[COMMENT: A church in Connecticut was invaded by its
bishop, who wanted to take over, hacked his way into their computer, and stole
its contents. You can protect yourself with the following (not
completely infallible, but generally adequate) procedures -- at least probably
against your local bishop, most of whom do not betray large amounts of
intelligence today. E. Fox]
Circulated but not written by David W. Virtue
Here are a few tips that any parish can implement to
secure their IT
systems from physical attack:
1. Upgrade from Windows 95/98/ME to Windows 2000 or Windows XP
immediately. Do not wait. There is no way to secure the earlier
Windows environment. None.
2. Immediately convert to the NT File System (NTFS). Earlier
versions of Windows used DOS's FAT system which is easily
breached. NTFS cannot be highjacked because of its inherent
3. Deploy the full range of passwords on your systems: POWER-ON and
HARD DISK passwords at the CMOS level; LOG-ON, SCREENSAVER and
NETWORK passwords at the operating system level. The former will
render the computer inaccessible and effectively dead-on-arrival
to any thief. The later will guard against intrusion for systems
that are attacked during the business day. CMOS are so effective
that replacement the motherboard and hard drive is necessary if
the passwords are lost. [Actually that last sentence is not true, but don't tell
your bishop. E. Fox]
4. Enforce a strict password policy and accept no violations. The
consensus today is that an 8-character password using letters,
numbers and perhaps punctuation will thwart even determined
attacks. Change passwords frequently, once-per-quarter, as a
defense against spying. Under no means allow users to post their
passwords on 3M post-it notes!
5. Encrypt sensitive files using NTFS. This will ensure only the
authorized user of that particular machine can view the file. If
the hard drive is stolen and its power-on password is cracked, the
file will still be unreadable even by data recovery specialists.
6. Log-off all workstations each night and consider turning them off
completely to prevent unauthorized access.
7. Do not use wireless "Wi-Fi" access technology. If you already
employ Wi-Fi, then learn how to configure its security features
and restrict access to the specific IP addresses of authorized
users. Out of the box, few 802.11 systems use strong security and
they are easily leveraged by hackers. Don't be one of their victims.
8. Make secure, off-site backups of your most valuable data. DVDs
are an inexpensive means, while numerous firms offer secure
network-based backup and retention services available for a fee.
All physical security measures discussed above apply to your
backup data, too.
These eight steps will prevent even determined professionals from
accessing or stealing your data. Remember: the true value of your
investment in IT is not the hardware, it is the information stored in it.
* * * * * * * * * * * * * * * *
Go to: => TOP Page; => Episcopal Library; => ROAD MAP