Often even the most remarkable security measures are rendered inefficient due to certain human blunders. For instance, imagine that you encrypted your files, applying a 20-character password. Depending on the complexity of the applied algorithm, a brute force attack can be very time-consuming (decades, centuries or even millenniums). Even though it seems extremely secure, it can turn out to be useless if someone is doing a video-recording of the keyboard while you type the password. Keyloggers and spyware are another category of 'privacy compromisers'. There are plenty of other factors that also need to be taken into account, and these and other main principles of computer security will be discussed in this article.
List of Measures
Disable boot from portable media (CD, floppy, external HDD, flash drive) or network
- Password protect the BIOS
- Lock the case
- Restrict physical access to the case
- Avoid applications that are known to contain spyware components
- Restrict access to the archives of the surveillance equipment
- Encrypt network traffic
- Monitor all the access points to your LAN, ensuring nobody can hook up and sniff the traffic
- Use different passwords
- Use multifactor authentication
Disable boot from portable media
The security of your OS can easily be circumvented by the aid of certain tools. Some grant access to the file-system without the need for logging in. Others either reset the administrator password to a blank one, or are able to brute-force it.
Usually these utilities are launched from bootable removable media. If someone can boot from such media, your files can be accessed in your absence.
If you want to protect your PC, you should disable all the boot devices apart from the primary hard disk of the system.
Password protect the BIOS
If anyone can access the BIOS of your computer, the 'first boot device' setting can be changed; and perform the actions described in the previous section.
We suggest you read the Tips section at the end of this manual to learn how to choose a good password.
Lock the case
Even if the BIOS is protected, its settings can be reset by removing the CMOS battery from the motherboard. Most modern computers have a special reset jumper, which makes it even easier.
Laptop owners have less concerns, as opening such a computer requires more technical skills. Even after opening the laptop, the BIOS can, in some cases, be reset only by replacing certain chips on the motherboard. This makes the procedure much more complicated, but not impossible.
Restrict physical access to the case
If your computer is under permanent observation, this is not necessary. However, if you often leave it unattended, a person can open a locked case in a few minutes, simply by using "primitive" tools such as a hammer, screw-driver or knife.
Once that is accomplished, the BIOS settings can be changed. (Read the previous paragraphs to see the potential consequences of that).
As the Internet grows, its role in our lives increases, and so does its potential for harm. An inexperienced user is exposed to a wide range of risks from the moment he/she is online. Hackers use the deficiencies of the popular operating systems in order to install malicious applications on remote computers, without the need to have physical access to them. To protect yourself and your PC, you need to know something about the basic principles of computer security and spyware.
A keylogger is an application that records all the keystrokes and stores them in a file, which can later be sent by email, or uploaded to a server. Such a file contains passwords, personal data, credit card numbers, and so on.
Other spyware can keep track of the sites you visit, the music files you listen to, the movies you watch, etc.
The best solution is to only download software and files from trusted sources. Additionally, you should keep your firewall and antivirus programs up to date.
Restrict access to the archives of the surveillance equipment
In case there are cameras mounted on the walls of your office, you need to keep in mind that they may capture the moment you type in your passwords. A person watching the recordings could easily figure out what your password is, or at least see which characters are used (making a brute-force attack much more efficient).
To avoid that, make sure that the cameras are not focused on the keyboards, or that only trusted persons have access to the surveillance materials.
Encrypt network traffic
The majority of network applications do not encrypt the traffic they generate.
Imagine that your mail client sends the password in plain text when the server requires your authentication. A person can use a sniffer to capture that information. Once your password is known, someone can send messages on your behalf, or access your email archive.
Choosing software that does not allow the unencrypted transfer of sensitive data is the solution to such problems. Protect your PC by reading the specifications of the products before buying them.
Monitor the access points of your LAN
This is a very important aspect and one of the main principles of computer security. Whether your network is wireless or wired, you have to ensure that nobody can connect to it without permission.
If this cannot be controlled, a delinquent can connect without any barriers. In this case, all the network traffic is likely to be sniffed.
Use different passwords
Using the same password everywhere is a mistake that most of us are guilty of making.
Picture the following situation: you have two email accounts, an ICQ account, one computer at home, one at the office, and a handheld device. All of them are protected with the same password.
Imagine that certain circumstances forced you to connect to ICQ from a computer in an Internet cafe. Public terminals are beyond your control, hence you have no idea whether there might be spyware running on them, or whether all necessary security measures have been taken. In this case, your ICQ password is likely to be recorded somewhere.
If that happens, then all your accounts\computers become unprotected, even if you followed the guidelines mentioned in this manual.
This threat could have been minimized if you used different passwords.
If your memory is not your strongest point, we have the solution – multifactor authentication. You can store your passwords on a USB key or a smart card
Use two and three-factor authentication methods
This is the most secure, reliable and cost-effective solution that can be offered by a security product. Some of our proposals are Dekart Logon and Dekart Private Disk Multifactor.
Your business can easily start working with this new system, due to the fact that our products act as a transparent layer between the OS and the end-applications. Users do not need to change the way they work with Windows or protected files, or waste time adapting to the new software – they simply start working in a safer and more convenient environment.
The idea behind two and three-factor authentication is that more than one factor is required for the authentication to succeed.
For instance, Dekart Logon can enhance a password prompt with the requirement to plug in a key-disk (a smart card, USB token or USB flash disk) into the computer. The information stored on a smart card is protected by the user-defined PIN code. The number of incorrect login attempts is limited; the card is automatically blocked if this number is exceeded. Therefore, a stolen key-disk does not compromise you in any way. Security can be further improved by the use of tokens with biometric identification (fingerprint validation, retina scan, voice recognition).
Such methods make undesired access virtually impossible. If one of the elements is missing, authentication fails.
The password on a key-disk cannot be brute-forced (due to the limited number of attempts); your biometric features are unique and they cannot be forged. These two elements form an indestructible barrier, and they play a crucial role in making multifactor-authentication significantly better than a usual password. In conclusion, multifactor identification is based on
that you know (password/ PIN code)
- something that you have (key
storage device – smart card/USB token/USB flash disk)
that you are (unique biometric characteristics)
Multifactor authentication pushes the concept of security to a new level.
- How do I choose a good password? Which guidelines should I follow when creating a password?
First of all, a password should be at least 8 characters long. Combining small letters and caps is a good idea. Adding special characters will make it even more brute-force-proof. Of course, such a password is difficult to remember, which is why most of us decide to use only small letters.
In that case, make sure that your password matches the following criteria:
- It is at least 8 characters long
- The characters are not repeating
- It is not something that can be easily guessed (i.e. your child's name, the brand of your monitor, your favorite color, etc)
- Use encryption software to store valuable documents
This is the only way that guarantees 100% safety even if someone manages to break your user password and log into Windows with your account.
Dekart offers a broad range of solutions that can meet anyone's needs:
- Private Disk Light – free AES 128-bit disk encryption software with all the features needed to build a decent protection.
- Private Disk – a smart and flexible disk encryption software with stronger protection (AES 256-bit) and useful features to meet the demands of any advanced user.
- Private Disk Multifactor – for those who want to offer their sensitive data the highest possible level of protection.