Chapter 3. Keeping Your Computer And Data Secure

At a Glance

This chapter investigates ways in which you can keep your computer physically secure and ensure that its programs and data are protected from loss. Topics include physical security, backups, and authentication through the use of usernames and passwords.

Introduction

One of the best ways to master the concepts of information security is to take a rules-based approach. Starting with Physical Security, the next few chapters in Part 2 will take you through the basics of setting up security procedures for your personal computer or those of your colleagues, if you work in a small group. Information on the technical aspects of security for larger organizations or more experienced users is featured in Part 5 of this Handbook. If you are comfortable with the concepts introduced here, you may decide to build on your knowledge by consulting Part 5 – Security for Technical Administrators.

Physical Security

The first step is to ensure that your computer is physically secure. This may be a trivial or non-trivial exercise, depending on what you own, where it is kept, and how critical the computer and data are.

Computer Theft

Computer theft is a growing problem. Computers, particularly laptops, are often very easy to steal and difficult to recover. If the thief is not interested in using the computer himself, there is a strong market for used computers, stolen or otherwise. Some thieves do not even bother to steal the entire computer and monitor, but will take certain parts, perhaps the memory or the processor. Both items are marketable, simple to conceal and transport, and very difficult (if not impossible) to trace.

Rule 1: Think about computer theft before it happens.

Having your computer stolen is certainly inconvenient. It may also be expensive if you have no (or insufficient) insurance. In some cases, the loss of data could expose your business or personal secrets to others. In extreme cases, a stolen computer could put you out of business. Fortunately, by following a number of simple and inexpensive measures, you can dramatically reduce the chance that your laptop or desktop will be stolen. There are two main preventive techniques: make your computer difficult to steal and/or make it less desirable for those who would want to use it.

Make it difficult to steal and access

There are several ways to prevent a thief from taking your computer:

• Ensure that the place where you keep the computer is secure. It can be locked up in a room or it can be watched by your colleagues, if you work in an office with many employees. Don’t leave your computer unattended in public places such as airports.
• Use an alarm system, if it is likely that someone might break into your office at night, for example, when no one is around.
• Consider securing the computer to a desk or pipe or other immovable object using heavy wire cable or chain. This method is often used in semi-public areas such as libraries or schools. Many computers have a convenient place to connect such a tie-down. Virtually all laptops have a connection point for a security cable; special cables and locks are sold for them.
• If the computer has a lock to prevent the case from being opened, use it. You can also buy special screws that cannot be undone easily.
• If there is potentially valuable information on your computer (business data, personal information), you should consider restricting logical access to it when you leave it in hotel rooms or other unattended locations. Logical access means actual use of the computer once you have physical access to it. Robust logon passwords and password-protected screen-savers are a good start in this direction. (See the section on Authentication later in this chapter).
• Laptops and PDAs (Personal Digital Assistants) are small and easily lost. Get in the habit of putting them away immediately when they are not in active use.

Make it less attractive to take

Few people will want to buy a used computer if it is obvious that it was stolen. A simple and inexpensive way to make it less attractive to would-be purchasers is to identify your property with non-removable tags or mark the equipment with paint. The markings can include your name or other identifying information. If you use this method, do not get any paint in ventilation slots or other openings. Be aware that marking the computer case can void your warranty.

Computers are delicate

Computers are particularly sensitive to dust and rough handling. If you operate computers in dusty environments, they should be cleaned regularly, with extra care taken that ventilation openings are not blocked. Computers are also sensitive to drops and bumps.

Other aspects of physical security

If you open up your computer to install new hardware, don’t ignore the warnings about reducing electrostatic shocks – making sure that your body is grounded is essential.

Using Backups to Protect Your Data

In the last section, we addressed physical security. In this section, we will consider a different issue – ensuring that your data and your programs are secure. How do you protect your computer data from corruption or loss?

Rule 2: Make backups regularly and take steps to ensure that they will survive if your computer is physically threatened.

Data can be corrupted or lost for a number of reasons. Some of the more common ones are:

• Accidentally deleting a file;
• Accidentally storing a new file under the same name as an old one, wiping out the old one;
• A misbehaving program that alters or corrupts your data;
• A misbehaving program that deletes your data;
• A rogue program (perhaps a virus) that alters, over writes or deletes your data;
• A hardware failure (perhaps in the hard disk, or its controller, or the processor or power supply) that destroys data;
• A fire burns your computer or the water that is used to put out the fire renders the computer useless;
• The entire computer is stolen.

Creating backups is one solution to all of these problems. A backup is a copy of a file, or set of files, transferred onto a floppy disk or CD-ROM and put away for safekeeping. If the original file is inadvertently deleted or corrupted, the backup can be retrieved and the original file can be replaced.

Backups can be very simple, (e.g. a floppy disk in your desk drawer) or they can be exceedingly complex. Many backup software packages will let you copy every file on your computer onto a magnetic tape or a series of CD-ROMs. If your computer is lost or stolen, you can buy a new computer and the backup system will restore all of your files and applications on the new computer, assuming that the architecture of the new computer is similar to that of your old one.

Bugs, accidents, natural disasters, and attacks on your system cannot be predicted. Often, despite your best efforts, they can’t be prevented. However, if you have good backups, at least you won’t lose your data and, in many cases, you will be able to restore your system to a stable state. Even if you lose your entire computer, with a complete set of backups you can restore the information after you purchase or borrow a replacement machine. Of course, this will only work if the backups were stored away from the computer and not lost along with the computer.

Here are some reasons why backups are a key element in computer security:

User error

People accidentally delete their files. With graphical user interfaces, it’s all too easy to accidentally drag a file or folder to the wrong place. Creating periodic backups makes it possible to restore files that have been deleted accidentally, protecting you from “finger-failure” mistakes.

Hardware failure

Hardware breaks from time to time, often destroying data in the process. Disk crashes may destroy the complete disk, but if you have a backup, you can restore the data onto a new drive or system.

Software failure

Many application programs, including Microsoft Word, Excel, and Access, have been known to corrupt their data files on occasion. 23 If you have a backup and your application program suddenly deletes half of your 500 x 500-cell spreadsheet, you will be able to recover your data.

23 This statement is not meant to imply that these products have more such problems than others – they are listed only because they are the most popular applications used by users.

24 Examples of compressed archives include “zip” and “tar” files that can contain very bulky information in a dense form. They are “unzipped” and individual files may be called up through fairly simple procedures. There are a number of vendors and some freeware available for file compression.

Electronic break-ins and vandalism

Computer attackers and malicious viruses frequently alter or delete data. Your backups may help you recover from a break-in or a virus incident.

Archival information

Backups provide archival information that lets you compare current versions of software and databases with older ones. This capability lets you determine what you’ve changed, intentionally or by accident. It also provides a valuable resource if you ever need to go back and reconstruct the history of a project.

Theft

Computers are easy to steal and easy to sell. Not only should you make a backup, but you should also take it out of your computer and store it in a safe place; there are many cases where backups were stolen along with the computer system.

Natural disaster

Floods, earthquakes, and fires are all effective at destroying the places where we keep our computers. Here too, it is important to keep backups off site.

Other disasters

Sometimes Mother Nature isn’t to blame: gas pipes leak and cause explosions, coffee spills through ventilation holes, computers may get dropped or knocked over. In each case, backups can prevent a misfortune from turning into an irrecoverable situation.

With all of these different uses for backups, it’s not surprising that there are many forms of backups in use today. In fact, the perfect backup to recover from one of these problems might be useless for another. It is useful to remember the multi-layered defense concept and employ several forms of backup systems to cover the range of risks that you face in your home or office.

Here are a few types of backup methods to be considered:

• Copy your critical files to a floppy disk or a high-density removable magnetic or optical disk.
• Copy your entire disk to a spare or “mirror” disk or copy a disk to a folder/directory on the same disk if there is sufficient room. Obviously this will not help for catastrophic types of failure, but it does give you a copy in case of accidental deletion.
• Make periodic compressed archives of your important files. 24 You can keep these backups on your primary system or you can copy them to another computer, possibly at a different location.
• Back up your files over a network or over the Internet to another computer.
• If you want high security against hard-disk failure, you may consider having two hard disks in your computer and use hardware/software that duplicates everything that is on the first disk on the second one as well. If you do this, you still need regular backups to protect against other types of problems.

