ZDNet UK / News and Analysis / Workspace IT / Processors

Five steps to secure your desktops

By Becky Roberts, TechRepublic, 22 July, 2002 14:02

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Step four: Design desktop security
Assuming an unauthorised person is able to physically access a PC, how can you prevent him or her from also gaining access to the data located on or through that PC? This is the primary role of authentication security, the methods by which we validate that the person at the keyboard has permission to use that computer. Exactly how this is achieved depends on the desktop and network operating system, but certain security measures can be implemented in most environments, such as:
  • Boot/power on passwords set in the BIOS.
  • Network/Desktop logon name/password.
  • Biometric devices for logon, such as thumb print or retinal scanners.
  • Access tokens.
  • Screen saver passwords.
In addition to different methods of authentication security, in most environments, it is also possible to implement the following:
  • Setting passwords on individual files/folders/applications
  • Restricting access times/days on the computer
  • Forcing logout after X minutes of idle time
  • Locating all data on network drives to prevent data being stolen if the PC is stolen
  • Restricting access to removable media to prevent data theft
  • Clearing page table on shutdown/reboot
In the process of deciding whether to implement each of the above, the degree of security offered needs to be weighed against the extent of the inconvenience caused to the user. Policies for how each item is to be instantiated must also be established based on the same considerations. For example, consider how frequently passwords should be changed, after what length of idle time should the screen saver activate, what restrictions should be placed on how passwords are constructed, and so on. Step five: Implementation and deployment
This final action can be conveniently broken down into the following tasks:
  • Decide how to implement the policy (i.e., can it be implemented with your organisation's current desktop and server OS? If not, should one or both of the operating systems be changed or should third-party software be purchased?).
  • Assign responsibility. Who in the company is responsible for enforcement of what parts of the policy (i.e., who is responsible for initiating action if a user shares his or her password?)?
  • Clearly define penalties for violation of the policy (i.e., what are the consequences of letting your mother-in-law borrow your notebook for the weekend?).
  • Educate the users (i.e., what changes should they expect, what are their responsibilities, what are the consequences for violations?).
  • Establish a procedure/schedule for reviewing the policy.
Although no single design formula can produce a foolproof desktop security policy that will work for all organisations, following the steps outlined above will help you to design a policy that provides an appropriate degree of security without causing unnecessary inconvenience to the users -- along with the all-important support from management.
Have your say instantly, in the Tech Update forum. For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter. Find out what's where in the new Tech Update with our Guided Tour. Tell us what you think in the Mailroom.

Related stories

Locking down SQL Server

Facing the security risks of cable modems

Managing security: Building a defence

Managing user access for XP in the small office

Intel updates Core vPro chips with Ivy Bridge

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

apexwm

All of the feedback regarding using a touch monitor for a desktop PC is right on. Several months ago, we installed a "demo" multitouch all-in-one...

2 hours ago by apexwm on Windows 8 could speed multi-monitor uptake
191706

anyone wanting to triple boot *their* own Mac

3 hours ago by 191706 on xTreme Triple Booting: Linux, Mac & Windows
SoapyTablet

Cont.. Biggest Bugbear: Win7's stop-animate-go approach to work, you develop a staggered (not in the above alchohol sense of the word) approach to...

3 hours ago by SoapyTablet on Windows 8 could speed multi-monitor uptake
SoapyTablet

Ah the joys of Windows 8 Consumer Preview... If Windows 7 was 'Vista with Lipstick', whats Windows 8? Vista with Lipstick, the morning after?...

3 hours ago by SoapyTablet on Windows 8 could speed multi-monitor uptake
daveveej

Though the metro look is quite cool on the windows mobile platform I think that think that microsoft ARE MESSING THINGS UP because what has they...

4 hours ago by daveveej on Windows 8 could speed multi-monitor uptake
Custonian

I agree, we have a few touch screen monitors in work but as Windows7 and the applications we use are not touch screen friendly (the size of the...

4 hours ago by Custonian on Windows 8 could speed multi-monitor uptake
archerthom

I find it amusing that Microsoft added the mouse, which was deemed awkward, but people were forced to use it so it stuck, and now they're saying,...

