3 common home PC security flaws
3 common home PC security flaws
There are a great many ways to secure your personal PC. The most obvious include firewalls and anti virus, but there are three security flaws that are often left open to malicious intent.
This hub will investigate 3 ways in which your home computer might well be insecure. The hub is aimed for non computer professionals, that purchased their computer with the OS already installed.
Reset password with Computer Manager
- Open Computer Manager
- Navigate to the Local Users and Groups node, and select 'Users'.
- You should see a list of all of the user accounts on your computer.
- Right-click on the account called 'Administrator'
- Select 'Set Password...'
- Enter a password for the account
The Administrator Password
When you install Windows, an Account is created called 'Administrator'. This account is not available to you via the normal user selection screen, so you may not know that it exists. This account has complete admin control over your PC, all of your programs, and all of your files. Should a child, guest or hacker take control of this account, your computer could be in trouble.
Setting an Administrator password is very simple, and can be done from your normal user account assuming it has admin rights. I would personally recommend that you should make your normal account, a user rather than an administrator. But this can be annoying when you want to install programs etc.
When logged into an account with administrator permissions you can reset the password for the Administrator account easily. On your desktop (or in your Start menu) you should have an icon for 'My Computer'. Right click on this shortcut, and select 'manage' from the menu. This will open the Computer Manager tool.
The BIOS Password
When you turn on your computer, before windows starts loading, your computer is being controlled by the Basic Input Output System (BIOS). The BIOS is actually a chip, on the motherboard in your computer.
Different manafacturers of motherboards, use different BIOS's so it is impossible to write a guide that will deal with all of them. However, every BIOS has the same basic set of functions and comes, by default, without a password set.
A remote hacker is highly unlikely to find a way to access your BIOS. But your children could quite easily access the tool and change something. If the wrong thing is changed, and you have no idea what it was, then you may well need to call out an expensive computer repair man.
When you first turn on your computer, it goes through a selection of checks. You may see a black screen with lots of changing text, or you may wait at a splash screen for a while, while the checks occur in the background.
At some point, a message along the lines of "Press F12 to enter Setup" will appear. Different BIOS's use different keys to access them. F12 seems to be one of the most common, I have also had a few PCs that asked you to press 'delete'. What ever your access key is, pressing it at the right time will load the BIOS setup utility.
In order to secure your BIOS, restart your PC, and press the appropriate access key. Use the mouse to navigate through the various pages, until you find the setting controlling the admin password. Change the password, navigate through the pages until you find the save option, and then save the new setting.
You can also set a boot or user password in the same place. Unless you have reason to do this, I would not set this password. If you do so, you will have to enter a password every time you turn on your computer. The BIOS password is only needed, when loading the BIOS setup utility.
Wireless Access Points
Wireless home networks are starting to become the norm. By default most wireless routers and access points will not be encrypted. This is often even the case with wireless routers provided by your ISP, although that does seem to be getting better (at least here in the UK).
When you use your wireless network, information is sent through the air, a neighbour or just a random person parked outside your house with a laptop, will be able to use software that captures the information your wireless network is sending. This same person could also connect freely to your unsecured wireless network, and use your Internet connection, or even hack your computer.
Unfortunately, the various editions of windows, and the various makes of routers and access points, all have different ways of configuring a wireless network. This article cannot cover the full spectrum, so will try to underline the core fundamentals.
Your wireless router has a web server on it. If you go to that web server using your browser, you can manage the hardware. To do this, you will first need to establish the IP address for the wireless device. Assuming your wireless device is also your modem, finding the IP address should be very simple.
Click the Start button and select the 'Run...' option. Type the command cmd and press enter, this will open a black Command Prompt. In the command prompt type the following, and then press enter.
This will bring up all kinds of information about your network devices. You are looking for the IP address listed as 'Default Gateway'. Type this IP address into your browser, and you will load the admin web page for your wireless router.
You will need to know the default username and password for the wireless device. These tend to be common for different manufacturers, so if you cannot find your manual, the username and password for default admin account for the hardware, should be reasonably easily to find using google. Once you have logged into the router you should change the password for the admin account.
Hunting through the options, you should find settings that relate to Wireless Security. There are several versions of encryption available, the most common being WEP, WPA and WPA2.
Wired Equivalent Privacy (WEP) - WEP is the first major protocol implemented for encryption. It is the least secure, and can be cracked by various bits of malicious software, but it is much better than no encryption at all.
Wi-Fi Protected Access (WPA) - WPA is a more secure encryption than WEP, and should be selected if you have the option.
Wi-Fi Protected Access 2 (WPA2) - WPA2 is currently the most secure method of wireless encryption. Your router may have two modes; WPA with Radius Server and WPA with Pre Shared Key (PSK). As you are unlikely to have a Radius server, you will want to select the other option.
All of these encryption options will generate a key that will be required to connect to your wireless network, or to read the contents of the data sent over the network.
When you save the new security settings you will lose access to the router and your wireless network. If you have managed to do this without making a note of your key, then connect your PC to the router via an ethernet cable, and load the web page as before.
Assuming you have not done it wrong, view the list of available wireless network. Yours should be listed as a secured network, but your previous connection will not work. You will need to delete the original saved connection, and then try to connect again. Enter the wireless key when requested, and your network will now be secure.