       |
 |
If you use your PC for personal browsing, then you tend to visit sites
that normally are heavily monitored at work, and are banned / barred from
access. This is a level of company control.
However the controls / security on your home PC, are not set to corporate
standards and as such your PC is easily compromised. Just because you
have a corporate remote access account with VPN, it does not mean that
you are secure. You could have been attacked and a trojan sat on your
PC could just as easily attck your corporate network, under the protection
of the VPN, your user id and password.
| Risk | Solution | |
Family / visitor viewing confidential
data |
Access control software / intrusion
detection software; BIOS password protection; file encryption software |
|
Physical catastrophe |
Back-up stored off-line |
|
Theft |
Physical security |
|
Viruses |
Anti-virus software - make sure you
keep up to date |
|
Active code in HTML mail |
Use text only mail client, or content
security (eg. Reflex Screenmail) if you must use Outlook |
|
Macro viruses |
Don't open attachments - if you want
to check a DOC, open it inside WordPad |
|
Trojans |
Anti-virus software - make sure you
keep it up to date / anti-trojan software |
|
Spyware |
Regularily clean your system with
Ad-Aware |
|
Cookies that reveal your Internet
history to third parties |
Cookie cleaners such as SurfSecret |
|
Hacks |
Use a personal firewall - essential
if you have broadband (always on) |
|
Identity theft |
Don't store personal details (social
security numbers, credit card / bank details) on your hard disk |
|
Everything |
Common sense |
[ back to top ]
Excel Bug
Entering a number in an excel file which consists of more than 8 digits and then saving the file as comma delimited will cause the number to be saved in scientific notation, truncating it at 6 decimal places. A number of programs do not deal with this well, including MS Word.
Even worse, when exported back into excel, it records the number as a
7 digit integer + 0s to make up the difference.
[ back to top ]
Unexpected Date Behavior in Windows
Using the "Date/Time properties" dialog box to change the day
or month causes the clock to change immediately without clicking on apply
or OK. Clicking on cancel will reset the clock but, meanwhile, the time
has been changed for anything going on in the background, such as checking
mail, etc.
The problem is that changes are being made in your system without you
realizing it, thinking the change won't occur until you click OK.
Apparently other dialog boxes operate in similar fashion.
This behavior also occured on an NT machine which had the recent Y2K patch
installed.
[ back to top ]
Physical Security
Often the subject of internal security is overlooked. However, often it
is fairly easy for someone to get access to systems they are not supposed
to have access by simply walking up to a valid users desk. This can be
the cleaning staff or a disgruntled (ex)employee making a visit. This
is the easiest type of security to implement and should definitely be
included in any security plan.
- Console Security
Machines and consoles need to be secure. A person can simply turn off a computer if one has access to it. If they have access to the console, they can often interrupt the boot process to get access to the root prompt. If this doesn't work, they can keep guessing the root password in hopes of compromising the system. For these reasons (and more), the computers and associated consoles should be kept in a secure room. A limited number of people should have access to this room, of course with a limited number of keys. Some places actually have security guards let people into the computer rooms for guaranteed secure access.
If your data is sensitive, be certain to verify that there are no alternative methods for getting into the room. This includes hidden spare keys in an unsecured place, gaps in the raised floors that go past the locked access point, and space above the ceilings.
- Data Security
Companies that value their data need a detailed backup recovery scheme. This includes on site backups for least amount of down time, a copy of this data off site in case of computer room disasters, as well as contingency plans in place. Unfortunately, an easy way to get access to a companies data is to gain access to backup tapes and sensitive printouts. Hence, all sensitive information should be stored in locked cabinets. Backup tapes sent off site should be in locked containers. Old sensitive printouts and tapes should be destroyed.
To protect against computer damage from power outages (and spikes), be certain to have your computers on a UPS. This provides consistent power, protects against outages, as well as protects the computer from power spikes. Ideally, there should be a backup generator for production systems. For non-production systems, there should be a automatic way to shutdown the computer if the power has switched to the UPS for more than 1/2 the time the UPS is rated to supply.
To prevent snooping, secure network cables from exposure.
- Users Practice Secure Measures
Always lock your screen when away from your desk. It is best if you log off from the terminal/workstation at night. There should be no written passwords or password hints on your desk. If you are using X, ensure that you are using xauth/xhost to prevent others from reading their screen.
- NO Welcome Banner On Site
Court cases have shown that initial banners must NOT say "welcome".
Your banner should say something like: "Only authorized access allowed; violators will be prosecuted". In addition, change /etc/issue to NOT include the machine type/OS revision.
[ back to top ]