TECH TIPS
Securing the mobile PC -- Windows 2000 style
Adesh Rampat
09.14.2001
Rating: -4.00- (out of 5)
Securing the mobile PC -- Windows 2000 style
By Adesh Rampat
Mobile computers are a security nightmare. They can be lost or stolen
easily, and then their data is available to whoever happens to pick
them up. Worse, they might have an installed connection, such as a
VPN, right into your corporate network. Here are some ideas that will
help plug that security hole.
Got a Windows security tip of your own? Why not send it in? We'll
post it on our Web site, and enter you in our tips contest for some
neat prizes. Submit your tip today.
You may have some mobile Win2k users who need a higher degree of data
protection than their non-mobile counterparts. Whether applied by the
user or an administrator, here are some major security features that
can be applied to protect data on a mobile computer.
Apply NTFS permissions
Data security on a mobile computer can be enhanced through the use of
NTFS permissions, which allow/restrict access to files/folders on the
installed hard drive. When applying permissions, however, be careful
about granting permissions to group everyone.
User accounts
Make sure that mobile computers only have one user account (excluding
the administrator and guest accounts). The fewer people who have
access to the information on the mobile computer, the better.
Also, the Windows 2000 username should not be the name of the current
user; it should be some other name that isn't easily
guessed. For example, instead of John Doe, try jdoe5521 or doej2155.
These are fairly easily doped out, but not as easily as johndoe.
Rename the administrator account
Rename or disable the guest account
The only time anyone should use the administrator account is when
performing administrative tasks such as software installations. If
the current user needs to grant temporary access to another user,
then log on as administrator, and create a temporary account for the
new user. Be mindful of the permissions granted in this case, and
remove the account as soon as possible.
Encrypted file system
An excellent security feature that can be used in the protection of
data is Windows 2000 encrypted file system. File encryption prevents
data from easily being available to an unauthorized user. Here's how
to encrypt the contents of a folder:
Right click the file or folder.
Click on Properties.
On the General Tab click Advanced.
If the "Compress Data to Save Disk Space" box is checked, clear it.
Files or folders that are compressed cannot be encrypted.
Check the box that reads "Encrypt Contents to Secure Data"
Click OK to confirm
The Windows help files contain more information on encrypting folders
and files.
Service pack updates
Service pack updates can play a major role in data security when used
in conjunction with the above-mentioned security procedures. Visit
Microsoft's Web site periodically for any new service pack updates.
If your notebook users are remote from your location, then you should
establish a notification procedure to remind them to get new service
packs/updates.
About the author:
Adesh Rampat has 10 years of experience with network and IT
administration. He is a member of the Association of Internet
Professionals, the Institute for Network Professionals and the
International Webmasters Association. He has also lectured
extensively on a variety of topics.
Related book
Maximum Windows 2000 Security
Author: A Anonymous
Online Price: $49.99
Publisher Name: SAMS Publishing
Date published: Oct. 2000
Summary:
Written by the same anonymous hacker who wrote the best-selling books
"Maximum Security" and "Maximum Linux Security," this Windows-focused
edition reveals the holes and weaknesses that compromise Windows 2000
security and how to fix them. It teaches practical, pre-emptive
countermeasures against tricks and techniques employed by hackers.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
