0101 0000 0100 0011 0010 1011 0101 0100 0111 0010 0110 1111 0110 1110 0110 1001 0110 0011 0111 0011 0010 0000 0100 1001 0110 1110 0110 0011 0010 1110 0101 0000 0100 0011 0010 1011 0101 0100 0111 0010 0110 1111 0110 1110 0110 1001 0110 0011 0111 0011 0010 0000 0100 1001 0110 1110 0110 0011 0010 1110 0101 0000 0100 0011 0010 1011 0101 0100 0111 0010 0110
Computer Best Practices (CBP)
Note: In all of the following articles, I will be focusing on the Microsoft operating system, since this is my area of expertise. I’m sure that the suggestions and methods discussed here can be applied to any of the other operating systems in general, but for our purposes, we will only be looking at the Microsoft platforms.
So today, we will continue to talk about “Computer Best Practices” in helping you to secure your personal computer whether at home or at you business. For our discussion about your business, I am referring to ones that do not have their own IT support personnel and where they should already be well aware of methods in securing and supporting the corporate computers and networks.
Over the years I’ve noticed more times than not that there are sticky notes pasted on the monitor or desk with the login name and password close by or worse yet, no password for login. It makes it easy to login or should I say, too easy. So when we are talking about security, how easy would it be for someone in your office to come by and login to your system? You may think that there is nothing to hide and that we are all employees and have full access to any file concerning the company. But lets go a step further and think about if one of your clients or a friend who comes by for a visit just to chat and you were called away for a few minutes or had to use the washroom. Would you like to have someone browsing through your emails or documents? Of course not! It’s just like if we left for work every morning and did not lock the front door of the house thinking that no one will ever come in and steal anything. Pretty naive, isn’t it? Also keep in mind that not all employees are as honest as one would like to think they are. So what are some of the ways that we can secure our data and make it harder for someone to casually snoop.
CBP Rule #6:
Secure Your Passwords. Do not leave any passwords on your monitor or desktop for an easy break-in. And always use a password with letters, numbers and a special character if you can. Remember, this is just like the key to the front door of your house. Don’t use your name, birthday, or something that one can easily guess at. Some IT professionals suggest that you move your fingers from the natural position on the keyboard either one row up, down or to the side and type in your key password. Others suggest that instead of using letters such as “e” use the number 3 or the letter “L”, use the number 1 instead etc. Whatever your method, make it hard to guess but keep it simple enough for you to remember. To help you to remember, keep a copy of your login password in your brief case, purse or hidden in a way that only you know where it is.
CBP Rule #7:
Use a Password on your Screensaver. If you happen to be called away from your desk, Windows offers a quick way to lock your desktop by using the “Windows” button together with the “L” key. Hold the Windows button down and also type in the L key and it will lock you desktop. To unlock, do the Ctl-Alt-Del key-in and then login; it will take you back to exactly where you left off. Also set your screensaver to ask for a password “On resume, password protect” or similar message checked on. As a side note, the other useful Windows key is with the “D” which will minimize your screen. This is really useful when someone walks into your office and you are in the middle of writing a private or sensitive document and you don’t want them to see your screen. To bring it back, use the Windows key again with the “D” letter and it will bring you back to where you left off. (I have capitalized the letters L and D for easier reading but they do not have to be in upper case for this to work)
CBP Rule #8:
Change your passwords frequently. It is a wise idea to change your passwords occasionally. No, this is not to make it harder for you to use your system, rather this is making it difficult for someone other than yourself to break into you computer. Remember, we are trying to harden your system against outside infiltration. A good rule of thumb is to change your password every 60 days or so. Some institutions like to change passwords even more often, but you can be the judge on how often you want it to change, just do not use the same password year after year. And as an added note, try not to use the same password every second or third time. Be creative! As an example, an IT administrator in a typical large corporation which have servers and domain controllers can set up his system on a corporate network for all the workstations to automatically require all users to change their passwords with certain rules such as minimum password length, special characters to use and an expiry time limit. But this is another subject and we are focusing on the average home user or small business without any kind of a server or domain controller attached to your network.
CBP Rule #9:
Administrator vs. User mode. We are now going to go a little deeper into Windows in securing your system and this is where I’ve noticed where a lot of computer systems can be compromised. This applies to the PRO versions of Windows 2000, XP and Vista. If you are using XP-Home, you have limited capability in this area. (There are other variations in between Administrator and User modes, but we will discuss these two as they are the most common) For most day to day usage, we should always be logged in a “User” as opposed to “Administrator” modes. The Administrator mode should only be used when we need to make changes to the operating system, to install new programs or for general maintenance. Other than that, we should be logged in only as a User or Power User. Microsoft refers this to being logged in with the least privileges as possible while still being able to use the system for day to day operation. There is good reason for not always being logged in as an Administrator. Lets take for example that we are logged in with Administrator privileges and we just went to a malicious web site that can install a virus or Trojan without your knowledge. It will now have full access to your system because you are logged in with Administrative privileges, whereas if you were logged in with lesser privileges, the virus or Trojan would not have full access to your system files and in effect, mitigating some of it’s harmful effects. This is not to say that we do not have to use an anti-virus program if we login with lower privileges, but this is another roadblock that the virus or Trojan has to overcome. Remember, we are trying to make it as hard as we can for a virus, Trojan or whatever will come up next to take over your system. This is called “hardening” your system. The Vista OS has added another layer, so to speak and that is when a program wants to install itself on your system even if you are logged in with Administrator privileges, it will ask for the administrator password again before continuing. This will alert you that we are about to install a program on your system and ask for confirmation rather than installing itself possibly without your knowledge.
I hope that you implement most if not all of these Computer Best Practices. As we mentioned before, this is not to make it difficult for you to use your computer, rather it is to make it difficult for someone else to take over your system to either gather personal or company information or to use it maliciously. We are trying to “harden” your computer just as you try to harden your home from vandals and thieves by locking doors, windows and using alarm systems.
In the next chapter, we will talk a little about securing your data and using backups.
No endorsement of any third party products or services is expressed or implied by any information, material or content referred to on, or linked from or to this Web site. Hypertext links may be provided as a service to users and are not sponsored by or affiliated with this Web site, unless otherwise noted. The links are to be accessed at the user's own risk, and the authors of this Web site make no representations or warranties about the content of these links. No other party or entity has approved or endorsed the materials presented at this Web site. All statements and points of view are those of the authors.