РегистрацияЭто старая редакция страницы Библиотека / Основы / S S D / Данные На Диске / Вы / Основы Инфобезопасности за 16/03/2009 08:56.
Master the Basics of Data Protection
Освойте основы защиты данных
We're not going to lecture you on how to physically secure your office, because as we've said before, if the government has permission from a court to bust in, they are going to bust in regardless of what you do. We're more concerned here about what they can do to your computers once they are inside. Here are some steps to ensure that just because someone has physical access to your machine it doesn't mean they'll be able to get at all the data inside of it:
Require logins! Operating systems can be set to automatically log into a user account when the machine boots. Disable this feature! Require that the user provide a username and password before the machine will allow access to a user account.
Require screensaver logins too! Set the screensaver on your system to start automatically after a short time (such as 2 or 5 minutes) and to require that the user supply their password again before the screensaver will unlock. All operating systems support a feature like this, and it makes no sense not to use it.
Access controls are only as strong as your authentication mechanism. In other words, if your password is "12345" or your dog's name, or if you keep your password in a drawer next to your computer, your files may be accessible to anyone who has access to your computer and has a couple minutes to guess some passwords or look through your desk. Follow the next section's advice to generate and manage strong passwords effectively.
Choose your sysadmin wisely. In mainstream operating systems, the systems administrator must be "trusted" – that is, he or she is always able to circumvent access controls. Therefore, your organization's management must take care when selecting and training systems administrators, to ensure that he or she is worthy of trust. Trustworthy administrators will adhere to a code of professional ethics such as that published by the Systems Administrators Guild.
Guest accounts. To provide availability for unauthorized users, if that is desired, create a guest account for general use, and make sure that it cannot modify the operating system or cause other damage to the system. Ensure that the guest account does not have the privilege to read or modify sensitive files.
