Securing the mobile PC - Windows 2000 style
Mobile computers are a security nightmare. They can be lost or stolen easily, and then their data is available to whoever happened to pick them up. Worse, they might have an installed connection, such as a VPN, right into your corporate network. Here are some ideas that will help plug that security hole.
Got a Windows security tip of your own? Why not send it in? We'll post it on our Web site, and enter you in our tips contest for some neat prizes.
You may have some mobile Win2k users who need a higher degree of data protection than their non-mobile counterparts. Whether applied by the user or an administrator, here are some major security features that can be applied to protect data on a mobile computer.
Apply NTFS Permissions
Data security on a mobile computer can be enhanced through the use of NTFS permissions through which you can allow/restrict access to files/folders on the installed hard drive. When applying permissions, however, be careful about granting permissions to group everyone.
Make sure that mobile computers only have one user account (excluding the administrator and guest accounts). The fewer people who have access to the information on the mobile computer, the better.
Also, the Windows 2000 username should not be the name of the current user; it should be some other name that isn't particularly easily guessed. For example, instead of John Doe, try jdoe5521, or doej2155. These are fairly easily doped out, but not as easily as johndoe.
Rename the administrator account.
Rename or disable the guest account.
The only time anyone should use the administrator account is when performing administrative tasks such as software installations, etc.
If the current user needs to grant temporary access to another user, then log on as administrator and create a temporary account for the new user. Be mindful of the permissions granted in this case, and remove the account as soon as possible.
Encrypted File System
An excellent security feature that can be used in the protection of data is Windows 2000 encrypted file system. File encryption prevents data from easily being available to an unauthorized user. Here's how to encrypt the contents of a folder:
- Right click the file or folder.
- Then Click on Properties.
- On the General Tab click Advanced.
- If the "Compress Data to Save Disk Space" box is checked, clear it. Files or folders that are compressed cannot be encrypted.
- Check the box that reads "Encrypt Contents to Secure Data."
- Click OK to confirm.
The Windows help files contain more information on encrypting folders and files.
Service Pack Updates
Service pack updates can play a major role in data security when used in conjunction with the above-mentioned security procedures. Visits Microsoft's web site periodically for any new service pack updates. If your notebook users are remote from your location, then you should establish a notification procedure to remind them to get new service packs/updates.
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Did you like this tip? If so, (or if not) why not let us know. Send an email to us and sound off.
Maximum Windows 2000 Security
Author: A Anonymous
Online Price: $49.99
Publisher Name: SAMS Publishing
Date published: October 2000
Reveals the holes and weaknesses that compromise Windows 2000 security and how to fix them. Teaches practical, pre-emptive countermeasures against tricks and techniques employed by hackers. Same anonymous hacker who wrote the best-selling books Maximum Security and Maximum Linux Security.