7 hours ago by archerthom on Windows 8 could speed multi-monitor uptake
BrownieBoy

Agree with other comments. Nobody's going to start reaching out to start tapping their desktop monitors with their fingers. Their arms would tire...

15 hours ago by BrownieBoy on Windows 8 could speed multi-monitor uptake
Random_Error

The only way a touch monitor would be any good is if it were horizontal on the desk, with a virtual keyboard so you could do away with that as well...

21 hours ago by Random_Error on Windows 8 could speed multi-monitor uptake
JBDragon

This is just dumb! Forget that I think Windows 8 will bomb, but really, people are going to go out and buy touch Monitors now??? Just pretend...

23 hours ago by JBDragon on Windows 8 could speed multi-monitor uptake
Jake Rayson

@Andy Bolstridge > Unfortunately, we need the majority to work 9-5 And therein lies the lie. I work very hard indeed for my idleness, early starts...

24 hours ago by Jake Rayson on The Idle Self-employed
Burn-IT

What happens when one hosting platform "acquires data" from another? If I forced the first one to remove it, who is responsible for chasing the...

1 day ago by Burn-IT on Google picks holes in EU's 'right to be forgotten'
JohnTalich

iSpring Pro is a nice tool, that allows PowerPoint to SCORM conversion. They also have free tool, that also generates SCORM compliant courses.

1 day ago by JohnTalich on How To Convert PowerPoint To SCORM Compliant Course
aaron.sloman

I think the answer to the question requires a deeper analysis of where the income can come from who else is now competing for it, who else will be...

2 days ago by aaron.sloman on The three big questions about Facebook's IPO
Brent Pieczynski

Your correctness about Government websites not being compliant with their own websites is correct. Most criticism of other people takes so many...

2 days ago by Brent Pieczynski on Privacy watchdog to chase big companies over cookie law
Kelvyn Taylor

802.11ac does promise some tricks to improve range & reliability, but not sure how these will work in practice until I get real products to play...

2 days ago by Kelvyn Taylor via Facebook on Next-generation 802.11ac routers
mrudang009

My wife and I love our new Kindle Fire. It's lightweight, easy to use and has a great interface. The first thing I recommend anyone with a new...

2 days ago by mrudang009 on Waterstones to sell Kindles with in-store offers
mrudang009

It basically unlocks all the Android marketplace apps and unlocks the device. I am one very happy Kindle owner!

2 days ago by mrudang009 on Waterstones to sell Kindles with in-store offers
Burn-IT

Skittles with tapes and coffee cups. Old tapes so we didn't have to rewind them afterwards.

2 days ago by Burn-IT on Ten IT jobs to save up for those rare lulls
Fraud_fighter

What is mildly amusing to me is when someone thinks a strong password is as strong as one may need, when the truth is usernames and passwords are...

2 days ago by Fraud_fighter on Passwords are here to stay: get used to it

Latest in Processors

Intel updates Core vPro chips with Ivy Bridge

AMD's Trinity processors take on Intel's Ivy Bridge

ARM arrives on servers with Calxeda's Ubuntu demo

Featured white papers

Great British computers: A ZDNet UK retrospective

ZDNet UK

Great British computers: A ZDNet UK retrospective

Would you believe the first ever business computer totted up the price of cakes, bread and pies? You would if you knew it was operated by a British tea-shop company. Take a trip down computing memory lane with this guide to great British... Read more

Tech breakthroughs to watch in 2012

ZDNet UK

Tech breakthroughs to watch in 2012

From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

Graphene: A guide to the future from ZDNet UK

ZDNet UK

Graphene: A guide to the future from ZDNet UK

What is graphene? How is graphene made? And why isn't a graphite pencil worth thousands of pounds? Explore this strange material with ZDNet UK's guide to... Read more

Inside ZDNet UK

Asus Transformer Pad TF300T

Asus Transformer Pad TF300T

Firefox rapid release improves Fedora Linux

Firefox rapid release improves Fedora Linux

How to gain total message system visibility

How to gain total message system visibility

HTC One V: First take

HTC One V: First take

SharePoint deployment: The final chapter

SharePoint deployment: The final chapter

Ten IT jobs to save up for those rare lulls

Ten IT jobs to save up for those rare lulls

How fast is your broadband?

How fast is your broadband?