How to Secure a Windows Computer Connected to a Network
A network is two or more computers and/or network devices (e.g., printer, switch, hub, router) connected to the Internet or a LAN. Because the computer is connected to the Internet or to a local or wide area network, the emphasis for securing this computer is placed on physical security of the computer, controlling access to the data, and protecting the data from unauthorized access across the wire.
Here are the minimum steps you should take to secure the Add Health data on a Windows computer connected to a network (for OS-specific detailed security, see these specific security guides). If only one person will be using the data stored on this computer, the external hard drive option should be considered for better security.
Physical Security of a Windows Computer on a Network
- Configure the BIOS to boot the computer from the hard drive only. Do not allow the computer to be booted from the diskette or CD-ROM drive.
- Password protect the BIOS so changes cannot be made to the BIOS without authorization.
- Secure the computer on which the Add Health data resides in a locked room, or secure the computer to a table with a lock and cable (locking the case so the battery cannot be disconnected, which would disable the BIOS password).
Controlling Access to the Data
- Restrict access to the Add Health data to project personnel using the security features available via the operating system (e.g., login via userid/password and NTFS permissions in Windows 2000/XP)
- Require strong passwords.
- You can run a password cracker (e.g., L0phtcrack, Cain and Abel, John the Ripper, Ophcrack) to look for bad passwords. (Be sure you have permission in writing before you do this!)
- You can use Administrative Tools, Local Security Policy to enable password complexity (Windows 2000, Windows XP).
- Note vulnerabilities for accounts with no passwords or weak passwords.
- Password protect screen saver and activate after three minutes of inactivity.
- Install encryption software for directories containing secure data. Windows EFS encryption is free and works well. Additional encryption software applications can be found here.
- Configure your analysis software to point temporary work files to the encrypted Add Health data directory.
- Install and periodically run a secure erasure program. This program should be run monthly and after the secure data has been removed from the computer at the end of the contract period. (Shred 2 is inexpensive and works well.)
- Do not copy or move the Add Health data out of the secured directory for any reason.
Protecting the Data from Unauthorized Access Across the Wire
Please see the following security measures required to protect the data from unauthorized access from across the wire:
- Data on a Windows computer