What Should You Back Up?

There are two approaches to computer backup systems:

1. Back up everything that is unique to your system except the application programs. This primarily includes your data files, but it should also include all of the files that tailor your operating system and your applications to you. It may be somewhat challenging to figure out where all of these files are kept and it is difficult to know whether it is safe to restore them later without making other critical changes. However, you may choose to keep all of your data files in a few major directories or folders. This way, you can make backups that only contain your unique work.

2. Back up everything. With an image backup, depending on the utility you use to make it, you can restore the system in its entirety. You can also restore individual files or directories/folders selectively.

We recommend both approaches.

1. Make a complete image backup as soon as your system is set up and back the system up periodically, perhaps once every several months.

2. On a more regular basis, you should back up your personal data. Depending on the backup utility that you use, there are several basic methodologies:

a) Unless you have a massive amount of personal data, back up all of your data periodically, (every few months, for example).

b) If you have a lot of personal data, you may consider backing it all up periodically and, at more frequent intervals, back up only the files that have changed since the last full backup. This is called an incremental backup. In this case, to restore a file or files, you will need the last full backup plus the last incremental backup.

There are other variations of these back up methods. Typically, backup utilities offer advice in their instructions on how to use their products.

Where should I keep my backup copies?

The answer to this depends on how you may use the backups. If you are trying to protect your system from theft or fire, the backups must not be stored near your computer system. Ideally, they should be located far enough away that natural or man-made disasters affecting the system do not affect the backups. However, if you will use your backups for recovering data that has been deleted or altered accidentally, then you will want to keep them in a more convenient location.

One solution is to keep the full backups off site and incremental backups nearby. Another is to keep the most recent data backup nearby and a less recent copy off site. Some people make two copies of every backup, so they can keep one full copy on site, and one farther away.

Remember, if you have data on your computer that someone may want to steal, they can steal it from the backup as well. So it is important to protect the physical security of your backup, just as you protect the computer itself.

Will I be able to read the backup?

There are a number of reasons that you will not be able to read a backup when you need it. Among them are:

• The copy is too old or is physically damaged. This is most likely to occur with floppy disks or other magnetic media.
• The device that wrote it was poorly adjusted and therefore what was written cannot be read. In this case, it may be readable by the same device that wrote it.
• Media failure. Media failure was common on old floppy disks. It was not unusual to create a disk that could not be read, even a few days later. Optical disks (such as CD-Rs) have been thought of as extremely stable. However, a recent study of CD-R reliability has indicated that lower quality CD-Rs may not be readable in as little as two years after they are written.

It is always good practice to try to read a backup, preferably on a different device than the one that wrote it, to ensure that it is readable. If you write backups to removable magnetic disks (floppy, zip), make sure they are clean and reasonably new.

Some people keep their backups for a long time. It is amazing how often you really want to reuse a copy of a document or image or program that you had several years ago. If you keep backups for a very long time, you need to consider the possibility of media obsolescence. The data stored on a 5 _” floppy disk from the 1980s may still be there, but will you be able to find a computer with a 5 _” floppy drive?

How many copies should I keep?

Let’s say that you make a backup once a week, so if you have some catastrophic failure, you will not lose more than one week’s work. These backups are good from a security standpoint, but over time they will take up space. How many of these backups should you keep? If you are using CD-Rs as the backup media, there is no reason to discard them quickly, as they are small and cannot be reused. If you are using magnetic disks or CD-RW, then they can be reused. But you should always keep several backup copies. In the above example, you might keep the most recent four copies.

Why is this good practice? What possible reason would there be to keep the copies from the past month when you have the more up-to-date copy from last week? The reason is simple: it is always possible that the copy you made most recently is bad or will be lost, or stolen. The copies from last month are not as complete, but they are better than nothing. This is another example of how good security is composed of multiple, partially redundant measures.

