This forum requires Javascript to be enabled for posting content
Here's something for your consideration: how secure is your machine? We all concentrate on firewalls and routers and NAT and anti-virus and anti-spyware, but there is a basic part of security that most people overlook.
If someone has physical access to your machine, then all bets are off.
Sadly, a password isn't enough of a deterrant once physical access is gained (ever wonder why office servers are kept in a locked room?).
Just something to keep in mind.
For a normal home user is that so much of a problem? I know that I keep my machine in my room, and my parents and brother have no way of getting on it because I simply lock the machine every time I leave. A password is easy enough in a home situation for most people, and even in a work situation, I don't think it's a big deal generally. On a work computer for instance, there is usually a tech services department to fix any problems that someone could cause if they had access to your machine, it's not your problem really. For most people, the only information that someone could get at on a work computer is work related things, so your personal stuff is still safe. Again, it's the problem of the place you work, not your problem. At home is the only place where things are at risk like banking information and personal emails etc. And at home, most people are kept out by a password. Even a criminal who breaks into your home isn't much of a risk, chances are that a petty thief won't have the technological knowledge to hack through a well thought out password. If someone is technologically oriented, they won't break into your house to steal data from your machine, they will do it online.
In my humble opinion, the only risk to your machine really, is online, and just keep strong passwords for the rest. Strong passwords, a good router (firewall) and an AntiVirus is all I use. I just keep Vista's built in firewall because I have a strong router so I don't worry too much.
Matt
A password is easy to get around. I have a CD that I can pop in, boot from, and change every password on a Windows machine. Mac and Linux take a little more work, but given enough time, the password alone isn't enough. Physical access to the machine means all bets are off. Boot disks are an easy way to get around security.
No, most thieves won't have the technological know-how to do anything malicious, but they may just take your whole computer and figure it out later, or take it somewhere else for cracking.
I don't know how much experience you have working, but there is often as much or more personal information kept on a work computer as on a home computer.
Just something to keep in mind is all, not trying to scare anyone. (I've seen people leave their laptops on the table at a cafe' and go to the restroom (or somewhere else). A password is not enough protection in that situation).
Sorry, I guess I may just be showing my lack of knowledge... I don't have any experience in the work force, although I know that for any school set up account I have had, I didn't use it at all and used a flash drive for all my data, I didn't want things left on a server where anyone could see what I was doing. That was also partially because our IT guy at the school was an idiot and had no idea what he was doing, we spent a significant portion of last year complaining because he would block random sites (Google was blocked for a few weeks, the homepage!) and even the school's own website was blocked for a week or so, and he had no idea how to keep things secure, I was able to browse into teacher's account, not hack but browse through Windows Explorer.
Anyway, that's totally not the point here! You'd have a pretty hard time getting onto my computer even with password changing. Here's what I've done because I have done it to other people (with their knowledge, I don't hack) and I wanted to make sure no one could do it to me. I started off by changing my Bios settings to only boot from the hard drive and nothing else. I can still change these settings back whenever I want but only I can. Most Bios's easy to get into but I put a password on mine. Those passwords are very difficult to crack as well, the only sure fire way I have found is to take out the CMOS battery and thereby reset the entire Bios. However, I also have a small padlock on my machine which prevents people from going inside it. The way I see it, this is about as secure as you can be! However, for most people who are not so computer/technologically oriented, just a simple password in Windows is good enough. For people like you and me, those passwords are nothing on most computers, but a home computer is at very little risk... in my opinion.
As for thieves, you are probably right about that. I'm just saying this all for the sake of argument, not to cause problems, I'm just trying to further discussion here.
Matt
[quote="SEGMAT":2ddcyrtv]...I simply lock the machine every time I leave. A password is easy enough in a home situation for most people, and even in a work situation, I don't think it's a big deal generally. On a work computer for instance, there is usually a tech services department to fix any problems that someone could cause if they had access to your machine, it's not your problem really. For most people, the only information that someone could get at on a work computer is work related things, so your personal stuff is still safe. Again, it's the problem of the place you work, not your problem.Matt[/quote:2ddcyrtv]
As Ziggie said, passwords, don't mean much, [b:2ddcyrtv]especially[/b:2ddcyrtv] if someone has physical access to the machine. It just takes moments, even with BIOS and OS passwords. Of course most threats are encountered via the LAN or WAN so firewalls, blocked ports, and security software of some sort. Security in any environment, including the land of computers, needs to be a multi-layered approach.
Now work computers are a totally different topic. At work, or school, not only is your personal data a concern, but more importantly the data of the company or entity that owns the computer. This is the reason computers in these environments are usually more locked down than you would have your computer at home. Many companies are buying "thin clients" with no CD drives and disabled USB ports. The only connection these computers have to the outside world is a LAN connection. This allows exclusive control of the computer by the admins.
