Summertime System Security
Discuss the article at Agnitum blog
Right now, summer is in full swing; the warm weather and the opportunities to go to the beach and have fun make it all too easy to forget about routine tasks and day-to-day chores at home - and on the PC. These days, we take our laptops to faraway places to blog about our trip and download photographs from our cameras. But just because we’re on vacation, we shouldn’t forget about security. No-one wants their holiday memories to be wiped out by a worm or their bank accounts raided by a hacker - and logging in to one insecure WiFi network or trusting your hotel’s wired network could easily cause something like that to happen and spoil the whole summer. Or you just get distracted and leave your laptop behind in a café or on a train - and of course it is gone before you know it.
Here are some practical tips to help you keep your computer secure and your confidential data safe from prying eyes over the summer.
Physical data protection
Here are some of the points you should remember and try to address whenever you’re traveling with your laptop:
Use BIOS password protection
The BIOS (Basic Input/Output System) is responsible for all hardware operations of your computer before any subsequent OS is started; it starts up the minute your computer is powered on. It loads before Windows and is installed on your PC at the factory. There is an option in the BIOS of almost any computer sold today to prompt for a password during the boot process, so that the computer will not start if a valid password is not supplied. Turning this option on and selecting a unique password is a simple way to prevent thieves from accessing your data if your computer is stolen. You can access the BIOS menu by pressing “Del” or “F4” or “F10” (depending on the notebook model) during the boot process; check your computer manual for more details.
Make sure that all user accounts are password-protected and use a strong password for the Administrator account as well
It’s important that all the registered accounts on your computer are password-protected. It’s easy to forget to set an extra-strength password for the Admin account, but this is the one that really needs strong protection, because it gives access to all the accounts on the PC. Account passwords can be re-set from the Local Users and Groups menu of the Computer Management console (to get there, go to Control Panel=>Administrative Tools=>Computer Management=>Local Users and Groups =>Users):
Use the NTFS file system instead of FAT32
NTFS was designed to withstand system failures, and it enables you to lock access to specified folders and disks, preventing unauthorized users from viewing or copying them. NTFS supports other security and audit features such setting quotas for disk space, usage events logging and others. Today’s laptops come preinstalled with NTFS, and if it’s not the case with your machine, I’d advise you to apply for professional service or leave it all there because experiments with existing data structures are fraught with risk. General recommendations are that you don’t convert your existing drives that store critical data (documents or the default Windows system drive), while feeling free to convert all vacant drives to NTFS format and then moving data you want to protect there and setting up permissions. You can do so with the help of Windows’s Disk Management Utility of the Computer Management Console mentioned above and standard Windows Explorer to assign policies.
Back up your critical documents and data
Windows lets you burn any file or folder to a CD or DVD to backup your critical data and leave it at home while you’re traveling. Another utility, System Restore, is useful for backing up your current Windows settings so that if they crash, or the system starts operating erratically, the tool will automatically (or manually) roll back all settings made since the snapshot was made to the last successful state. You can access System Restore by typing %SYSTEMROOT%\system32\Restore\rstrui.exe at the Run command. There are third-party utilities available to do this, too, such as Acronis True Image 10.
Use common sense!
Don’t forget the simple thing like not leaving your notebook in unknown places, never lending it to someone you don’t know or trust, or turning off your computer when it’s not in use. You can always put a temporary lock on your PC by pressing a combination of the <> and <> keys when you need to briefly step out.
Here are some additional measures you might want to consider:
Drive encryption encrypts all the data on your hard drive so that only the authorized user can access its contents. This is very secure but has one drawback: if you lose or damage your key, the data will be rendered useless because there is no way it can be decrypted. Encryption on the fly takes up processor and disk resources and may only support a narrow range of compatible hardware. Still, it is a powerful tool and you can experiment with it if you’re not faint-hearted. Windows Vista Ultimate includes a drive encryption utility called BitLocker. If you try this and want to share your knowledge with others, please post your experience to our blog.
Sign up for a laptop tracking service
There are commercial services that will trace your computer if it is lost or stolen. They work by deploying special software or embedding a tracking chip inside your computer that connects with the tracking company’s base station and reporting the laptop’s current location, provided the computer is turned on and able to access the Internet. I’ve heard of lucky notebook owners who have succeeded in getting their laptops back using these systems, so you may want to check out a few.
Although the recommendations mentioned here are valid for any type of user or network environment, it’s useful to remember these points whenever you expect to connect to the world’s biggest network, the Internet.
- Never open any downloaded file without scanning it for viruses, worms, and spyware.
- Always apply the security updates for Windows and other Internet-enabled applications as soon as they’re available.
- Make sure you use wireless networks securely - check out this article for some reminders.
- Try using a VPN to secure mobile connectivity
- If your ISP allows, opt for secure alternatives to insecure protocols. This means use HTTPS (secure) rather than HTTP, SFTP rather than plain FTP, POP3S rather than plain POP3 mail protocols.
- Install a firewall with bidirectional filtering of network traffic, Host Intrusion Protection, attack detection and automatic blocking, and protection against local network intrusion (as in a case of a hacker intercepting your email). Of course, Outpost Firewall Pro has it all :)
- Use a program that scans Internet sites for possible malicious content or software exploits and automatically blocks access to them.
- Conduct credit card transactions only with trusted organizations, learn how to spot phishing attempts, and make sure you enter personal information only on sites that support the HTTPS protocol (web browsers show this functionality with a padlock icon in or near the address bar). Check security certificates on web sites and ensure they belong to the companies whose names are on the sites).
This was just a short piece to remind you of some basic safety precautions to take when traveling with your laptop. I hope you’ve found it informative and useful. Try to adopt a couple of important points from it, then pack up your things and Bon Voyage!