Security

Roseann R. Krane (rkrane@monte.mvhs.srvusd.k12.ca.us)
Tue, 1 Apr 1997 09:29:45 -0800 (PST)


Several people have written me individually asking questions on
security and our new lab and what I chose to purchase.

On security, it ranges depending on what kind of systems you have. I've
done some searching and I've written up this info with some of my
experiences. My biggest problem is with physical security!

I use Enable on our Macs. It does ok unless you have someone who knows how
to get around it and I've only had two of them! We use SAM for virus
checking.

On the PC side, I am using Windows NT which is absolute security. We are
looking at buying a District license from Mcafee for virus and IP
protection.

I've used Norton Disklock (old version, which was fine for one user. Then
when seven users needed to know the password, it lost it's effectiveness.)
But now they have a better version and I have the details below for you.
This provides workstation security from unauthorized users.

of you need as you aren't using Windows NT. But if you can, I believe it
would be to your benefit to purchase Windows NT. It may look pricy on the
street, but the California state buy program with Valcom is so
inexpensive, it is incredible. If you aren't part of California, you can
buy from it too.

Here is the info on the two pieces of software and I shall send the info
on the new lab and software prices on our new lab.

Both Mcafee and Norton have a suite you can get which will protect
everything from desktop logins, files, virus protection, IP address
security, and networks. You'll need to check out the details, as I am
currently not using either. They both have academic pricing that is
excellent. Here are some details:

++++++
REMEMBER I PICKED UP THIS INFO FROM THEIR SALES PEOPLE!!!

========
Norton For Your Eyes Only for Win95 and ??

Transparently decrypts files for authorized users.
- Encrypt one or more files or directories.
- Supports RSA encryption standards.
- Prevents unauthorized access to entire system by prompting for a
password.
- Configurable automatic timeout blanking of screen if system is idle for
a specified period of time.

====
Macfee Desktop Security

MCAFEE SECURE DESKTOP V1.0 SINGLE 1-DOC WIN3.1/WIN95/NT
Bundle Includes:
McAfee VirusScan Award-winning Virus Detection
McAfee PCCrypto Secure File Encryption Utility
McAfee NetCrypto Innovative Network Encryption System

Key Buying Points--- VirusScan is the world's most trusted name in virus
protection. --- Consistently detects over 90% of over 8,500 known viruses
maintained by independent labs National Computer Security Association
(NCSA) Certified: captures 100% of viruses found in the wild (see
www.ncsa.com)

Constant, unobtrusive virus protection from the Internet, online services,
macros, e-mail, floppy disks, shared files, and memory

--- PCCrypto is a powerful solution that allows you to easily protect
spreadsheets, graphics, e-mail, letters, and other sensitive documents
from prying eyes. Without the correct password, anyone trying to view your
protected data sees only scrambled "garbage". ---

Easy-to-use Windows interface makes file encryption a snap for anyone
Choose from incredibly powerful 160-bit* or 40-bit encryption algorithms
(*US and Canada only) Password-protected logfile keeps a detailed record
of all encrypted files with their passwords
Securely shred or "wipe" deleted files and slack space from your hard
drive so that they cannot be retrieved by popular unerase utilities

--- NetCrypto eliminates the growing threat of "snooping" by automatically
encrypting all TCP/IP traffic between protected computers. This
award-winning product works transparently in the background and is
exceptionally easy to install and configure.
Automatically and transparently encrypts all TCP/ IP data between
protected machines.

Includes several built-in military grade encryption algorithms.
Diffie-Hellman technology uses a dynamic single session key exchange,
eliminating the need for key management of any kind.
Open architecture allows you to easily plug in additional encryption
algorithms and security technologies as they become available.

SecureDesktop protects your PCs from data theft, network sniffing, and
virus attack with a McAfee security suite including VirusScan, PCCrypto,
and NetCrypto.