Think of this. If your computer was hacked you may lose a few documents, your pictures, your taxes, maybe your credit card info, and might have your identity stolen. All of this is tragic, and you will spend hundreds of hours trying to return life to normal.
Now you said this, "Again, it's the problem of the place you work, not your problem."
OK, now when a business is hacked not only does the business risk losing info, but every customer they have ever dealt with risks losing their identity and financial information. Not to make your individual loss (above) seem trivial, but now hundreds, possibly thousands are affected.
Another thing to think about in a corporate (or school) environment...
You get a great paying job after college. You are making $1,000,000 a year and the boss thinks you are going to be the next manager. You are his favorite.
I've been working at the company for 10 years. The boss doesn't like me, and I am extremely jealous of the new guy (YOU)! I work late and usually come in on Saturdays. I see your computer setting there and start to play around with a few password I guess from having conversations with you over a few weeks, or I bring my boot CD from home. Either way, I'm logged on your work computer. I start sending emails to the boss from your account. I open your excel spreadsheets and change important figures, etc. The boss flips out. You're fired.
Just an example. Remember security is the most important thing, no matter where the computer, or what the OS.
Sorry for the long drawn out topic that jumps around and uses highly unlikely examples.
Yeah, I guess you guys are right... I just didn't want to admit that my setup wasn't as secure as I thought it was. I spent quite a while figuring out the possible ways for someone to physically get into my computer and I felt that this had solved my problems. However, I guess I'm not as secure as I thought I was! I still don't think I'll do much about it, I'm not too concerned about people breaking into my house and anyone that has access to my computer, I trust to not try all these boot CD's and all that, they're my family and close friends so I don't really have to worry.
As for the work situation, I guess what I said about it not being my problem and being the work's problem is rather insensitive for one thing! And secondly, you're right Dave, although something like the situation that you suggested is unlikely, it still could happen in a work place and certainly could cost you your job. I guess I'm going to have to be careful when I enter the work force and get my work computer, more careful than I am at home because at work you can't trust people like you trust your family and close friends.
Matt
The worst part is, at work there's not a lot you can do to protect your physical machine. Typically a review of time punches and building entry logs will reveal you weren't there when the emails were sent, but with web access to email.....
Anyway.
Matt, as for your situation. If I was determined enough, there are ways even around your setup (though I do applaud that you took some steps to counter the problem). Many modern computers will have a button on boot up for a Boot menu, where you can specify what medium to boot from (for convenience, of course). Also, make sure your Guest and Administrator accounts are disabled (many aren't).
Not trying to freak anybody out, but this is what I deal with as a Sys Admin in my workplace. A place where someone is fired and escorted out of the building on a Friday afternoon, and IT isn't told about it until the following Wednesday.
You can have nightmares thinking about security problems. Or, like the higher ups here, pretend they don't exist.
As the resident security "expert" (well, I write the "Security Corner" articles--that may not qualify me as an expert, but I try... ), I think I ought to put in my dos centavos worth of opinion.
Security is relative, not absolute. If you're worried about stuff on your home computer, create an encrypted volume using the advice I gave you in Issue 39 of the newsletter. Store all your sensitive information there. Make sure you use a secure password.
In a corporate environment, you're at the mercy of the systems administrator. I perform this function, and let me tell you, you have no privacy whatsoever at work. I monitor everything you do. I can read all your email. I can block you from using USB devices. I can prevent you from installing any software I decide should be banned. I can block your Internet access at will and I can lock you out of the network on a whim.
If you try to bypass the security policies on the network, I can simply wipe out your PC and everything on it. I can even erase a rogue USB device I happen to discover is plugged into a PC on the network.
The network I administer is locked down hard; if Joe Blow leaves and I don't know about it for a day or two, the only thing he's going to be able to do is read his email remotely. If he tries to do anything else, our intrusion detection/prevention system is going to log his IP address.
Bottom line: protect your data at home and don't violate your company's acceptable use policy--you have no privacy at work.
Cheers!
The Geek
Taking this from a movie I saw, if you're worried about having your home computer stolen and then exploited, all you need do is install a very powerful electro magnetic field within the frame of the door posts from where your computer rests. If the field is NOT turned OFF, then any data travelling past will be zaped. Not 100% sure if it works, or if having such a powerful field near a computer is a wise thing, but short of installing a DESTROY ME chip, something to ponder over, Mindblower!
"For the needy, not the greedy"
Jim Hillier
Richard Pedersen
David Hartsock
Carol Bratt
dandl
Jason Shuffield
Jim Canfield
Terry Hollett
Stuart Berg
John Durso
1 Guest(s)