to warn, or inform logged on users of maintanance or system issues.
| Messaging can easily be disabled and if done will have no effect on the way the PC performs. Go to the 'Start' button amd click on it, then click on 'Run'. The Run dialogue box will appear, type 'Services.msc' and hit the return key. |
|
| A list of the services running at the moment will appear, drag the button on the scroll bar down until 'messenger' appears and click on it. |
|
| A dialogue box will appear, move down to 'Properties' and click in it. |
|
| The 'Messenger' properties dialogue box will appear. this is white text and will not appear (i hope) |
|
| Click on the down arrow by the 'startup type' box and a drop down menu will appear. Move down to 'Disabled'and click on it |
|
| The Messenger service is now disabled, with no effect on the running of the PC. |
|
© Allen. C. Roffey primerpc.com 21:59 14/01/2006
