Security is often a game of perception. A mysterious combination of smoke and mirrors creates the illusion of security while reality remains unprotected. With information security, the majority of security tools and utilities are designed to keep outsiders from gaining access to internal resources. The "us vs. them" mentality fits well with most perceptions, but it does not mesh with the reality that most attacks and security breaches occur from the inside.
I recently wrote about the disparity of inside jobs vs. external threats and provided some tips to protect computer systems in Guard against internal hackers. In this tip, I cover specific steps you can take to secure your Windows desktop files and folders and prevent even internal prying eyes from viewing them.
1. Use third-party tools to secure Windows 9x files and folders
Older versions of Windows such as Windows 95, 98 or Me are inherently insecure when it comes to files and folders. To protect individual files and folders, you must install a third-party utility, such as Everstrike Software's Protect Folder 98 or WinAbility Software Corp.'s Folder Guard Classic Edition. Keep in mind that these operating systems are based on a DOS foundation, and even these third-party tools are not impenetrable.
2. Share only what is necessary
When creating shares on your computer, restrict the share to only information that is necessary. Sharing out an entire drive or partition is probably too broad. Even sharing out the My Documents folder may allow access to too much data, depending on how you use it. You may consider creating a special folder just for shared files and only sharing out that individual folder.
3. Use discretion setting permissions
Just as you need to use discretion in choosing which files and folders should be accessible, you should also limit who has access or what level of access they have. If you just grant Full Control to the Everyone group for your shared resources, it will be hard to manage or control access. Even for resources that you want to share, you should give some thought to who should have access and whether they should be able to delete or edit the files or simply be able to view them.
4. Encrypt confidential or sensitive information
Once you limit what information is shared out and further restrict access and file permissions, then your desktop data should be fairly well-protected. However, if you have confidential or particularly sensitive information, you may want to go one step further and encrypt it. In Windows 2000 or XP you can use the built-in Encrypted File System (EFS). You can also turn to third-party encryption tools such as PGP Corp.'s PGP Desktop Home 9.0.
Click for part one to find out which three internal controls you must have in place to prevent internal hacking.
About the author:Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.
More information from SearchWindowsSecurity.com
This was first published in May 2005