Hackers, spammers and out-and-out thieves. How can you keep the bad boys out and the good data in? Smart Company has the lowdown on how to protect both your data and your premises
PC and network protection
Want to safeguard yourself from prying eyes? Here’s how to thwart those pesky virtual interlopers before they strike.
1. First Steps
Even if you adopt the best encryption schemes, employ the strongest passwords and implement the toughest security policies on your PC, an insider can still steal information right out from under your nose if you don’t protect the physical integrity of the PC itself
and turn off some settings that let an insider bypass your stringent software security. What’s worse, insiders are harder to detect and repel than some anonymous hacker pinging your firewall.
Boot-proof it: Your Windows password may be 26 characters long, with letters, numbers and special characters — but if an intruder can read your hard drive without having to boot up Windows, what good will it do you? Armed with a freely available, custom boot floppy or CD, a knowledgeable snoop can access your digital goods without ever entering Windows. To prevent this, use the system BIOS to disable boot devices other than the hard disk (or, if that’s not possible, select the hard disk as the first boot device). For computers located in hard-to-protect public areas, consider removing floppy and CD/DVD drives, and disabling or removing USB and FireWire ports, to prevent people from booting the PC with a Linux disc, iPod, flash memory USB drive, or FireWire hard disk.
Password-protect the BIOS: Most types of BIOS let you create a user password that must be entered thereafter to permit the system to start up. If the BIOS supports it, an administrator password will prevent intruders from changing your BIOS settings (including the boot password).
To get started, check your system’s online or printed documentation to find out how to enter the BIOS setup program. In most cases, you’ll need to reboot and then press
Two important warnings: First, write down this password (carefully — it’s often case-sensitive) someplace where you’ll be able to find it but others won’t.
Second, don’t assume that a BIOS password will stop everyone. Some systems accept ‘master’ passwords, lists of which appear on the Web. Holding down certain keys or mouse buttons will sidestep password security on other models.
And anyone with the opportunity to open the system’s case can clear the passwords by moving a jumper on the motherboard, or by disconnecting the battery that powers the BIOS settings’ memory chip. If you’re worried about that happening, get a lock for the case itself.
Go biometric: Ready to go all James Bond? Consider using a biometric device, such as a fingerprint reader. Many biometric devices include password manager software to keep track of passwords for networks, websites and even other applications. For instance, the Fellowes Secure Touch Mouse combines a biometric fingerprint scanner with Omnipass password management and encryption software from Softex. After training either device with your fingerprint, you will be able to log in to websites or Windows, or encrypt and decrypt files and folders, with merely the press of a finger.
PC, phone home: If someone manages to swipe your PC or laptop despite all your precautions, you stand a chance of getting your machine back if you’ve installed tracing software on it. Programs like Absolute Software’s ComputracePlus (€50 per year) and ZTrace Technologies’ ZTrace Gold (also €50 per year) lurk invisibly; checking in with the manufacturer’s tracking servers whenever the computer is connected to the Internet.
When you report the computer stolen, the software manufacturer can help authorities locate the laptop and the thief.
2. Software Security
Once you have the physical stuff licked, your software — both the operating system and the applications that you run — needs to be tightened up to prevent break-ins, data theft, mischief or destruction. Your first mission: Plug the innumerable gaping security holes that many software makers leave open by default. But securing your software doesn’t stop there. You should also take advantage of optional features, like password protection, that can prevent casual to moderately determined snoops from ruining your day.
Always log in with a password: When you log in to a Windows 2000 or XP computer, you can make it very difficult for another person who uses that computer to access your files. By comparison, Windows 9x and Me passwords are laughably easy to bypass. But there’s a big problem: No Windows operating system requires you to use a password at all.
In fact, by default, Windows 2000 and XP Home Edition create user accounts without passwords and log you in automatically, even when those accounts belong to the all-powerful administrator group. In the absence of an account password, anyone strolling by the PC can take it over, create a password that keeps you out, or establish a password account for their own use. Blank passwords also make your system more vulnerable to Internet hacks.
To create a password for your account in Windows 2000, open Control Panel (Start, Settings, Control Panel), double-click Users and Passwords, and fill in the check box labelled Users must enter a username and password to use this computer. Next, press, and click the Change Password button. If you haven’t created a password before, the ‘Old Password’ field will be greyed out; otherwise, enter your old and new passwords in the required fields, and click OK. In Windows XP, open the User Accounts Control Panel, select the account that you want to protect with a password, and click the Create a password button.
