Skip to content. | Skip to navigation

Personal tools
You are here: Home / Data / Restricted-Use Data / Security Plans / How to Secure a Stand-Alone Desktop Computer

How to Secure a Stand-Alone Desktop Computer

A stand-alone desktop computer is one that is in no way connected to another computer or networked device, such as a switch, hub, or router (with the possible exception of a printer), or to the Internet or a local area network (LAN). The stand-alone desktop computer can be running Windows 2000/XP client or server, Linux, or Mac OS X. Because the stand-alone desktop computer is not connected to the Internet or a local or wide area network, the emphasis for securing the data is placed on physical security of the computer and controlling access to the data.

Here are the minimum steps you should take to secure the Add Health data on your stand-alone desktop computer:

Physical Security of a Stand-Alone Computer

  1. Configure the BIOS to boot the desktop computer from the hard drive only. Do not allow the stand-alone desktop computer to be booted from the diskette or CD-ROM drive.
  2. Password protect the BIOS so changes cannot be made to the BIOS without authorization.
  3. Secure the desktop computer on which the Add Health data resides in a locked room, or secure the desktop computer to a table with a lock and cable (locking the case so the battery cannot be disconnected, which would disable the BIOS password).
  4. Remove or disable the network interface card (NIC) so it cannot be used. 
  5. Store the data on a desktop computer only.

Controlling Access to the Data

  1. Restrict access to the Add Health data to project personnel using the security features available via the operating system (e.g., login via userid/password and NTFS permissions in Windows 2000/XP, ACLs in Linux and OS X).
  2. Require strong passwords.
    • You can run L0phtcrack to look for bad passwords.
    • You can use SCM to enable password complexity.
  3. Password protect screen saver and activate after three minutes of inactivity.
  4. Enable encryption for directories containing secure data. Windows Encrypting File System (EFS: available in Windows 2000 and XP) is built into the OS and works well. Additional encryption software applications can be found here.
  5. Configure your analysis software to point temporary work files to the encrypted Add Health data directory.
  6. Install and periodically run a secure erasure program. This program should be run monthly and after the secure data has been removed from the computer at the end of the contract period. (Shred 2 is inexpensive and works well.)
  7. Do not copy or move the Add Health data out of the secured directory for any reason.
Form to describe your security plan

 

 


 CPC Home