Security is a big subject, best simplified by considering two common scenarios:
the corporate environment: many users logging into a large computer network and possibly different users logging into the same individual PC. Internet access via a single Proxy Server computer.
the home user environment: probably a single PC with an direct Internet connection, maybe a single user. If more than one user, probably not the same concern with keeping each user's files secure from one another as there would be in a corporate environment.
Corporate environment: Security concerns here are two fold: Firstly, allowing valid network users access to the files and other network resources for which they have authorization and preventing access to resources for which they do not have authorization. Secondly, securing the corporate network's resources from outside access, e.g. from the Internet. The corporate network administrator meets the first of these concerns by managing the user accounts and the access permissions of the network resources
There are two quite different ways of accessing files stored on a computer's hard disk:
Local access (ie the user is seated at the computer where the files are stored and logs on to that computer directly in order to access the files)
Remote access (ie the user is seated at another computer and connects to the computer holding the files over some type of network connection, in other words, remotely). In some networking contexts, the term remote access is used in a slightly different way and refers to access over a wide-area network connection as distinct from access over a local-area network (LAN) connection.
The access that users can have to particular files can be controlled by access permissions. In the Windows 2000 world these permissions can be of two types: Share permissions and NTFS permissions. The main difference between these two types of permissions is that Share permissions only apply to remote access and have no effect on restricting access if the user has local access to the computer holding the files. In contrast, NTFS permissions apply to both local and remote access.
For files to be available to be accessed by remote users they must be in a folder or directory that has been shared. To share a folder means "to make available for remote access, ie access over a network connection".
Home user environment: Here the security concern is generally to protect the home PC from unwanted access from the Internet, ie to protect against computer viruses, trojans, phishing scams and other malware. This can be especially important if the home PC is used for credit card transactions, online banking and the like. The following steps are necessary to protect your home computer against Interent threats:
delete emails from senders you don't recognize WITHOUT opening any attachments or clicking on any links in the email. Remember your bank will NOT send out emails asking you to confirm your account details. Never go to your bank's web site by clicking on a link in an email purporting to be from your bank. It is VERY unlikely that an email from a sender you do not recognize will be of any interest to you
for Windows users, make sure you use Windows Update (Internet Explorer-Tools-Windows Update) to keep your operating system patched with the latest security updates (CRITICAL updates)
you need to be using Internet Explorer(IE) to use Windows Update, but wherever possible you should use a web browser other than IE, e.g. Opera or Firefox
run one (and only one) antivirus program and make sure the virus definitions are updated at least once a week
run one (and only one) firewall program (Windows XP's built in firewall blocks incoming traffic ONLY. If you use Windows XP's firewall, it is a good idea to also run a program such as ProcessGuard to block unauthorized programs from executing on your PC)
If you have only one PC running Windows XP and you enable the XP firewall with the "Don't allow exceptions" option selected then you should achieve a perfect "TruStealth" rating on the ShieldsUp test offered by Gibson Research. Gibson Research explains the significance of this as follows: "Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet"
avoid dubious Internet web sites as these are more likely to result in your PC becoming infected with viruses and trojans (ie avoid peer-to-peer file sharing networks, porn sites, sites offering illegal software or cracks and serial numbers for software programs)
in addition to antivirus software it is also a good idea to run a program to specifically scan for trojans and a program to specifically guard against execution of unauthorized programs on your PC, eg TDS and ProcessGuard
Note: As of August 2005 TDS has unfortunately been discontinued. The company responsible for TDS now suggest EWIDO as a possible replacement
