Personal computer and network security
Recently, quite a lot of attention has been paid to ensuring information security in various automated systems (corporate, inter-corporate, payment, and others).
Personnel takes the perimeter of the corporate IT network quite seriously – both firewalls and intrusion detection systems are installed here. The same can be said about the various servers – both the internal network and the “demilitarized zone”.
But quite often you can see that user workstations are deprived of the attention of security administrators. Although according to statistics, the main source of threats to the security of the corporate network is still just the legal users of your information systems. This raises two main problems:
maintaining the integrity of any operational information of the company, and especially confidential;
ensuring the smooth operation of equipment.
Anyone understands that the disclosure or loss of information can not only cause financial losses, but also harm the reputation and competitiveness of the company. The uninterrupted operation of the equipment is no less important – the failure of one or another node leads both to the cost of its recovery, when it is necessary to update or replace the software, and to downtime in servicing your company’s customers, which means lower incomes. Leakage or loss of confidential data and equipment downtime can occur:
as a result of unintentional user errors;
as a result of malicious user actions;
hidden from the user as a result of exposure to software viruses or other software modules: “worms”, “Trojan horses”.
To ensure the information security of user workstations, there are quite a lot of complexes of protection tools from different manufacturers, but we will talk about the built-in capabilities of operating systems, which for some reason are rarely used.
First of all, we will choose the operating system for the workstations of our corporate network. Currently, the de facto standard for this is Microsoft’s OS. But, in my opinion, security and the Windows9x / Me family of operating systems are two incompatible concepts, so there remain OS based on NT technology.
Windows NT 4.0 Workstation is already quite an old OS, it does not support a lot of modern equipment, and Microsoft has announced the termination of support for this system. Windows XP is a relatively new product, so there will still be many newsletters about bugs and holes in the program code. So, we make a choice in favor of Windows 2000 Professional, especially since the third fix pack (Service Pack 3) has already been released for it – we hope that most of the “bugs” have been fixed. A recent message that Windows 2000 received the Common Criteria certificate confirms that this operating system meets a certain level of security. Unless, of course, put your hands a little bit, and not leave all the OS settings by default.
Excess User Privileges
So, the OS installation was successful, or we bought a computer with a preinstalled system. What is the first question of setting up a workstation’s security system – naturally, a password, and not just a password, but the password of the local Administrator. A typical situation is that a directory service is used to authenticate users on the network – Microsoft Active Directory or Novell eDirectory – therefore, the password policy is configured in the directory service, and users are simply forgotten about local budgets. Often the password of the local Administrator remains the one that was used during the OS installation and can be very weak or even empty.
No less often, the system administrator himself includes the budgets of users working on this computer in the group of local administrators, thinking that this will make his life easier. The user will not jerk it around for nothing – install Acrobat Reader or allow other users access to any files stored on this computer, and in the security system of the entire network with the privileges of the local administrator of his workstation, the user will not be able to do anything dangerous. This is a profound error! In fact, the system administrator is laying down a time bomb for himself. Consider what an unskilled or malicious user with such privileges can do.
Firstly, the user gets access to install any OS parameters of his computer. And then one fine moment he decides that getting the IP address from the DHCP server is not serious and will set it manually, naturally using the IP address of the enterprise management system database server for this. As a result of the conflict of IP addresses, network services on the server and on the user’s workstation will be stopped. How do you like this scenario?
Secondly, the user is able to install software that requires changing system settings