Information Security Best Practices: 205 Basic Rules

Section 10: PC Operating System Security Rules

Workstation and PC operating systems have a fraction of the features of server operating systems. PCs typically are used by a single person and are shut off at the end of the day. These systems, however, often have a network connection, internet access, email, and can hold personal and corporate data.

This section offers a few best-practice guidelines for use with networks containing PCs and workstations.

INFOSEC Best Practice #114

For operating systems with no logon authentication, limit access to the PC by using the "power-on" password option at boot-up.

If using an operating system with few security features (e.g., Microsoft Windows 95), then use a power-on password. The hardware configured password option will require the user to enter a password before the system continues to boot the operating system. Most new PCs have this option. It should be used in locations that are considered not secure. Laptops must have this option enabled. Users must turn their PCs off in order for this option to be used; therefore, it should be integrated as part of your site's security policy. Workstations running UNIX, NT, and OS2 have logon authentication via username and passwords and will not require this option to be turned on.

INFOSEC Best Practice #115

Authenticate users by a username and password for access to a computer network.

In PC-based operating systems such as Windows 95 and 98, a username and password is used to log the user into a server domain or network. Use a legitimate password even...