How to protect against data theft while connected to the internet?

Hi

we have one PC with sensitive data files. Only one admistrator is using this PC. The PC is not connected to an internal network. However it is connected to the internet for web browsing and email access. The question is how we can prevent outside hackers get access to the PC and to steal the sensitive data files.

We use the Avira Premium Security Suite for antivirus, malware and firewall. But I don't know if this gives me a high security standard.

What else can be done to have a professional, highly secure environment?

Thanks!
SergeGAsked:
Who is Participating?
 
TolomirConnect With a Mentor AdministratorCommented:
With any given antivirus / antimalware software about 40% of malware is blocked for details check http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Requirement 5 (Use and regularly update anti-virus software) can be directly mapped to the high frequency of malware used to
compromise systems and data. Sure, over 60% of malware is customized and not likely to be detected by AV, but that means
about 40% stands a decent chance of being recognized. Who doesn’t want a 40% reduction in risk?


Whenever possible I would not allow direct Internet access from that computer.
additionally an administrator should not work with administrator permissions on a computer with sensitive information.

Also you should upgrade to windows 7 for additional security, especially when still running windows xp.
With Windows 7 enable UAC and set it to maximum.
If possible store the sensitive information in a secured container running a tool like truecrypt and open that container only when needed.

Tolomir
0
 
ngcmosCommented:
Well basically you want to obviously watch what sites you go to and download. But sometimes we let our guard down. So you want to take preventative measures. Kaspersky anti-virus is what we use for our clients and have never had a problem. Also you want to have passwords for users and such to have a high complexity aka using numbers, special characters, and both lowercase and uppercase letters. as well as be longer in length. Requiring the password to be changed every so often helps as well. We also highly recommend getting a high end firewall so you can monitor the incoming traffic and block various ip addresses and such
0
 
NuttingCDEFCommented:
To answer this properly I'd want to know (in general terms) what sort of files these were / how they were used.  If this is used as a standalone machine it probably implies that the logged on user is the only one who ever creates / edits / views / uses these files -if not, who does? I agree that that any web browsing / email activity carries some risk (do all the firewall / anti-virus / malware stuff but don't assume it is 100%), I'd want to add a layer of protection to the files themselves.  For example, Word / Excel files can be password protected / encrypted (using the strongest encryption available and yes, educate users to use really strong passwords) so even if the machine is compromised and the files are stolen the data they contain is still secure - and do make sure you have a strong backup strategy as well.  The Truecrypt suggestion is also good.  Maybe also see if you can arrange multiple user accounts - so user A can browse the web / use email etc. (but is prevented from accessing the files by file permissions / ACL) and vice versa for user B.  Neither should have administrative permissions for the machine.  And yes, do use Windows 7 or Server 2008 for the extra UAC protection.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
SergeGAuthor Commented:
Thank you all for the answers. I plan to go with the following configuration:

1. Windows 7 (always updated)
2. Avira Premium Security Suite (always updated)
3. Beside the adminstrator account create an user account with UAC set to its maximum.
4. Use TrueCrypt to store the sensitive data and open it only when needed.

Here are some more questions:

q1. How important is it to setup an user account beside the adminstrator account?

q2. Is it helpfull to scan the computer e.g. once a day with several antivirus and anti-malware softwares beside the Avira software? Will this increase the 40% mentioned by Tolomir?

q3. What about a high-end firewall as ngcmos suggests? Is this a hardware firewall? Is this much better than the Avira firewall or the Windows firewall?

q4. I would like to use TrueCrypt to store the sensitive data only. This would be the most convenient for me. Or would it be better to use Windows BitLocker to encrypt all drives of the computer?

q5. What settings should I use in as adapter settings of my Ethernet adapter (Local Area Connection Properties). What protocols should I disable? How should I set up the TCP/IP to be on the secure side?

Thank you very much for your help!

0
 
TolomirAdministratorCommented:
q1, very important, a user account has no permissions to install services.
q2, use a 2nd tool like ww.prevx.com with reatimescan to get a second opinion. You will not the user to scan a system manually daily....
q3, high end is always hardware, so it cannot be compromized by a user or application
q4, truecrypt should be sufficient, keep in mind that when truecrypt has opened a container and it is mounted as volume everyone with access to the computer has access to the data, usually no issue with just one user working on that workstation, just as heads up
q5, don't change it, there is no security issue involved at least with windows 7
0
 
SergeGAuthor Commented:
Tolomir,

thank you very much for the detailed answer.

regarding q3: How important is a hardware firewall? Any special guidelines to set it up?

Thank you very much!
0
 
SergeGAuthor Commented:
Sorry, one more question:

If I should use a hardware firewall can you recommend any manufacturer or product?

Thanks a lot!
0
 
younghvCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.