Enhance your desktop security

Protecting your desktop computers against unwanted access is a major chore. Windows 95 doesn't provide much protection against unwanted access, nor does it let you audit local workstation activity. Windows NT offers some auditing and access control, but room for improvement exists. You don't have to wait for Microsoft to make improvements, however. You can use AXENT Technologies' PCShield, a software add-on that enhances NT and Win95 desktop security. The software adds new features and control mechanisms to your OS's existing security setup. In addi-tion, PCShield scales well and fits into most networks.

Installation
To install PCShield, you must install the software's Security Manager component, build a security database by configuring security settings, and build an installation kit. After I built the security database, I used the installation kit to install PCShield on my client workstations.

To install the Security Manager, I defined an installation directory, and the setup wizard copied all the necessary files into this directory. Then I clicked Security Manager on the Start menu.

When I ran Security Manager for the first time, the software's Getting Started dialog box guided me through each step of creating the security database and installation kit. To create the database, I clicked File, New. Then I defined a password and passphrase for the database, to which only security administrators would have access. I defined a directory path to store the database on and I modified the security policies.

PCShield has eight built-in security policy templates for desktop, notebook computer, and Microsoft Office users. The software also includes a standard system security policy template, as Screen 1 shows. You can configure PCShield to accommodate a range of user needs. For example, to prevent users from placing malicious software on your company's systems, you can configure PCShield to let only programmers create files with extensions ending in .exe and .dll.

For my test, I modified an existing desktop template to provide security for my network. After I defined the policies, I added users who were authorized to access PCShield-enabled systems. I also defined groups and assigned these groups to workstations. PCShield's user-group architecture is similar to NT's architecture. However, the software's architecture doesn't integrate into NT's user database, so you might need a substantial amount of time to add more than a dozen users.

PCShield doesn't have an interface you can use to import user information from NT servers. You can use the software's import facility to import workstation and user information from text files, but you must create a comma-delimited text file before you can import the files. You can use a Microsoft Windows NT Server 4.0 Resource Kit tool to dump a list of users out to a file.

Using PCShield, I defined workstations and assigned users to those workstations. Under standard NT security, you define which workstations a user can log on to. PCShield takes this concept a step further: A user can log on locally only at workstations designated for that user. For example, I added my workstation to the PCShield workstation list and configured the software's properties so that users can log on to my Win95 system only through my account. Even if a user presses Escape at the logon prompt, that user won't gain access to the system because PCShield replaces the initial logon dialog with a dialog of its own. In addition, when you install PCShield, users can't use a 3.5" boot disk to access the hard disks on Win95 systems. NT systems don't provide this feature.

After I configured policies, user groups, and workstations, I created the installation kit and installed PCShield on my workstations. To create the installation kit, I selected the appropriate workstations from the list I created. PCShield then built an installation kit for the workstations I selected. (You can store the kit on 3.5" disks, a hard disk, or a network drive.) I then went to each computer and ran the setup program to install the software. PCShield includes an unattended installation option so you can install the software from a remote location.

After I installed the software on my workstations, I rebooted each system to activate PCShield. When you activate the software, PCShield presents the secured logon dialog prompt. I installed and configured PCShield on 10 workstations in less than 1 hour.

Features Abound
PCShield automatically encrypts file data using Data Encryption Standard (DES), Triple DES, or AXENT's proprietary encryption method. I wouldn't use DES to encrypt sensitive information, but Triple DES and AXENT encryption provide strong protection schemes.

A major concern for users when a new product rolls out is how that product will affect the Help desk load. PCShield minimizes the Help desk load by providing automated updates for client systems. Systems administrators can place enterprisewide updates on a designated server. When a computer that PCShield controls logs on to the network, the computer's security kernel checks to see whether any new updates are available. If a new update is available, the client system automatically copies the update from the designated server and installs the update on the computer.

One of my favorite PCShield features is the audit trail. Win95 systems don't provide audit trails, which can result in serious accountability problems if unusual events originate from Win95 workstations. For systems administrators, determining who a user is and what that user does on Win95 systems is almost impossible. NT, however, has a basic, built-in auditing capability. When you configure audit trails using PCShield, you can see what users are doing on their workstations, regardless of the platform they're running. You can also sort, filter, and customize the audit trails. If you want to use the audit trails in other software systems, you can print or export them to industry standard formats.

PCShield offers many important policy configuration settings. For example, Program access control lets you assign program-access rights for protected-file access, file access type, and encryption settings. Access rights lets you define which file types the software will automatically protect, which users can access those files, and what type of access those users have to the files. Password policies lets you define password length, character types, password life span, words users can't use as passwords, old passwords that users can't reuse, and combinations of characters. Auditing policies lets you define the events PCShield will audit and log. To simplify administrative review, you can configure the software to gather logs from multiple workstations and transfer those logs to network-based audit files at regular intervals.

I can configure PCShield's intruder alert program to capture specific events (e.g., failed events, system shutdowns, protected file access, password changes, and Registry updates). I can also specify where I want the software to store the alert information and the type of encryption to use to protect the event data.

PCShield protects the Registry, so users can't make unauthorized changes. The software also lets you control access to the Control Panel, DOS prompt, F8 key at the boot, Run command, drive displays, and screen-saver settings.

A Great Security Add-on
PCShield is a stellar add-on for NT and Win95 systems. I recommend PCShield, especially if you use Win95 systems. The software can easily increase your system's security.

PCShield
Contact:
AXENT Technologies * 800-298-2620
Web: http://www.axent.com
Price: $49 per workstation license
System Requirements:
Windows NT Server 4.0 with Service Pack 3, NT Workstation 4.0 with SP3, or Windows 95, 8MB of RAM