Use these five methods to easily improve the physical security of network connections

There is a large amount of help information on the Internet, telling you how to protect your computer from remote intrusion and malicious mobile code infection, in addition, this topic is often the focus of many formal IT security education and training courses. If you take this into consideration, it is not difficult to physically prevent the computer from being stolen. However, for security protection, it is more difficult to prevent unauthorized use through physical network connections.

A large number of books and even many discussion groups have discussed how to control computers on the company's network and monitor their usage, we can even find important materials such as difficult problem handling strategies. However, it is often overlooked that how to ensure that no one uses it for unauthorized operations several minutes after you leave the computer.

Especially today, computer security is very important to you. There may be many reasons for doing so. For example:

· Even if you do not strictly monitor employees, you may think that the workplace is a safe place, or you can leave unattended computers with peace of mind, however, this may cause you to become the victim of malicious behavior by dissatisfied employees or unexpected visitors.

· Implementing a login-name-based review for employees in the workplace may be a good choice. This ensures that no one can use your account for unauthorized operations at the time you leave.

· When using laptops for work (or entertainment) in coffee shops and other public places, do not think that no one will steal it when you leave. Even if you leave a friend that is often trustworthy next to a laptop, there may be funny events. For example, he may use the hot dog booth of the Microsoft Windows operating system to change the graphic interface to a painful effect.

· When someone wants you not to leave your computer to prevent theft, it is very important to ensure that confidential information in the system is not recovered by thieves.

Let's make sure you have used clear and high-tech measures, including full disk encryption, operating system logon modes with strong security passwords, and personal file encryption, to prevent these threats. In this way, you should pay more attention to how to take measures to ensure the security of the system during the period when you leave the laptop to the bathroom or leave the IT department for a meeting at the desk. The following five simple measures can improve the security of your system and prevent those who attempt to access the system directly:

1. Set a password for the BIOS and CMOS of the Basic Input/Output System

However, setting a password for the computer's basic input/output system BIOS and CMOS does not provide "true" security. As long as you open the chassis and remove the CMOS battery from the motherboard, you can easily bypass the BIOS and CMOS password settings of the Basic Input/Output System. But on the other hand, if someone is only a few minutes away from you to access the system, it will be a very important protection measure that can reduce the probability that he will gain control of the system before you come back. Because the BIOS and CMOS passwords of the basic input/output system can only be eliminated without being cracked, this can also allow you to find someone trying to use your computer for unauthorized access.

2. Disable external device power-on

Using a floppy disk, You can implement all the functions of the entire operating system. CD, DVD, and even USB flash devices can also be used to start the system. A large number of hacker tools can also do this. Just insert them into the corresponding drive and restart the system. If you do not disable these options in the CMOS settings, they will allow others to use other operating systems to start the system. As described above, if you set a password for the basic input/output system BIOS and CMOS, it is impossible to use these boot devices before clearing the password change settings.

3. Always lock the screen or log out of the user while away from the computer

Leaving a computer that allows users to log on to all applications at the time of departure is the fastest and easiest way for unauthorized users to obtain a large amount of information from the system. If you leave the time, the disk decryption function is in the running state, full disk encryption will not be guaranteed by information security, as long as there is enough time, you can use a USB flash device to copy confidential files, or even more easily, as long as you send data to me through GMail or Yahoo Mail. Use the screen lock function of the system to prevent such physical connection. For example, you can set a password for the screen saver or log out of the system at the departure time. In this way, anyone who wants to access the system must log in again.

By default, some graphic user interface environments do not contain such features. The window manager I selected (AHWM and wmii) is like this. In addition, there are no relevant settings in such a lightweight graphic user interface environment. I chose a screen lock tool called slock to implement this function, although it is very small, however, the function is outstanding. If you choose to use it, remember to log out of the TTY console, because the slock itself will only lock the X session, and the TTY console is not included.

4. Select the memory-only Security Section for the encryption tool

As I explained in the "insecure memory" FAQ, the encryption tool saves the password in a usable space. Therefore, when the memory of a computer system is occupied by a large amount of time, the data originally stored in the memory may be exchanged to the disk (for example, according to Microsoft's official term, it is called storage page files ). If this happens, data may still exist after the system is shut down. At this time, as long as you sit in front of the hard disk and run a simple analysis tool, the encrypted password will be restored.

The key to solving this problem is to ensure that the memory you use is safe: for the operating system, the management methods for Random Access Memory of different uses are different, memory locations reserved for a specific application will never be exchanged to the disk. For more information, see "unsafe memory" FAQ. When this happens, make sure that you do not leave immediately after the system is shut down. You should wait a few minutes, because there is a malicious security device with this function, as long as the physical connection to the system, it can quickly restore the information stored in random access memory.

5. Set obstacles for unauthorized password recovery

Most common operating systems now provide password failure recovery settings due to system errors and user error operations. Some of them even provide a way to directly restore or reset the lost administrator password. This means that there is almost no restriction on the access to any part of the system (except for encrypted files requiring special passwords ). The simplest one is to enter the backup operation mode. This is the case for the security mode of Microsoft Windows and the single-user mode of Unix (including Linux.

In the security mode of Microsoft Windows, most of the security software will be disabled, and even some commonly used logs and encryption tools will be included. For hackers, this is a good way to attack and easily obtain the password of the system administrator account. For example, the Microsoft Windows XP operating system can create a system administrator account without a password, this is a terrible mistake for security practices. To prevent this situation, you need to set the security mode and prohibit unauthorized users from accessing the system at will. However, if this person is familiar with the technology and can use a large number of Windows operating system password recovery tools (which are free of charge) on the network, the effect of such restrictions is not great.

On the other hand, in Unix and Unix-like operating systems, it is quite difficult to bypass security measures to crack the root password. However, this type of operating system provides a single-user mode that allows you to obtain most of the system root-level permissions without correct settings. Therefore, you need to adjust the settings of the TTY console and cancel the root permission to solve this problem. Different operating systems have different operations. For example, in FreeBSD and Apple MacOS operating systems, you need to adjust the configuration in the/etc/ttys file. In many Linux operating systems, they are located in the/etc/securetty file.

Conclusion

Obviously, this article does not intend to provide you with better security around the company's network, nor will it teach you how to conduct on-site investigation or penetration testing. All you need to do is to remind you that the foundation of security should be personal, regardless of their background (work, family, school, etc.). For security incidents, the most common cause is user carelessness. Although the content may not be so comprehensive (after all, this list only contains five items), it can also give you the starting direction.

Generally, the weakest link in the security chain is the user. Your responsibility is to prevent this situation from becoming a reality.