------------------------------------------------------------------------

SYMANTEC
NORTON DISKLOCK V3.5 DOS/WIN SINGLE 1-DOC

Features
- COMPLETE SECURITY
DISKLOCK LOADS BEFORE THE SYSTEM SOFTWARE
ASSIGNED PASSWORDS DETERMINE WHO IS PERMITTED TO ACCESS THE
PC, HARD DISK, AND ANY HARD DISK PARTITIONS AND FILES
- FILE PROTECTION FEATURE PREVENTS ANYONE FROM THROWING AWAY
OR DELETING A LOCKED FILE
- ONE-CLICK LOCKING OR ENCRYPTION LETS YOU SPECIFY ENTIRE
DIRECTORIES OR INDIVIDUAL FILES
- LOCK NOW FEATURE INSTANTLY BLANKS THE SCREEN AND LOCKS YOUR
COMPUTER FROM WITHIN ANY APPLICATION
- 3 FILE PROTECTION OPTIONS
- FILE LOCKING
- DES - THE US GOVERNMENT ENCRYPTION STANDARD
- NORTON DISKLOCK FOR STANDARD SECURITY (FAST)
- MULTIPLE-PASSWORD SUPPORT
- SUPPORTS A SUPER-USER PASSWORD AND UP TO FIVE DIFFERENT
- SECONDARY USER PASSWORDS
- AUDIT MANAGEMENT - LOGS IMPORTANT EVENTS THAT OCCUR ON THE
WORKSTATION SUCH AS: PROGRAM EXECUTION, LOG ONS, LOG OFF,
INVALID ACCESS ATTEMPTS, PASSWORD CHANGES
CREATES AND DISPLAYS A VARIETY OF REPORTS ON COLLECTED INFO
- IDLE TIME SCREEN BLANKER - BLANKS SCREEN AND LOCKS SYSTEM
WHILE PRINTING OR FAXING STILL RUNS IN THE BACKGROUND
- BOOT PROTECTION - PREVENTS FLOPPY DISK BOOT
- GUEST ACCESS, KEYBOARD LOCK, PASSWORD MANAGEMENT

- IBM AT, PS/2 OR 100% COMPATIBLE
- MSDOS 3.3/PCDOS 3.3 OR LATER
- SUPPORTS MS-WINDOWS 3.1
- 2.5 MB FREE HARD DRIVE SPACE
- 640K CONVENTIONAL MEMORY
- MS-MOUSE RECOMMENDED

------------------------------------------------------------------------
Winshield for Windows 3.1 (no first hand experience)

Control & Protect Your Windows 3.1 Desktop
* Prevent access to DOS and exit from Windows
* Preserve settings in config.sys, autoexec.bat and initialization files
* Simply and quickly toggle between alternative setup environments which
transparently restrict user privileges and protect system configurations
* Prevent boot interrupts and control-breaks

PRESERVE ICON & WINDOWS POSITIONS
FILE MENU
* Remove the File menu from Windows Program Manager and make all File menu
commands inaccessible
* Selectively disable the Properties command in the File Menu and disable
the Alt+Enter key equivalent. Prevent users from changing Program
Manager Properties
* Selectively remove the Run command from the File menu and force users to
run applications from preselected Program Manager or File Manager icons
* Selectively remove the Exit Windows command from the File Menu

SAFELY AND EASILY PREVENT ACCESS TO INDIVIDUAL PROGRAM GROUPS BY
SHIELDING THEIR APPEARANCE FROM SELECTED USERS DISKETTES
* Prevent the diskette drive from recognizing any disk
* Force all file saving to diskettes only

CD-ROMs
* Prevent use of CD-ROMs entirely
* Only allow access to selected CDs

COMPLETETLY RESTRICT (SHIELD) ACCESS TO SELECTED SOFTWARE APPLICATIONS OR
CONTROL APPLICATION USE WITH EASILY APPLIED PASSWORD PROTECTION GENERAL

Choose from a hierarchy of successively more restrictive desktop options
including:
* Prevent Program Group creation, deletion and name changes
* Prevent the creation or deletion of specific icons in Program Groups
* Prevent changes to command lines related to icons included in Programs
Groups
* Prevent Property changes related to program or group icons
------------------------------------------------------------------------

Know little on this one: EXPERT SOFTWARE
TAMPER-PROOF PC WIN95/3.1 JEWEL CASE
------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ Roseann Rayes Krane, http://www.mvhs.srvusd.k12.ca.us/~rkrane ~
~ Monte Vista High School, System Administrator, Webmaster ~
~ 3131 Stone Valley Road, Danville, CA 94526 ~
~ Computer Science Department, 510-837-7507, voicemail 510-552-2859 ~
~ ~
~ "All students are different, schools should make them more so!" ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~