Processors Toolkit

Five steps to secure your desktops

Becky Roberts Tech Republic

Published: 22 Jul 2002 14:02 BST

Step four: Design desktop security
Assuming an unauthorised person is able to physically access a PC, how can you prevent him or her from also gaining access to the data located on or through that PC? This is the primary role of authentication security, the methods by which we validate that the person at the keyboard has permission to use that computer. Exactly how this is achieved depends on the desktop and network operating system, but certain security measures can be implemented in most environments, such as:

Boot/power on passwords set in the BIOS.
Network/Desktop logon name/password.
Biometric devices for logon, such as thumb print or retinal scanners.
Access tokens.
Screen saver passwords.

In addition to different methods of authentication security, in most environments, it is also possible to implement the following:

Setting passwords on individual files/folders/applications
Restricting access times/days on the computer
Forcing logout after X minutes of idle time
Locating all data on network drives to prevent data being stolen if the PC is stolen
Restricting access to removable media to prevent data theft
Clearing page table on shutdown/reboot

In the process of deciding whether to implement each of the above, the degree of security offered needs to be weighed against the extent of the inconvenience caused to the user. Policies for how each item is to be instantiated must also be established based on the same considerations. For example, consider how frequently passwords should be changed, after what length of idle time should the screen saver activate, what restrictions should be placed on how passwords are constructed, and so on.

Step five: Implementation and deployment
This final action can be conveniently broken down into the following tasks:

Decide how to implement the policy (i.e., can it be implemented with your organisation's current desktop and server OS? If not, should one or both of the operating systems be changed or should third-party software be purchased?).
Assign responsibility. Who in the company is responsible for enforcement of what parts of the policy (i.e., who is responsible for initiating action if a user shares his or her password?)?
Clearly define penalties for violation of the policy (i.e., what are the consequences of letting your mother-in-law borrow your notebook for the weekend?).
Educate the users (i.e., what changes should they expect, what are their responsibilities, what are the consequences for violations?).
Establish a procedure/schedule for reviewing the policy.

Although no single design formula can produce a foolproof desktop security policy that will work for all organisations, following the steps outlined above will help you to design a policy that provides an appropriate degree of security without causing unnecessary inconvenience to the users -- along with the all-important support from management.

Have your say instantly, in the Tech Update forum.

For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter.

Find out what's where in the new Tech Update with our Guided Tour.

Tell us what you think in the Mailroom.

Go to section: