Thursday, September 25, 2008

PC SECURITY - Passwords and Other Security Criteria

At the top of security protection is passwords, Windows Password and others.

Here are just basic password criteria to protect yourself:

  • Never, never allow your personal password to be compromised by practices that allow others to find out what it is

There is a movie that demonstrated what can happen if you are sloppy about protecting your password, War Games, starring a young Matthew Broderick. He plays a high school computer nerd that can hack into the schools computer system, where student grades are kept, because the Principle's secretary writes down the current password on a slide-out of her desk. He looks, goes home, and logs on the school computer to change grades.

Do not write down your password where it can be easily accessed, this includes your wallet or purse. If you have to write it down at all, lock it up in a safe place; like well hidden inside a locked file cabinet.

  • Never use passwords that contain easy-to-know information about yourself or your family. Do not use family names (partial or nickname), birthrates, your street name or number, your pet's name, etc.

Again there is a movie that demonstrated this issue, True Lies, with Arnold Schwarzenegger.

Arnie is head of a 3-man team, part of an Ultra Secret Black Ops organization. One team member is the computer expert (aka hacker). There is a system Arnie wants access to, needs the password. They give the task to their Ace Hacker and walk away, but they don't get but a few feet when the hacker says he's in. They look surprised. What was the password? The wife's birth month (3-letter), the son's birth month (2-number), and the daughter's birth year (4-number), in reverse.

This was all from information that was already known about the user of the target system.

  • Using a mixed password is better than (example) all lowercase letters

The safest password is mixed case, alpha-numeric, and special characters (some of these are restricted). The length is specified by the context (Windows, your ISP, a specific WEB site) but 4 to 8 is the most common password length.

It is NOT necessary to restrict yourself to random characters. Just don't use related words.

  • BAD = dog4cat, hot89dog, rainwater5, roadkill, more$money = commonly related words, all lower case

  • GOOD = dog4splinter, hot$snow, hill$$water5, RoadDice, money#rain = NOT commonly related words

  • BETTER = roaDDice, hIll$$watEr5, dogFOURsplinter

WEB access Child Password Protection:

  1. Implement Password access to Windows itself. Ensure parents are the ONLY ones with Administrator rights, children as Users.

  2. There is an excellent tool for customizing restrictions, in this case your child's User account. Doug's Windows XP Security Console.

  3. There is a way to assign restrictions to individual files or folders (and their contents), using the Security tab in Properties. For example, you would restrict access to the folder containing Doug's Security Console to Administrator (parents) so your children could not use it to change their rights.

I always suggest AOL as an ISP (Internet Service Provider) to novice users, especially those who have trouble with technology (aka trouble programming their VCR). They have excellent threat protection and include many tools that would have to be purchased separately with other ISPs. But I became aware of a very big fault in AOL's child protection scheme. Although this may have been fixed by now.

My sister, a novice user, joined AOL, and because her young grand daughters were often at her home, we setup accounts on AOL with child-protection restrictions.

The problem was, when logging onto AOL we did NOT check the Automatic Logon option (no password entry) therefore you had to enter a password. But found out, after creating the AOL restricted accounts, anyone could check Automatic Logon! This meant that a child could check this box, and if the parent did not notice, the next time the child could logon to the parent's account bypassing child-protection. Setting up child-protection did NOT disable the Automatic Logon option.

There are many tools for protecting your children, many use in schools. Use Google or a parent related WEB site for more options/choices.

No comments: