Setting Parental Control in Windows

Depositphotos_11274302_s-2015Parental control is a great feature to manage how your children use the computer. We can set limits on the hours they work on their computer, the type of games they play and the programs they can run. When a program is blocked by parental control, a notification is displayed informing the same. The child can click the link in the notification to request permission for access to that program. We can allow access by entering our credentials.

Pre-requisite for parental control:

  • In order to configure parental control we should have access to administrator account.
  • Each child that you want to set up Parental controls for should have a standard account.
  • Parental control can only be applied to standard users.

Steps to configure parental account for a Standard user:

  1. Click on ‘Start’ menu and select ‘Control panel’.
  2. Click the ‘Parental control’ link.
  3. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Click the standard user account that you want to set Parental controls for. If the standard user account isn’t set up yet, click ‘Create a new user account’ to set up a new account.
  5. Under ‘Parental controls’, Click ‘On, enforce current settings’.

Once you have turned ON parental controls for your child’s standard user account, you can adjust the following individual settings that you want to control:

  • Time limits: You can set time limits to control when children are allowed to log on to the computer. Time limits prevent children from logging on during the specified hours. You can set different log on hours for every day of the week. They will be automatically logged off when their allotted time ends.
  • Games: You can control access to games, choose an age rating level, choose the type of content you want to block, and decide if you want to allow or block unrated or specific games.
  • Allow or block specific programs: You can prevent children from running programs that you don’t want them to run.

Steps to change the ratings used by the system to control games:

  1. Click on ‘Start’ menu and select ‘Control panel’.
  2. Click the ‘Parental control’ link.
  3. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Click ‘Game Rating Systems’ in the left pane.
  5. In the list of rating systems, click the ratings system you want to use, and then click Ok.

Preventing Children from using specific programs

You can use parental control to determine which specific programs your child can use. If you use a program to keep track of your finances, you can prevent your child from opening it and viewing your financial information.

  1. Click on ‘Start’ menu and select ‘Control panel’.
  2. Click the ‘Parental control’ link.
  3. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Click the name of the person you want to prevent from using specific programs.
  5. Under parental controls, click ‘On, enforce current settings’.
  6. Click ‘Allow and block specific programs’.
  7. Click person’s name ‘Can only use the programs I allow’.
  8. Select the programs that you want to allow. If the program you want does not appear in the list, click ‘browse’ to locate the program.

Conclusion

Parental control is an important feature in Windows operating system that helps parents to control access level provided to students. It also helps the parents to monitor the computer activities of their children. Parental control can be great tool in understanding a student’s behavior, if properly configured.

User Account Control

User Account Control (UAC) allows you to control your computer by prompting you when a program tries to make a change that requires administrative permissions. We can adjust the permission level of the user account. A standard user can only do the tasks that are allowed for him. For e.g. Reading emails, listening to music or creating documents. If he tries to uninstall a program than an UAC prompt will be displayed asking for administrative credentials. The UAC feature was introduced into Windows operating system to prevent any malicious software to get installed on your computer without your knowledge. There are four types of dialog boxes that appear:

1. A setting or feature that is part of Windows needs your permission to start:
This dialog appears with a multicolored protective shield with a valid digital signature which ensures that Microsoft is the publisher of this item. Generally, it is safe to run an application which displays the above message.
2. A program that is not part of windows needs your permission to start:
This dialog appears with a ‘Question Mark’ icon when a program has a valid digital signature and is the same program that it claims to appear. In this case you have to ensure if the publisher of the program is a trusted publisher.
3. A program with an unknown publisher needs your permission to start:
This dialog appears with an ‘Exclamation icon’ if a program does not have a valid digital signature. Such type of programs can cause potential threat to the computer. We need to double check such programs as there might be a spyware or malware attached to it.
4. You have been blocked by your system administrator from running this program:
This dialog appears with a ‘Red cross’ icon when an untrusted program tries to install itself on your computer. Windows has detected several untrusted programs that can cause potential threat to your computer. Hence, you are blocked from running this program.

UAC settings

1. Always notify:
If you keep this setting you will be notified before programs make changes to your computer or to windows settings that require the permissions of an administrator. You must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. This type of UAC settings is the most secured setting. It is important to read the dialogs that appear before making any changes to the computer.
2. Notify me only when programs try to make changes to my computer:
Whenever a program tries to make changes to your computer that requires the permission of an administrator you will be notified. Also, if you try to make changes in the windows a setting that requires the permission of an administrator you will be notified. You will also be notified if a third party program tries to make changes in the windows setting.
3. Notify me only when programs try to make changes to my computer:
Whenever a program tries to make any changes to your computer that requires administrative permissions this dialog will be displayed. Also, if you try to make any changes to windows settings that requires the permission of an administrator. You will also be notified if a third party program tries to make changes in the windows settings.
4. Never Notify:
You will never be notified while making any changes to the computer. Even if you are logged in as an administrator, programs can make changes to your computer without your knowledge. If you are logged on as a standard user, any changes that require the permissions of an administrator will automatically be denied.