Backing up purchased software

If the license allows it, always make a copy of software CD-ROMs and use the backup for routine installation and maintenance operations.

The most important thing about backups

The most important thing about backups is that you create them regularly. Many people avoid the trouble of making backups. They may have even suffered previous losses due to insufficient backups, but they feel that they will not get hit again. Avoid risk and make regular backups!

Authentication

Authentication allows your computer or a distant web site to know who you are. It also should prevent other people from pretending they are you. Typically, you will be known by a user identification and password, although there are many variations on this theme. The challenge is to make your user identification and password combination hard to guess, so that attackers cannot figure it out. At the same time, it should be memorable enough so that you don’t forget it or feel the need to write it down next to the computer. If you use computers and the web frequently, you will have many usernames and passwords. If they are all written in an obvious place near your computer, the usernames and passwords are not very secure.

User Identification

Most systems that want to identify you will either assign or ask you to select a “User Identification.” It goes by many names: username, userid, member number, member name, etc. In this discussion, we will use the term username. Some systems will use your e-mail address as your username. In fact, your e-mail address is a specific example of a username. Systems often have rules about how the username should be composed.

• Some systems limit the length of the username, for other systems, the length is effectively unlimited.
• In some cases, any printable character is allowed in the username. In others, you may be limited to letters and numbers and perhaps a few punctuation marks.
• Some systems ignore upper and lower case, while others treat them as different characters (an “A” is not the same as an “a”).

If the system or web site does not give you a choice, then it will decide what your username is and you will be required to use this name. However, in the cases where you can select your own username, what are the criteria that you should consider? Sometimes, there are competing criteria, not all of which can be met at the same time.

• Do you want your username to reveal who you really are? Will this username be used to help your friends and colleagues recognize you? An e-mail address is often such a username.
• Do you want the username to help conceal your true identity? If you are using this name to participate in some group activity (such as an online game or chat group), you might not want people to know who you really are.
• Do you want this username to be easy for you to remember? If it is a username for some online service that you visit infrequently, you might want to pick a username that you will not forget. Some people use the same username for many services, if there is not critical or valuable information associated with these services.
• Do you want this username to be difficult for other people to guess? If it is the username to access your bank account, you might want to make it difficult for others to guess what it is (this goes back to the concept that effective security is made up of multiple, partially redundant layers; if you use your publicly known e-mail address to access your bank, it makes it easier for a thief to “guess” your bank username).

Passwords

Rule 3: Select passwords that you will be able to remember but will be very difficult for someone else to guess.

Although usernames are often given to you without offering you a choice or are likely to be publicly known (such as your e-mail address), passwords can nearly always be set by you. Their form should make it difficult for an unauthorized person to access your account.

When passwords are stored on the host system, they are usually encrypted, so someone looking at the disk cannot see your password. In some cases, they can be decrypted by someone who knows the key. In other cases, it is not possible to decrypt the password (one-way encryption); when you enter a password while logging on, it is encrypted and compared to the version on disk (see Addendum 1 on Encryption for more details).

Due to poor security on some host systems, at times it may be possible for attackers to access the entire password table and find the encrypted passwords for all users. Even if these passwords use one-way encryption and cannot be decrypted, it may still be possible for the attacker to determine what your password is. The encryption algorithm used for these passwords is typically documented and known. The attacker could use this algorithm to encrypt all the words in a dictionary, as well as other commonly used passwords. So if you used the word “birthday” as your password, when the attacker encrypted the word “birthday,” he would find that the encrypted version is the same as what is on disk and would now know your password!

Since the whole idea of passwords is to make it difficult for someone to guess, but to allow you to sign on at will, one can state a number of criteria and techniques associated with robust passwords. Like usernames, each system has certain rules regarding the password formats ( minimum and maximum size, what characters are valid, etc.)