Encrypt your files, if you must: If you store sensitive data on your PC, consider encrypting your files — especially if the PC is portable. Windows 2000 and XP Professional include built-in encryption for files and folders; alternatively, you can purchase third-party file encryption software. Encryption makes it much harder for someone to boot your computer with an install or recovery disc, decrypt your passwords, or take control of Windows.
To encrypt a folder in Windows 2000 or XP Professional, right-click it in Explorer, choose Properties, click the Advanced button, fill in the Encrypt contents to secure data check box, and click OK twice. Click OK again in the next dialogue box to accept the default choice, Apply changes to the selected items, subfolders and files. Now the caveats: Encrypting your whole drive is time-consuming, may retard system performance, increases the likelihood that you’ll lose access to your files, and may be overkill unless you have something really important to protect. So don’t encrypt just for
the thrill of it.
Password-protect Outlook’s inbox and identities: Some of the most sensitive information on your PC lurks in your inbox and outbox. Fortunately, a few programs allow you to encrypt and password-protect your missives. In Outlook 2003 and 2002, choose File*Data File Management, click Settings and then Change Password, enter a password in the ‘New password’ and ‘Verify password’ fields,
and click OK. Thereafter, only someone who knows this password will be able to look at previously received messages stored in your inbox, outbox, or other mail folders.If you use Outlook Express, you can password-protect only your e-mail identity (a file that
contains your e-mail account user name and password) to thwart a thief who might want to steal your account information. This prevents people from being able to read your new mail, but serious snoops can still import your messages into another program. Choose
File*Identities*Manage Identities, select the identity to protect, click Properties, check Require a password, click OK and then click Close.3. Network Defence
You meet the biggest threat to your computer when you connect it to the Internet. Given the huge volume of well-crafted worms and infectious spam, it’s a wonder more computers haven’t turned into zombies obeying the commands of malicious hackers. Here’s how to
prevent your PC from joining the digital undead.
Put a firewall on every PC: Regardless of its connection type — dial-up, broadband, or wireless — any computer that connects to the Internet needs a firewall to protect it from attacks over the network and rogue programs sending data out. In fact, your best bet is to use two firewalls: an external, hardware firewall, such as the kind built into most wired and wireless routers (and some cable or DSL modems); and a software firewall that runs on your PC, watching your applications.
In addition to blocking unsolicited incoming and outgoing traffic, hardware firewalls provide Network Address Translation(NAT). NAT, in combination with the router’s built-in Dynamic Host Control Protocol (DHCP) server, masks your true IP address from computers outside your local network, making your PC nearly impossible to target.
Because hardware firewalls are the first line of defence against incoming attacks, properly configuring them in accordance with the manufacturer’s documentation is crucial. In particular, you have to create a strong administrator password to prevent someone from taking control of your firewall.
Software firewalls meanwhile, protect you from inside threats — viruses, Trojan horses and spyware — that may come to reside on your PC. Browse more securely: Internet Explorer is the world’s most widely used web browser.
Advertisers, spammers, and con artists have learned to take full advantage of its ability to shower you with pop-up ads and ‘helpers’ that hijack your home page, install adware or steal data.You can block many of these threats by boosting IE’s security and refusing to install the ActiveX controls that websites ask you to download. Better yet: Switch to an alternative browser that doesn’t support ActiveX controls, such as Mozilla.org’s Mozilla or Opera Software’s Opera.
4. Kill Viruses Before They Get You
Of all the threats to your PC’s security, viruses (and their kin, Trojan horses and worms) seem the scariest. Using an up-to-date antivirus program will prevent many virus attacks, but if a virus hits before you update, you can still get infected and spread that infection to others. To protect yourself from unknown attacks, you need to anticipate the hackers and know how to lock down the part of your computer where the next virus will strike — before the attack happens. Here are a few ways to do just that.
Back it up: The MyDoom worm wiggled onto hundreds of thousands of computers, but fortunately it didn’t destroy or steal files. If it had, you would have been really glad that you backed up your important data before it struck. The next worm may not be so benign.
Install all critical updates ASAP: The Blaster worm hit only people who hadn’t installed a patch issued months earlier. Setting Windows and your applications to update automatically is best for most people (see ‘Auto-update key software’). To be really thorough, however, glance at Microsoft’s Security Bulletins once a week — patches sometimes show up there days (and occasionally weeks or months) before they get into Windows Update. Programs that lack automatic updating may still offer menu commands that check for updates.
Test for flaws: Once you’ve rigged your PC for battle, check its readiness by using one or more free security scanners. Microsoft’s Baseline Security Scanner probes for missing security updates and service packs, weak passwords and misconfigured security zone settings in Microsoft Office, Outlook, and Internet Explorer. Steve Gibson’s Shields Up site (www.grc.com) scans your PC for open network ports and running services, looks for browser vulnerabilities and determines whether Windows XP’s spam-prone Messenger service is running.
Advances in physical security
Although some small firms may not take the threats from virtual intruders too seriously, most business owners would claim to be pretty smart when it comes to securing their premises against physical intruders. There is all manner of equipment available to those who want to lock down their workplace — but did you realise quite how advanced security equipment has become?
Once upon a time a good alarm was all that was deemed necessary to thwart trespassers but increasingly businesses are also availing of CCTV in their battle against midnight prowlers. However, for those who really want to outwit interlopers then the next step is to purchase state-of-the-art tools that offer almost total protection. Although it has yet to become common, IP-based video cameras and remote monitoring are soon likely to be the preferred choice of many security conscious business owners. ‘Prices are starting to go down so high-tech security equipment is becoming more affordable,’ says Glenn Staunton, managing director of Omada Security.
Staunton believes that most small firms are unaware of the development of modern security equipment. ‘Generally we would do a lot of alarm monitoring for SMEs and also put in a lot of systems such as IP-based video cameras. What’s obviously important for firms is the digital recording equipment in the backend particularly if they need to archive footage.’ He says that if companies do need to archive that this can be still relative costly. But there are workarounds. ‘There are a lot of companies that aren’t changing cameras but are putting in a new backend system and then taking an analogue feed from their cameras, converting it to digital and then pumping that through a digital video recorder system,’ says Staunton.
One traditional way to monitor premises has been to hire a company to send out security guards to check that nothing is amiss. But increasingly, security firms are also beginning to offer companies remote monitoring services. Netwatch is a Carlow-based security organisation that uses modern satellite and Internet-based technologies to provide remote visual monitoring security systems to businesses. The system allows the company’s command centre to watch in ‘real time’ any intrusion taking place at a premises, and perhaps more importantly, to speak directly to criminals before they commit a crime. The organisation has a large cross-section of clients including many small firms in the motor and construction industry and those who own warehouses and factories.
‘Netwatch is an alternative to traditional physical security,’ says David Walsh, the firm’s sales director. ‘It is instant in the fact that if someone breaches the security line, we get an audio warning at our HQ and the camera immediately comes live on our screen together with a site map, which allows us to navigate around the premises so that if someone runs off to the right, for example, we can have a camera there to meet them before they arrive.’
Walsh points out that within five seconds of security being breached there are trained security personnel watching who can give an audio warning to intruders. ‘We always act according to the protocol agreed with the keyholder and in most cases they are content to let us talk directly to trespassers,’ he says. ‘In 90 per cent of cases this in itself is sufficient to get people to run off into the night.’
All Netwatch’s clients get a detailed written report with photographic evidence e-mailed to them before 8 a.m the morning after an incident has occurred. As well as giving the client peace of mind and taking the responsibility away from them, the service is estimated to cost a tenth of the cost of employing a security guard onsite.
Additional benefits are that the cameras won’t fall asleep, aren’t easily intimidated and aren’t susceptible to corruption! Moreover, for those hands-on business owners who simply must know what’s going on themselves, there’s the option of logging in to check the premises themselves via a web browser.
Case study – Mobile monitoring
Dublin based motorbike store Ducati Dublin has improved its security and monitoring services by installing a new remote monitoring system from O2 and CamNet Solutions. By linking into the store’s ALNet CCTV camera system over the O2 data network, Ducati
Dublin’s store manager can view the premises, including the showroom and stockroom, at any time or place in the world via a mobile phone. In addition, electrical appliances such as heaters, lights, etc can link into the ALNet CCTV system and be switched on even when there is no-one on the premises.
Claudio Tamburrini, managing director of Ducati Dublin, says that the new system is just what the store was looking for. ‘Security is paramount at Ducati Dublin and both O2 and CamNet have enabled us to monitor our premises more closely and round-the-clock with ease.’