Understanding Cryptography

Cryptography is a science that deals with securing information. It mainly deals with securing information that is stored in the system or transferring data over a particular medium. In cryptography, a plain text is converted into cipher text. Cryptography involves securing of messages, authentication and digital signatures. It also includes encryption and decryption. When the message is transmitted over a network, the message is encrypted so that no other person can read it. At the receiving end, the user may require special software to decrypt the message.

Objective of Cryptography

The main of cryptography is to ensure that information is delivered only to its intended recipient. Most of the algorithms can break encrypted code messages. So cryptography ensures that the code breaker is not able to break the information easily. The objectives of cryptography are:

  • Message confidentiality: Ensures that the information is secure and confidential. This implies that the only authorized persons are able to view the information. Confidentiality can be enforced using the password authentication. The receiver of the information may require the correct password to access the information that is sent to him.
  • Message integrity: Ensures that the data is securely transmitted without any alteration. This also ensures that the receiver will be able to know if the information was altered while in transit.
  • Message authentication: Defines a method in which both sender and the receiver of data can confirm their identity. They can also confirm the origin and destination of the message. This process is totally based on identification of sender and receiver of the information.
  • Message Non-repudiation: Defines a system in which the sender or receiver of information cannot deny the actions they had performed. It solves the issues related to disputes between the sender and the receiver at a later stage. Information that is send or altered or deleted by the sender or receiver is monitored. A trusted third party is needed to monitor and solve this dispute.
  • Entity Authentication: The user is verified prior to providing access to the resources of the system.

Cryptographic Systems

Cryptographic systems involve the coding and decoding of messages in order to protect their contents. Cryptographic systems use special keys such as public and private keys to encrypt and decrypt the messages. There are mainly two types of cryptographic systems namely symmetric and Asymmetric.

Symmetric Cryptographic Systems

This system uses the same keys to encrypt and decrypt the message. The advantage of this system is that only users with the knowledge of the keys can be able to access the information. This system is less secure as the key needed to access the information also needs to be sent through the network to the other end which is risky as the hacker may intercept it. The decryption software at the other end uses this key to decrypt the message. Thus, the same key is used for both encryption and decryption.

Asymmetric Cryptographic Systems

To overcome the problems related to the symmetric cryptographic systems, most strong encryption use Asymmetric key methodology. This system uses two keys for securely transmitting the data. It uses two keys one for encryption and other for decryption. One of the key is a public key and the other is a private key. The private key is known only to the receiver of the information. The public key is given to anyone. When a person wants to send any information he sends a text and uses a public key accordingly. The recipient of the information decrypts the message using the private key. This type of transmission is more secure as compared to symmetric cryptography as the private key need not be transmitted over the network.

Further Resources

If you are an organisation looking to secure your data, there are a number of training providers who run courses on cryptography. Paul Brown Training Ltd and QA are both based in London but will deliver onsite training at your own offices anywhere in the UK.

Understanding Network Protocols

Different types of protocols are used at different layers of OSI model for providing security to the users. The users need to know if the transactions they perform on the internet are secure or not. The different types of protocols are SLIP (Serial Line Interface Protocol), PPP (Point To Point) protocol, PPTP (Point to Point Tunneling Protocol) and IPSEC (Internet Protocol Security).

SLIP (Serial Line Interface Protocol)

SLIP was designed for Data link protocol used in telephony. It only supported TCP/IP, NetBEUI or IPX network. Any network that uses SLIP required a static IP address as SLIP did not support DHCP. To check for errors SLIP relied on hardware that was used for connection. Another limitation of SLIP was that, all authentication passwords were transmitted as clear text. Even if SLIP had a number of limitations, still it is supported by Remote Access Programs.

PPP (Point to Point Protocol)

PPP addresses all the shortcomings of SLIP. PPP supports IPX and NETBEUI as well as IP. The different services provided by PPP are as follows:
1. Defines the format of frames to be exchanged between devices.
2. Defines how the devices can negotiate for establishment of link and exchange of data.
3. Defines how network layer data is encapsulated in the data link frame.
4. Defines how the devices can authenticate each other.
5. Provides multiple layer services that support different network layer protocols.
6. Provides connection over multiple links.
7. Provides network address configuration which is useful in case a user needs a temporary network address to connect to the internet.

