Skip to content. | Skip to navigation

Personal tools
You are here: Home / Data / Restricted-Use Data / Security Plans / How to Secure a Computer Connected to a Private Network

How to Secure a Computer Connected to a Private Network

A private network is two or more computers and/or network devices (e.g., printer, switch, hub, router) that are not connected in any way to the Internet or a LAN (i.e., Cold Room or Secure Data Facility). The data will reside on a computer acting as a server. Because the computers are not connected to the Internet or a local or wide area network, the emphasis for securing the data on a private network is placed on physical security of the computers and controlling access to the data.

Here are the minimum steps you should take to secure the Add Health data on a server on a private network:

Physical Security of a Computer on a Private Network

  1. Configure the BIOS to boot the computer from the hard drive only. Do not allow the computer to be booted from the diskette or CD-ROM drive.
  2. Password protect the BIOS so changes cannot be made to the BIOS without authorization.
  3. Secure the computer on which the Add Health data resides in a locked room, or secure the computer to a table with a lock and cable (locking the case so the battery cannot be disconnected, which would disable the BIOS password).

Controlling Access to the Data

  1. Restrict access to the Add Health data to project personnel using the security features available via the operating system (e.g., login via userid/password and NTFS permissions in Windows NT/2000, ACLs in Linux and OS X).
  2. Require strong passwords.
  3. Password protect screen saver and activate after three minutes of inactivity.
  4. Install encryption software for directories containing secure data. Windows 2000 encryption is free and works well. Additional encryption software applications can be found here.
  5. Configure your analysis software to point temporary work files to the encrypted Add Health data directory.
  6. Install and periodically run a secure erasure program. This program should be run monthly and after the secure data has been removed from the computer at the end of the contract period. (Shred 2 is inexpensive and works well.)
  7. Do not copy or move the Add Health data out of the secured directory for any reason.
Form to describe your security plan