Angus
asked on
How to protect your computer?
Folks,
I have three machines that I have on 24x7. I log into these machines using Remote Connection.
I am concerned about security of files and the fact that at present anyone who restarts the machine has full access to everything.
Can anyone suggest a good method of security? I cannot have anything on boot up as these machines are restarted remotely. In a sense I am looking for the best Server Security plan.
Thanks
Angus
I have three machines that I have on 24x7. I log into these machines using Remote Connection.
I am concerned about security of files and the fact that at present anyone who restarts the machine has full access to everything.
Can anyone suggest a good method of security? I cannot have anything on boot up as these machines are restarted remotely. In a sense I am looking for the best Server Security plan.
Thanks
Angus
ASKER
Hi Rich,
Thanks for your thorough answer - it is much appreciated.
Concerning my issue re security, I think I was not clear enough in my question. I have no issue with protecting the system from online attacks and so forth. My main concern is around protecting the machine via physical attacks. For example, if the machine is stolen?
Now, I am aware that if a machine is stolen any person with half a brain cell can overcome screensaver, boot up, power on, windows passwords etc.. through plugging a HD drive into another machine. Hence I am looking for a better way to protect the data.
The issue I see is concerning encryption. If I encrpty everything on my server HD, it will have an impact on performance, but be open door if machine is stolen (and visa-versa) - Catch 22 really.
I have even thought of leaving the server unlocked and writing a program that deletes all files if the user does not enter in a password within 2 minutes of boot up. The issue is that it only takes one person to forget and you have lost a whole pile of data!!!
Thanks for your thorough answer - it is much appreciated.
Concerning my issue re security, I think I was not clear enough in my question. I have no issue with protecting the system from online attacks and so forth. My main concern is around protecting the machine via physical attacks. For example, if the machine is stolen?
Now, I am aware that if a machine is stolen any person with half a brain cell can overcome screensaver, boot up, power on, windows passwords etc.. through plugging a HD drive into another machine. Hence I am looking for a better way to protect the data.
The issue I see is concerning encryption. If I encrpty everything on my server HD, it will have an impact on performance, but be open door if machine is stolen (and visa-versa) - Catch 22 really.
I have even thought of leaving the server unlocked and writing a program that deletes all files if the user does not enter in a password within 2 minutes of boot up. The issue is that it only takes one person to forget and you have lost a whole pile of data!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rich,
Wow - What extremely thorough and complete answer. I cant thank you enough.
Awarding you 500 points seems small token of thanks. More is diserved
Wow - What extremely thorough and complete answer. I cant thank you enough.
Awarding you 500 points seems small token of thanks. More is diserved
Np, thank you and GL!
-rich
-rich
If your unable/unwilling to use a firewall, then you may consider turning off certain services and portocols to secure your pc's. If your PC's do not need to access network shares, printers, or other PC's then you can turn off the "Server" service on them. This will keep anyone from connecting to the typical M$ port's of 135/139/445 and gaining possible access to the pc's HD and or registry. You should also turn off the "Remote Registry" service. To keep the services off, set them to Disable in the Services control panel in computer managment. RemoteDesktop will still function with these services turned off. You can also turn off the "Client for microsoft windows" protocol in the NIC properties, as well as the file and print sharing protocol IF your pc's do not connect to shared printers, or a windows lan, or other windows pc's. FTP and HTTP etc... will all work, but you will not be able to connect to other windows boxen, or shared printers. Directly connected printers (via usb or serial port) will still function but cannot be shared with others.
-rich