Password-Protecting the Screensaver

This is a basic security step that is often circumvented or unused by many users. Make sure all of your machines have this feature enabled to prevent an unauthorized user from taking advantage of an unlocked console. Figure 10.16 shows the password feature of the screensaver. To activate the screensaver, right-click the Desktop background, select Properties, and then select the Screen Saver tab. An idle (inactive) time of 15 minutes or so is a good configuration setting for this security feature. By merely performing this step, many simple “hacks” of unattended workstations can be prevented. The intruder would see the locked screen and simply move on the next machine.

Always use a password-protected workstation or lock your keyboard when you leave the machine's console. It's easy for someone to walk by your computer and access you data if the screen is not locked, especially in a work environment. (At home, you might trust your kids, although they could inadvertently delete information if they had access to the data.)

Windows NT Professional and Windows NT Server are much more robust in terms of security features and capabilities. Although these features are available, the default installation of Windows NT can be considered insecure. It is left to you, the user, to enable and configure many of the security options.

Security principles such as locking unattended workstations and safeguarding backup media can be applied to any operating system. Screensaver passwords and backups to the system apply to just about all operating systems.