How to Secure a Computer Connected to a Network

A network is two or more computers and/or network devices (e.g., printer, switch, hub, router) connected to the Internet. Because the computer is connected to the Internet or to a local or wide area network, the emphasis for securing this computer is placed on physical security of the computer, controlling access to the data, and protecting the data from unauthorized access across the wire.

Whether you are using a Windows, Macintosh or Linux computer as your daily-use computer, here are the minimum steps you should take to secure your sensitive data on a computer connected to a network (for more OS-specific detailed security, see these specific security guides). If only one person will be using the data stored on this computer, the external hard drive option should be considered for better security.

Physical Security of a Computer on a Network

  1. Secure the computer on which your sensitive data resides in a locked room, or secure the computer to a table with a cable and lock.
  2. Laptops are NOT allowed for this security plan. (If you have a laptop as your main computer, you should use the External Hard Drive option.)

Controlling Access to the Data

  1. Restrict access to your sensitive data to authorized project personnel using the security features available via the operating system (e.g., login via userid/password and secure with NTFS permissions in Windows and ACLs in Macintosh and Linux computers).
  2. Require strong passwords.
    • You can use Administrative Tools, Local Security Policy to enable password complexity.
    • To verify passwords are strong, get permission from your Dean, Department Head or Director (or the equivalent in your company), and audit your passwords with L0PHTCRACK.
  3. Password protect your screen saver and set it to activate after 10-15 minutes of inactivity (if using a password of fewer than 16 characters, set your password-protected screen saver to activate after 3 minutes of keyboard or mouse inactivity). Since the screen saver will not activate for 3-15 minutes, it is recommended that you lock your screen (Windows = Windows Key + L) whenever you walk away from your computer, even for a few minutes.
  4. Enable whole disk encryption (e.g., Bitlocker, PGP Whole Disk Encryption, FileVault2, Veracrypt) or directory-based encryption (e.g., Windows Encrypting File System or Veracrypt) for directories containing secure data.
  5. Configure your analysis software to point temporary work files to the encrypted sensitive data directory.
  6. Install and periodically run a secure erasure program. This program should be run monthly and after the secure data has been removed from the computer at the end of the contract period. (e.g., Eraser works well.)
  7. Do not copy or move your sensitive data out of the secured directory for any reason.
  8. Additional security controls can be found in the "Workstation Security Protocols" table in the form to describe your security plan.

Protecting the Data from Unauthorized Access Across the Wire

Please see the additional security controls and the explanation of the security controls required to protect the data from unauthorized access from across the wire at the following locations:

Wink Plone Theme by Quintagroup © 2013.

Personal tools
This is themeComment for Wink theme