Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Security on Windows Machines?

Posted by Cliff on from the keeping-prying-eyes-(and-fingers)-at-bay dept.

mcskoufis asks: "I am running my own company from home, offering various Internet related services to customers. I have rented a server which runs Linux and there are no current security or performance problems. However, because I cannot afford to have a business site with several geeks investigating into network security, I have some sensitive data on my Windows box at home which need to be safe from malicious marketers/kiddies having fun/etc. More and more marketing companies are working on very dirty tricks to gather email addresses and also turn windows (mainly) machines into mass mailing servers without the owners knowledge. With the latest worm attacks and also the sophistication of them, I feel even more and more vulnerable each day. Bearing in mind the fact that it is impossible to switch to Linux at home for a number of reasons and also that because of the business I need to be online 24/7/365 what the Slashdot community suggest as the best way to have a secure environment for my data while using Windows? Anti-virus software has proven to be not enough and firewalls create problems while performing daily business tasks on the server from home."

3 of 118 comments (clear)

  1. Pull the cord. by molo · · Score: 4, Insightful

    If you really want it to be secure, de-network it. No ethernet, no modem, no wifi. Use another machine for network connectivity and put the data you want to take over (that is known to be clean) on a floppy or cd-r.

    Then get some good locks and a security system. Nothing trumps physical security.

    -molo

    --
    Using your sig line to advertise for friends is lame.
  2. Physical Security! by Goyuix · · Score: 3, Insightful

    I worked for a graphics design lab (they thought they were a "branding" firm) for some time, and try as I might, they could not be convinced to purchase a firewall - as it was stuck in limbo as part of buying a new system/moving locations....

    What I ended up doing was simply keeping the sensitive documents etc. on a zip disk that I kept ejected except when I was modifying a list or looking up something. The rest of the time it was ejected. Granted, you would probably want some encryption on it as well, to further protect yourself but really physically separating your data from your computer should be paramount.

    I would like to echo getting decent anti-virus, running windows update, using some sort of firewall, run with less priviledged accounts, etc.... all good practices as well.

  3. Poor man's firewall. by Asprin · · Score: 3, Insightful


    My first advice is to sacrifice an old PC to a real standalone OpenBSD or Linux firewall.

    If that's not possible, go to CompUSA and plunk down $50 for an internet connection-sharing NAT box. (LinkSys, NetGear, etc. usually call them modem-sharing/gateway/routers [*SHUDDER*]) If you aren't willing to invest in building and maintaining a real rule-based standalone firewall on a PC using Linux or OpenBSD, this is probably the next best thing and you can't beat the price. IT IS NOT TOTAL SECURITY - you still have to deal with internal threats (ActiveX, spyware, viruses, etc.) be aware thatthe models that are based on Linux kernels may actually be hackable to serve a terminal prompt (though I don't think it's been done) but the NAT/masquerading it provides will block incoming connections and hide your internals, and for most home/so users with Cable/DSL/Wireless connections, a NAT box plus Spybot S&D and Avast AntiVirus should be sufficient.

    If that's too risky, do what GNU does - keep the real (sensitive) data offline on an unnetworked box.

    --
    "Lawyers are for sucks."
    - Doug McKenzie