PPTP (Point To Point Tunneling Protocol)

PPTP allows secure transfer of data from a remote client to a server. It creates a Virtual Private Network (VPN) around the TCP/IP network. PPTP provides support for an on-demand multi protocol, virtual private networking over public networks such as internet. The important feature of PPTP is that it provides VPN through the PSTN (Public Switched Telephone Network). PPTP provides secure and encrypted communications over the public telephone lines and the internet reducing the cost. It also provides an easy method of setting up a remote access solution for remote and mobile users. PPTP protocol involves three process: PPP connection and communication, PPTP control connection and PPTP data tunneling.

IP Security (IPSec)

IPSec is a protocol that was developed by IETF (Internet Engineering Task Force) for providing security to a packet at the network level. IPSec helps to create authenticated and confidential packets for the IP layer. The two modes in which IPSec operates are:
Transport Mode: In this mode, IPSec protects packets that are delivered from transport layer to the network layer. It protects the network layer payload that is to be encapsulated in the network layer. Transport mode does not protect the IP header that is it does not protect the whole IP packet. It protects the packet from the transport layer. Transport mode is normally used when the user requires a host to host protection of data. The sending host uses IPSec to authenticate and encrypt the payload delivered from the transport layer. The receiving host uses the IPSec to check the authentication and decryption of IP packet and sends it to the transport layer.

Tunnel Mode

In this mode, IPSec protects the entire packet. It takes an IP packet including the header, applies the IPSec security methods to the entire packet and then adds a new IP header. The new IP header has different information than the earlier IP header. This mode is normally used between two routers or between a host and a router or between a router and a host. Tunnel mode is used when either the sender or receiver is not a host. The entire original packet is protected from intervention when travelling between the sender and the receiver.

All About Firewalls

Overview

A firewall can be a software or hardware device that blocks all unauthorized access of the system resources. It protects the private network from the people outside the network. Firewalls may consist of hardware or software or both. It is basically used to protect local intranet from people outside the network. A firewall can also be set using a router. These devices can be configured so that outside world cannot access the intranet. Also, the intranet computers cannot access certain resources outside the network. This helps in securing the intranet computers from being accessed by hackers.

Types of Firewall

Firewalls are designed for forwarding the desired packets and filter the packets that are not required. For example, a firewall can be used for filtering packets received from a particular host or an http server. Firewalls can also be used for denying access to a particular host or service. A firewall is present at a junction point or gateway between two networks such as a private and public network.

Hardware Firewall

Hardware firewalls are also available for configuration. Nowadays, they are inbuilt in a broadband router and form an important part of the network and system setup. For example, Sonic wall, Cisco PIX, and Watch guard. Hardware firewalls are more effective as they require fewer configurations and protect every system on the network. The hardware firewall utilizes packet filtering for determining the source and destination from the packet header.

Software Firewall

Software firewalls are useful for individual users and servers. Software firewall allows you to customize the functions and protection features of the firewall. Software firewall protects your computer from unauthorized access as well as protection from viruses. Software firewalls are not so secured as compared to hardware firewalls and it may be hacked. Hence, it is a good practice to use hardware firewall and software firewall together.

Packet-Filter firewalls

Packet Filtering firewalls does not block the whole content from the internet. It only blocks specific packets from the whole data. This type of firewall forwards or blocks the packets depending source and the destination IP address, source and destination port address or type of protocol (TCP or UDP). It collects this information from the network layer and transport layer headers. If the packet is trying to access some unauthorized port of the computer or if the packet is originating from an unauthorized IP address, than that particular packet may be discarded. This type of firewall is mainly configured in the routers. Packet filter firewall cannot monitor each and every user as it only blocks the IP addresses and ports from where the message originated as configured. The advantage of these types of firewalls is that the user need not install and configure any software for setting up the firewall.

Proxy Firewall

The proxy firewall protects the intranet network from the outside world. The packet filter firewall filters packets at the network and transport layer. However, it is essential to filter the data at the application layer level based on information present in the message itself. The solution to this problem is installing a proxy computer also known as application gateway between the user computer and the organization server. When a client computer sends a message, the proxy firewall forwards all HTTP packets to HTTP proxy. HTTP proxy executes a server process to receive the request. Then it opens the packet at the application level and checks if the message received is valid. If it is valid the HTTP proxy acts as a client process and sends it to the organization server (HTTP Server). If the message is not valid, an error message is sent to the client computer and the message is dropped. Thus, the requests of the external user are filtered on the basis of the contents of the application layer.