Topic 6: Desktop Security - Information Security

Information technology security is like an onion whose layers protect computer users from hackers. If a computer is not protected at the personal level, it could allow a hacker to send thousands of illicit e-mails and cause you to lose your network access. You can protect yourself from the average desktop hacker by being aware of some of their common tactics.

One method used in desktop hacking is shoulder surfing. This is when an unnoticed individual looks over your shoulder to obtain private information like your user name and password. The best way to fend off this hack is to physically position your computer so that you can see all persons that might be able to look at the keyboard, monitor, or screen of your computer. If you can’t move the computer, place small mirrors on the monitor so that you can see any person able to view your screen.

You can enable a screen saver with password access as a good, short-term security action to protect your system if you step away for a few minutes. Your computer’s screen saver should initiate after 5 minutes of inactivity. This action requires the entry of a password before deactivating the screen saver and allowing access to the system.

If you know you are going to be away from your desk for an extended period of time during the work day; a good alternative to shutting down your system is locking your keyboard. On a Windows system this can be done by pressing and holding the key with the “flying window” (usually found next to the ‘Alt’ key on the right side of the keyboard) and then pressing the “L” key. This will lock the keyboard and blank the monitor screen until a valid password is entered.

Another method of desktop hacking is capturing files that are transferred in an insecure manner. Files that are transferred using FTP or TELNET are sent in plain text. This means that all communication is readable in plain English, including your user id, password, and personal information. The best defense against this form of hacking is the use of secure file transfer applications such as SSH and PGP. These applications provide encryption for file transfers and emails. A more comprehensive list of secure applications can be accessed at the web link from Tom Dunigan listed below.

Being aware of who is around you is the first line of defense for desktop computer users. Combine awareness, good password practices, and secure applications and users will have a security formula that makes them less likely to be hacked.

Click here to go back to the main Security Training page.