Tuesday, July 10, 2012

Password Protected?

Don't get lulled into thinking password protection is real protection. I can't count how many times people have brought me computers wanting access after forgetting their password. It's easy to gain access to a password protected computer. In most instances simply giving a computer a three finger salute (Ctrl + Alt + Del) and typing in "Administrator" with a blank password will give you administrative access to most Windows machines. If you have physical access to any machine, data can be extracted easily. If you keep any sensitive information on your computer and it is lost or stolen, the new owner will have access to all of your data including email accounts, server accounts, your company's network (if you VPN), and whatever else you may have stored. There are some things you can do to prevent unauthorized access to your data when your computer is not in your possession.

Encrypt, encrypt, encrypt. Every modern OS has the ability to encrypt drives and folders. They use your password as a seed or key for the encryption algorithm. By doing this, a snooper can't slave your drive to another computer and steal your data. It isn't fool proof, but they will have to work for it. Most thieves don't have the technical capacity to break the encryption and will be easily discouraged. Before encrypting everything, you will want to write down your password and store it in a safe location. If your computer belongs to your employer, discuss your options with your network administrator. They can provide future support in the event of a disaster. Running Windows Vista or Windows 7? You can take advantage of the password reset disk. There are other tools available to deal with this situation, but these are the easiest by far. Without this password, your data will be inaccessible.

Disable the administrator account. This will thwart the old three finger salute approach to gaining access, especially on XP and earlier Windows versions.

Create strong passwords. Use characters in your password, but avoid special alt characters. Make your password it 10-20 characters long. The longer your password, the more time it will take to crack. Passwords like "1234", "password", and "samthecat" won't cut it.

Invest in a laptop lock or alarm. If you turn your back for another cup of joe, thieves can't easily swipe it.

Keep your sensitive information on an encrypted USB drive. When you shutdown your computer, put it in your pocket or keep it on your keyring. These drives provide protection against common thieves and "finders", and are easily replaced.

Backup, backup, backup. Make weekly or bi-weekly backups of your unencrypted data and store it in a safe location.

The most important thing to remember is this: If a professional hacker wants your data, he will get it. There isn't any protection against them. Your security plan should safeguard your data against common intrusions, and those are the scenarios we should guard against.

No comments:

Post a Comment