Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to protect your computer?

Posted on 2005-04-24
5
Medium Priority
?
170 Views
Last Modified: 2013-12-04
Folks,
I have three machines that I have on 24x7.  I log into these machines using Remote Connection.  

I am concerned about security of files and the fact that at present anyone who restarts the machine has full access to everything.

Can anyone suggest a good method of security?  I cannot have anything on boot up as these machines are restarted remotely.  In a sense I am looking for the best Server Security plan.

Thanks
Angus
0
Comment
Question by:amacfarl
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13858307
A firewall is by far the best first step. XP's firewall is very good at blocking new traffic- if not using xp then you can DL the free version of ZoneAlarm, however you can't make many exceptions, rather there aren't many ports you can open on the free version. Sometimes DSL and Cable provider's modem's have firewall settings also that you can use and they are also effective at blocking traffic.

If your unable/unwilling to use a firewall, then you may consider turning off certain services and portocols to secure your pc's. If your PC's do not need to access network shares, printers, or other PC's then you can turn off the "Server" service on them. This will keep anyone from connecting to the typical M$ port's of 135/139/445 and gaining possible access to the pc's HD and or registry. You should also turn off the "Remote Registry" service. To keep the services off, set them to Disable in the Services control panel in computer managment. RemoteDesktop will still function with these services turned off. You can also turn off the "Client for microsoft windows" protocol in the NIC properties, as well as the file and print sharing protocol IF your pc's do not connect to shared printers, or a windows lan, or other windows pc's. FTP and HTTP etc... will all work, but you will not be able to connect to other windows boxen, or shared printers. Directly connected printers (via usb or serial port) will still function but cannot be shared with others.
-rich
0
 
LVL 2

Author Comment

by:amacfarl
ID: 13858482
Hi Rich,

Thanks for your thorough answer - it is much appreciated.

Concerning my issue re security, I think I was not clear enough in my question.  I have no issue with protecting the system from online attacks and so forth.  My main concern is around protecting the machine via physical attacks.  For example, if the machine is stolen?

Now, I am aware that if a machine is stolen any person with half a brain cell can overcome screensaver, boot up, power on, windows passwords etc.. through plugging a HD drive into another machine.  Hence I am looking for a better way to protect the data.

The issue I see is concerning encryption.  If I encrpty everything on my server HD, it will have an impact on performance, but be open door if machine is stolen (and visa-versa) - Catch 22 really.

I have even thought of leaving the server unlocked and writing a program that deletes all files if the user does not enter in a password within 2 minutes of boot up. The issue is that it only takes one person to forget and you  have lost a whole pile of data!!!

0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 13859054
There are quite a few different approches one can take to secure their data, encryption being the main one. As your aware, with physical access, most methods of protection can be twarted with realitve ease. Encryption is a great form of protection and depending on which application you use, your data may be more secure than with another application. With current hardware encryption isn't much of a strain on the CPU and or memory. M$ EFS for example is decent at protecting data, but there are a few holes in it's design that make recovery moderatly easy, such as if someone reset the local admin password they are very likely to be able to recover, as well as the fact that EFS creates a Plain-Text version of files/folders when encrypting, then deletes this temp file/folder- but that plain-text version is easily recovered using even the free "undelete" utilities available. M$'s EFS is also "transparent" encryption/decryption, there is no prompt for a password, it's using a user account (not the password of the account) as the credintials for encryption/decryption- this is why I said that with a password reset of the local admin pass the data is likely to be recoverable. You can export your encryption keys to floppy or cd etc... but there are still tools that can recover them.

PGP is probably one of the strongest choices for data encryption, it encrypt's in memory and never writes data in plain-text to the HD as M$ EFS does, as well as using some of the strongest crypto around. Recovery is near impossible, even in an unrealistic time frame. There are also plenty of free and pay encryption utilities that do not suffer the same flaws as M$'s EFS that can work, and most are also very difficult to recover the data with, as there are not automated tools to help with the recovery for most.

Again, with modern hardware, encryption isn't much of a preformance hit, at least not a noticable one in my experience. I also recommend Steganos Security Suite, it's cheap, like 40-50 bucks, and offers a varity of encryption options, and the preformance of your machine will not suffer. http://www.steganos.com/?product=sss7&language=en&layout=web2005

The protable safe feature may be of interest to you, you can encrypt data on USB drives/memory CD or DVD.
If your looking to protect data, I'd advise you to back it up encrypted regularly. While the self-destruct method you've devised would work for the most part, the data is still there, trust me, it's just been "deleted" from the File Allocation Table, and the sectors that contained the data are still there with the data, there are just no convient pointers to the data. A free undelete util, or even better a pay version of say OnTrack's programs, would find and recover the data in no time. Enctrypted data is much safer, and even if "undelted" would still have to be cracked, and that would take far too much effort for even the NSA. So again, encrypt the valuable data, and back it up if possible. Lot's of people are taking advantage of the free space the hotmail and Gmail are providing for free to back up data. Gmail is now 2gig's of space and will accept an attachment of 20megs. There is also a program called 7Zip that has great compression and encryption protection, so you can get more files in an attachment by compressing it, and even encrypting it a second time.
-rich

0
 
LVL 2

Author Comment

by:amacfarl
ID: 13859857
Rich,

Wow - What extremely thorough and complete answer.  I cant thank you enough.

Awarding you 500 points seems small token of thanks.  More is diserved



0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13860430
Np, thank you and GL!
-rich
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question