Case study 2 – Keeping things ship shape
Gwynedd Shipping, a Welsh freight logistics company based at Dublin Port, recently deployed Netwatch at its premises. The firm, which has been in operation since 1984 and currently employs 10 people at its depot, serves a team of over 30 drivers. The site incorporates offices, a maintenance garage, a fuelling facility and parking areas, which are in constant use, 24 hours a day.
Austin Gilligan, director of Gwynedd Shipping, took the decision to install The Netwatch System as part of his company’s overall review of security practise at the depot. The company had employed traditional methods of security in the past but felt that these methods were becoming both expensive and inefficient and no longer suited the requirements of the operation at the depot.
‘We needed a system that would match two specific needs at our depot. The first was overall security. Traditional security measures act as a deterrent but because intruders can analyse the patterns of the security operation, it would have been all too easy for someone determined to gain access to the depot to do so,’ says Gilligan. ‘Our second requirement was for a secure system of access for lorries to the depot outside office hours. Up to this point, a security guard had been employed to open the gates to let lorries into the depot and lock them after. This was proving to be very costly and was not efficient. The new system installed, Netwatch, is an interactive system employing technologies that allow our premises to be watched 24 hours a day with the added benefit of recording everything that takes place. Lorries wishing to enter or leave the depot now call Netwatch and the security gates are opened and closed from their remote command centre.’
Gilligan believes that the new system offers the company a flexible security product that is suited to its needs.
‘We have the peace of mind of knowing that our premises is secure 24 hours a day, being monitored by the Netwatch command centre but we are also able to monitor screens ourselves from our office during the day. If I want to review any of the night’s activities, I can quickly check the CD Rom for the events without having to watch a video of the whole night. The security system installed was specific to our needs and has been money well spent.’
Case study-An education in security solutions
One of the hallmarks of the success of Eircom Net’s business e-mail protector is that staff don’t notice it’s there, says Neil Ryan, IT manager with the National Education Welfare Board (NEWB). The NEWB is a new agency set up by the Department of Education to take responsibility for promoting and supporting attendance in schools.
Staff members get complete protection from viruses and spam, he explains, without having to bother about what goes on behind the scenes. ‘We are hit with approximately 100 viruses a day, and we would receive almost the same number of spam e-mails. It was taking up a lot of IT administration time to block new sites, which had been attacked and hacked, and we don’t have the resources for this,’ Ryan explains.
Maintaining the integrity of the organisation’s communications infrastructure was simply taking up too much time. The NEWB needed an outsourced product to take the pressure off IT staff without compromising security. ‘As our mail is initially routed through Eircom,’ he continues, ‘we asked them if they had any product that would actually scan a mail first and take the weight off our servers here.’ They did. Eircom Net business e-mail protector provided the perfect solution to the NEWB’s problem.
Each incoming mail is scanned as it arrives, any virus is removed and a virus-free version of the mail drops into the client’s inbox. Because it’s not a desktop product, there’s no installation, nor are there updates or upgrades to worry about.
All security settings are adjustable. Spam can be either labelled as such or blocked completely depending on individual settings. You can view your own e-mail statistics and change security settings to suit your individual needs via a secure web interface. ‘Obviously, though we wanted security, we didn’t want the route so tight it was going to block and delay email people were used to receiving quickly,’ notes Ryan.
A pilot run for a week convinced staff that it was the best way forward. ‘The viruses and spam were obviously still trying to hit us, but we didn’t have to deal with and administer them. This alone made it cost-effective for us. We knew this was a product we could use.’
But does remote scanning cause unacceptable delays in e-mail delivery? ‘No. It might have added around 30 seconds on to delivery time, but people don’t really notice that,’ replies Ryan. ‘We’ve tested it ourselves and it’s less than a minute.’ Meanwhile, the product has freed up IT resources to concentrate on servicing the organisation’s core activities. ‘We take virus and spam protection seriously. We virus check all our mail before it goes into our exchange box, which is before it even gets delivered to the user. Even if a mail got through Eircom, we would scan it again internally, however, since we have used Eircom’s service, literally nothing has got through,’ concludes Ryan.
Panel Checklist
Top 10 Network Security Tips for the Small Business
1. Use a firewall
2. Install reliable anti-virus software and update it regularly.
3. Download regular security protection updates
4. Don’t open e-mail from unknown sources
5. Secure your remote access
6. Invest in a good anti-spam software
7. Develop a system for secure passwords
8. Protect your network from internal attacks
9. Install a total solution
10. Back up your computer data
Tips provided by Commtech www.commtech.ie
10/01/05
Subscribers 0
Fans 0
Followers 0
Followers