• Never use single words in your native language (or English) as a password. A phrase or a sentence, or several word fragments is much better.
• If the system treats upper and lower case as different letters, use both, and do not place them where they would be used in normal writing.
• Mix numbers, allowed punctuation, and blank spaces, if the system allows it.
• If the system allows blank spaces and your password is a phrase, consider omitting some of the spaces (that is, have the words run together).
• To make your passwords easy to remember, you may be tempted to use the same password for many systems. If you do this, remember that once an attacker discovers your password on one of these systems, he or she can make a pretty good guess that it is the password on your other systems, so only do this for systems where you have absolutely nothing to protect. For example, some newspapers require a username and password to read articles on their web site. No money or confidential information is involved, they just want you to log on, and so it may be all right to use the same password for newspapers and similar reading material.
• Some people replace letters in words with similar looking numbers or punctuation. They use the digit “1” for the letters “I” or L”, the number “3” or the symbol “#” for the letter “E”, the digit “0” for the letter “O”, the symbol “@” for the letter “A” and the digit “5” for the letter “S.” This is a useful artifice, but remember, a good attacker knows about these tricks and they make his job a little bit harder, but not impossible.
• Replace the letter “I” with the string “eye” or “aye” or whatever makes sense in your language. This works particularly well with words like “icon” which is now “eyecon.”
• Use acronyms (the first letters of the words in some familiar expression). For example, “tgbwc” is an acronym for the Coca Cola slogan “Things go better with Coke.”
• Spelling words backwards slightly obscures the words but does not make them much harder to crack.
• Never use:
  • Your username, or some variation of it
  • Your name
  • Your maiden name
  • Your spouses name or maiden name
  • Your children’s names
  • Your parent’s names
  • Your pet’s names
  • Your co-worker’s, boss’s or friends names
  • Your birthday, or the birthday of any of your friends or relatives
  • Your address, phone number, license plate number or similar identifiers
  • Your favorite color
  • Your job title or rank
  • Your company name or school name
  • Anything else that is commonly identified with you o Classic passwords such as “xyzzy” or “plover” (passwords used in the first computer game), “abracadabra” and “open sesame”
  • Words in popular movies, news or literature. Examples are “Harry Potter”, “Lord of the Rings”, and “Gone with the Wind”.
  • Letters on the keyboard in order (such as “SDFGHJ”)
  • Adding a single digit before or after any of the above.
  • Repetitions of the same letters or numbers, or in sequence (“aaaa9999”, “123456”, “ABCDEFG”)
• Some systems require a minimum number of characters in a password or a certain number of letters and/or digits. Although long is good, as is mixed case, if you are not a very good typist, think about whether some one looking over your shoulder will be able to figure out what you are typing.
• Whatever the password is, you will have to remember it, preferably without writing it down. If you need to write down a password, never write it near where it will be used, or with a label on it identifying it as a password.
• Never keep an unencrypted list of passwords in a computer file.

The best password is a very long string of random numbers and letters. However, for most of us, this would be impossible to remember and a password that is written on a note on your computer screen or under your keyboard is not secure.

Here are some examples of reasonable passwords (for a system that accepts letters, numbers, special symbols and blanks, and treats upper and lower case as different letters) along with variations of each. They are memorable and yet not easily guessed or found in a dictionary.

Changing your Password

Passwords should be changed periodically. The frequency of changes is the subject of debate. Some security specialists recommend changing passwords very often, but others argue that making changes too frequently increases the need to write passwords down or pick simplistic passwords. For typical applications, the following recommendations are realistic:

• Change your password immediately if you think that it may have been compromised.
• If you give your password to someone else for any reason, change it immediately after they are finished. Sharing passwords is generally a bad thing, and should be avoided unless there is no alternative.
• Change you password periodically, just in case it has been compromised. “Periodically” is subjective, but between six months and a year is reasonable.
• If you belong to an organization that has a more stringent policy, follow it.

Restrict Privileges

Most systems allow users to be given a restricted set of privileges; this set may not include all the privileges granted to the person who administers the computer. For computers where the user is also the administrator (as is the case for many personal computers), the user often does all of his/her work using the full set of privileges (often called root or administrator privileges). It is good practice to use a separate username when non-administrative work is being done. This reduced the chances that the user will damage the system by accident. It also reduces the chance that if the system is penetrated, the attacker will have full administrator privileges.