- What is TIP?
- Installing and Starting TIP
- Getting Acquainted with TIP
- Overview
of How to Work with TIP
- How to Make and Modify Job Descriptions
- How to Evaluate Employees
- How to Print from TIP
- How to Exchange Data with Other Software
- When Things Go
Wrong
- Networking
- Keeping your Data Safe and Secure
Why Security Matters
Important Precautions for Everybody
Controlling Access to TIP Files and Folders
How Does Windows Know Who is Who? - Appendix: System Administrator's Guide
Keeping your data safe and secure
Why Security Matters
The main security hazards that you face with TIP are:
- People may want to alter their own, or other people’s, employee evaluation.
- People may want to obtain private information about other employees.
- Competitors may want to obtain your organization’s job descriptions – which, although not highly secret, are probably not something you want to give away, because a lot of work went into preparing them.
TIP is probably not the only valuable thing you have on your computer. Accordingly, we didn’t build a new security system just for TIP. Instead, we built TIP so that you can use the security features of Windows. That’s what the rest of this chapter is about.
Important Precautions for Everybody
These are basics of computer security that everyone should know about.
(1) Do not log in as Owner or Administrator unless you are actually installing software or configuring the system. Make yourself an ordinary user account (in Control Panel, User Accounts) and use that.
(2) Keep your password safe.
(a) Choose a password that people can’t guess. Don’t use your child’s name, your birthday, your telephone number, or anything anyone could possibly recognize. Don’t use a word in any language. Your password should look like gibberish.
(b) Don’t give your password away. Don’t write it on a Post-It note on your desk. Don’t give it to anyone, no matter how much you trust them. And above all, if someone asks you for it, don’t give it to them, regardless of the reason. (System administrators will never need it.) A remarkable number of people will give their password, over the phone, to a total stranger who claims to be a system administrator.
(c) Change your password every 3 months and whenever there is any threat to security (such as a computer virus infection, or an incident where an employee who used to use the network has been fired).
(3) Control who can get to your computer.
(a) When you get up from your desk, either log off or hit Ctrl-Alt-Del and choose “Lock Computer.” That way, tamperers will not be able to use your computer in your absence.
(b) Don’t let your computer get stolen! An increasing number of thieves are after your data, not the machine itself. When you travel with a laptop, do not carry confidential data unnecessarily.
(4) Keep Windows updated. If possible, run automatic updates.
(5) Use antivirus software and keep it updated.
(6) Make backups! Your hard disk will one day fail. It’s up to you (or your organization) to make backup copies of important data regularly.
(7) Put a firewall between yourself and the Internet. If your corporate network is connected to the Internet, it must have a firewall (which is a small machine that blocks certain kinds of communication). Otherwise you may be sharing your files with the entire world!
Note that a firewall does not block viruses. You still need Windows updates and antivirus software.
Controlling Access to TIP Files and Folders
It’s a good idea to protect the folder in which TIP files are stored, so that unauthorized people cannot use it. While you can protect each file individually, it is generally easier to apply the protection to a whole folder, along with everything in it.
(1) Use NTFS for security. Go to My Computer and make sure your disk drives use the NTFS file system, not FAT32. The FAT32 system, which dates from Windows 95, has no security. Your system administrator can convert your disk to NTFS using a command such as:
convert c: /fs:ntfs
(There is an even more secure file system, EFS, which your organization may have chosen to use. That’s perfectly OK.)
(2) Set security options on the folder you want to protect. Right-click on the folder and choose Properties, then Security. You’ll probably see
something like this:
At this step you should:
n Uncheck “Allow inheritable permissions...” at the bottom.
When asked what to do with the inherited permissions, choose “Copy.”
n Remove “Everyone” from the list of users at the top.
n Add just the users who should actually have permission. Give them “Full Control” if they need to edit the files, “Read” and “List Folder Contents” if they only need to read them.
(3) If the folder is a shared folder, right-click on it again and choose Properties, Sharing, Permissions:
(4) Set appropriate permissions for people who access it as a shared folder. Again, remove “Everyone” and add just the users who need access.
How Does Windows Know Who is Who?
In a network environment, an obvious question is how Windows will recognize users on computers other than your own. There are two answers.
If you are using a Windows domain (strongly recommended in corporate networks), the accounts are defined in the domain (i.e., are defined on the whole network) and are recognized on all the computers.
If you are not using a domain, then each user must have an account, with the same user name and password, on every machine that they access.