ZDNet UK / News and Analysis / Workspace IT / Processors

Five steps to secure your desktops

By Becky Roberts, TechRepublic, 22 July, 2002 14:02

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Step four: Design desktop security
Assuming an unauthorised person is able to physically access a PC, how can you prevent him or her from also gaining access to the data located on or through that PC? This is the primary role of authentication security, the methods by which we validate that the person at the keyboard has permission to use that computer. Exactly how this is achieved depends on the desktop and network operating system, but certain security measures can be implemented in most environments, such as:
  • Boot/power on passwords set in the BIOS.
  • Network/Desktop logon name/password.
  • Biometric devices for logon, such as thumb print or retinal scanners.
  • Access tokens.
  • Screen saver passwords.
In addition to different methods of authentication security, in most environments, it is also possible to implement the following:
  • Setting passwords on individual files/folders/applications
  • Restricting access times/days on the computer
  • Forcing logout after X minutes of idle time
  • Locating all data on network drives to prevent data being stolen if the PC is stolen
  • Restricting access to removable media to prevent data theft
  • Clearing page table on shutdown/reboot
In the process of deciding whether to implement each of the above, the degree of security offered needs to be weighed against the extent of the inconvenience caused to the user. Policies for how each item is to be instantiated must also be established based on the same considerations. For example, consider how frequently passwords should be changed, after what length of idle time should the screen saver activate, what restrictions should be placed on how passwords are constructed, and so on. Step five: Implementation and deployment
This final action can be conveniently broken down into the following tasks:
  • Decide how to implement the policy (i.e., can it be implemented with your organisation's current desktop and server OS? If not, should one or both of the operating systems be changed or should third-party software be purchased?).
  • Assign responsibility. Who in the company is responsible for enforcement of what parts of the policy (i.e., who is responsible for initiating action if a user shares his or her password?)?
  • Clearly define penalties for violation of the policy (i.e., what are the consequences of letting your mother-in-law borrow your notebook for the weekend?).
  • Educate the users (i.e., what changes should they expect, what are their responsibilities, what are the consequences for violations?).
  • Establish a procedure/schedule for reviewing the policy.
Although no single design formula can produce a foolproof desktop security policy that will work for all organisations, following the steps outlined above will help you to design a policy that provides an appropriate degree of security without causing unnecessary inconvenience to the users -- along with the all-important support from management.
Have your say instantly, in the Tech Update forum. For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter. Find out what's where in the new Tech Update with our Guided Tour. Tell us what you think in the Mailroom.

Related stories

Locking down SQL Server

Facing the security risks of cable modems

Managing security: Building a defence

Managing user access for XP in the small office

AMD looks to ARM itself for low-power tablets

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Freebies202

Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

5 hours ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
kevinmchapman

"the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

13 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
Marg Menzies Harrison

Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

14 hours ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
zdnetukuser

And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

15 hours ago by zdnetukuser on Linux Minterface
Moley

@kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

17 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

18 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

20 hours ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

"Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

20 hours ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

20 hours ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Dennis Nilsson

If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

21 hours ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany
GHar123

I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

23 hours ago by GHar123 on ACTA stumbles in Germany
JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

1 day ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

1 day ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

1 day ago by greycynic on Ten flawed products that derail productivity
GrueMaster

Nice review and very informative. One thing I'd like to add (in reply to whs001's 1st question), the main reason to have the same interface from...

1 day ago by GrueMaster on A tale of two distros: Ubuntu and Linux Mint
Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

1 day ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

1 day ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 day ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

1 day ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

1 day ago by Moley on A tale of two distros: Ubuntu and Linux Mint

Latest in Processors

AMD looks to ARM itself for low-power tablets

Apple tops list of semiconductor buyers

Featured white papers

Graphene: A guide to the future from ZDNet UK

ZDNet UK

Graphene: A guide to the future from ZDNet UK

What is graphene? How is graphene made? And why isn't a graphite pencil worth thousands of pounds? Explore this strange material with ZDNet UK's guide to... Read more

Open-source software deployments for enterprise IT success

Progress Software

Open-source software deployments for enterprise IT success

Wikipedia identifies open source as "enabling a self-enhancing diversity of production models, communication paths... Read more

The virtual presenter's handbook

Citrix Online

The virtual presenter's handbook

Web seminars or webinars can be interactive and engaging, just like having every person in the same room, and this white paper outlines how they can benefit your... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

How to handle data replication

How to handle data replication

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault