Nov 11 2009

System Lockdown

Consider five technologies that can maximize the protection of your end users' data.

Threats to end-user systems come in all shapes and sizes — from standard-issue viruses and worms to more nefarious threats such as malware, spyware and botnets — and they are growing by the day. Physical threats are also on the rise; a lost or stolen notebook can be disastrous for your business if sensitive data becomes easily accessible. Eliminating risk entirely may not be possible, but there are technologies that your help desk can use to limit both risk and consequence. Here are five tools to help protect your company’s workstations.

Photo: Daniel Grill/Jupiter Images

1. Prevent problems with power-on passwords.

One often-overlooked feature built into most computers is a power-on password. This function, when enabled, requires entering a password before the machine completes its power-on self-test and starts its boot routine. This is useful in protecting notebooks because it renders them useless if lost or stolen. Enabling a power-on password is often as simple as hitting an assigned key to enter the BIOS, OK’ing the feature and setting the password. Have the help desk set one before deploying a machine; otherwise, whoever uses the computer first will be able to set it.

2. Lock it down with BitLocker.

If your company uses Microsoft Windows Vista Enterprise, Vista Ultimate or Windows 7, consider taking advantage of BitLocker. It can encrypt the entire system partition of a user’s hard drive and require authentication before access. Authentication is provided either by using a password or a USB key, or it can be transparent, using a client machine’s built-in Trusted Platform Module. This authentication protects the drive’s contents from being accessed by users who boot from a CD or USB drive, or who — if a notebook is lost, stolen or otherwise compromised — mount the hard drive in another machine.

Photo: Jason Reed/Jupiter Images

3. Let your fingers do the talking.

If your help desk is looking to enhance user security while reducing call volume, consider giving your mobile users notebooks equipped with fingerprint scanners. These are inexpensive, convenient and make forgotten passwords a thing of the past. Users simply walk through a one-time “fingerprint enrollment” wizard to scan in one or more fingerprints, binding them to passwords; from that point they can use a simple fingerprint swipe to log into everything from Windows to web pages. This adds convenience to the end-user experience, and can reduce the number of lost passwords and locked-out user accounts.

4. Keep your removable data safe and secure.

Removable storage has evolved since the days of 64-megabyte flash drives. Not only is external storage now capable of holding exponentially more data, but it can also support miniaturized versions of encryption and authentication technology once thought impossible.

External drives today are more secure than ever, thanks to authentication methods ranging from passwords to fingerprint readers to radio frequency identification tokens.

5. Police unwanted software with policy management

Although many companies use web filtering software and firewall controls to keep users out of trouble in the office, it is still fairly common for mobile users to send machines in for repair or re-imaging because they were compromised outside of the office.

To mitigate this, consider using a centralized client policy solution. Client policy management software runs as a service on machines and reports back to a central management server. Administrators can configure and update policies to allow or disallow executables from launching; then, only authorized software can run or be installed. This will not only keep machines healthy but also help contain malware outbreaks.

Jason Holbert is a Tier II desktop support technician at Harcros Chemicals, a chemical distributor in Kansas City, Kan.