Find Article by Date
Mon, 17 Jan 2005

JP/Suggested steps to increase computing security

Suggested steps to increase computing security

Zatni Arbi, Contributor, zatni@cbn.net.id

Late last year, Microsoft held a series of seminars on computing security in cities in the Asia-Pacific area. One could easily infer that this program was intended to counter the growing belief that Windows was very unsafe.

As a matter of fact, a growing number of computer pundits around the world are saying that, compared to other platforms including Linux, Windows is plagued with a lot of threats. There are an unending influx of viruses, Trojan horses and worms for Windows. Hackers continue to find back doors to infiltrate Windows systems, etc.

While the debate on whether Windows is indeed less secure than other computing platforms continues, I think the steps suggested by Microsoft to small and medium-sized companies -- and of course personal computer users -- are worth repeating here. These are steps that are easy to comprehend, yet we frequently forget to implement them.

A firewall is a piece of software or a combination of software and hardware that checks inbound and outbound data traffic. A firewall resides in the computer that connects to the Internet. Such a computer is usually called the Internet Gateway. If it detects suspicious Internet data packets, it will block them.

Just as an example, a firewall makes sure that an outsider cannot use your computer to launch pre-scheduled attacks to other computers on the Internet. These attacks, which brought the Internet down on its knees a couple of years ago, are commonly known as the Denial of Service (DoS) attacks.

Windows XP already comes with a built-in firewall, which you can access by clicking the network connectivity icon for your Internet connection. Just click on Property, and then on Advance.

If you are not intending to use a stronger firewall such as McAfee's Personal Firewall Plus, at least make sure that your Windows XP's firewall is activated. As they say, "don't surf the Internet without it".

If you already have a broadband connection to Internet, set your Windows Update or Automatic Update utility to automatically check the relevant websites for the latest security patches, download them and install them on your system. If you are still using a dial-up connection, you may need to do this manually.

Software patches are not a sign that a piece of software is terribly flawed. They are much like the recalls by carmakers. If a carmaker knows there is something wrong with the brake in the car that it manufactures and keeps quiet about it, such inaction can be perceived as proof that it does not care about the safety of the people who drive the car or the other road users.

By issuing recalls, carmakers show that they care, and car buyers usually feel positive about carmakers that do announce recalls. Cars are no different from software, they may have some imperfections that need to be ironed out.

Again, if you have a broadband connection and you are an active Internet user, do not hesitate to spend on an antivirus subscription. With a subscription, the virus data will be continuously updated. They may cost you around US$30 per year. Quite a lot of money for most of us, but there is no other choice except cutting off all connection and going back to the fax and snail mail.

While you need only one firewall for your network, it is necessary to have a powerful antivirus program on each of the computers in your network. Again, if you do not have a broadband connection, you may need to download the virus data update manually.

Make your passwords as difficult as possible to guess. If you do not have the budget for a biometrics authentication device such as a fingerprint scanner, make sure your passwords are not scribbled on the Post-It notes stuck on your computer monitor. If a colleague has to watch you as you type in your passwords, change them immediately after he is gone.

Shrewd organizations require passwords to be changed periodically. They also require that the passwords should be of a specific length and contain a specific combination of digits and letters.

Using the same password for different login processes is also a bad idea. Many of us still do it, though, because we are too lazy to remember different passwords.

Most of us take it for granted that the CPUs are too heavy for people to steal from our desk top. That is not true. A lot of CPUs get stolen from offices every month.

Moreover, people do not need to take the CPU away to steal your data. They can just open the casing, unscrew the hard disks and take them out. This could actually be prevented-or made more difficult-by using a bolt to secure the casing. Too bad, a lot of IT department personnel even leave their data center doors unlocked, forget about the casing of the desktop PCs.

These are just five of the 10 recommendations made by Microsoft. Next week, we shall look at the remaining five.