Protect desktop files and folders from inside snoops

In the second of this two-part series, below, Tony Bradley offers step-by-step advice on how to configure Windows file and folder security. In part one, he identified three internal controls you must have in place to prevent internal hacking.

Security is often a game of perception. A mysterious combination of smoke and mirrors creates the illusion of security while reality remains unprotected. With information security, the majority of security tools and utilities are designed to keep outsiders from gaining access to internal resources. The "us vs. them" mentality fits well with most perceptions, but it does not mesh with the reality that most attacks and security breaches occur from the inside.

I recently wrote about the disparity of inside jobs vs. external threats and provided some tips to protect computer systems in Guard against internal hackers. In this tip, I cover specific steps you can take to secure your Windows desktop files and folders and prevent even internal prying eyes from viewing them.

1. Use third-party tools to secure Windows 9x files and folders
Older versions of Windows such as Windows 95, 98 or Me are inherently insecure when it comes to files and folders. To protect individual files and folders, you must install a third-party utility, such as Everstrike Software's Protect Folder 98 or WinAbility Software Corp.'s Folder Guard Classic Edition. Keep in mind that these operating systems are based on a DOS foundation, and even these third-party tools are not impenetrable.

2. Share only what is necessary
When creating shares on your computer, restrict the share to only information that is necessary. Sharing out an entire drive or partition is probably too broad. Even sharing out the My Documents folder may allow access to too much data, depending on how you use it. You may consider creating a special folder just for shared files and only sharing out that individual folder.

3. Use discretion setting permissions
Just as you need to use discretion in choosing which files and folders should be accessible, you should also limit who has access or what level of access they have. If you just grant Full Control to the Everyone group for your shared resources, it will be hard to manage or control access. Even for resources that you want to share, you should give some thought to who should have access and whether they should be able to delete or edit the files or simply be able to view them.

4. Encrypt confidential or sensitive information
Once you limit what information is shared out and further restrict access and file permissions, then your desktop data should be fairly well-protected. However, if you have confidential or particularly sensitive information, you may want to go one step further and encrypt it. In Windows 2000 or XP you can use the built-in Encrypted File System (EFS). You can also turn to third-party encryption tools such as PGP Corp.'s PGP Desktop Home 9.0.

Click for part one to find out which three internal controls you must have in place to prevent internal hacking.

About the author:Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.

More information from SearchWindowsSecurity.com

  • Tip: Check out Tony's tip on how to guard against internal hackers
  • Tip: Know how to Google hack your own Windows systems before a bad guy does
  • Checklists: Harden Windows with this collection of Windows security checklists by Roberta Bragg

  • This was first published in May 2005

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.