DOI: 10.1148/rg.245035212
RadioGraphics 2004;24:1503-1512
© RSNA, 2004
Informatics in Radiology (infoRAD)
Personal Computer Security: Part 2. Software Configuration and File Protection1
Ronald D. Caruso, MD
1 From the Neuroradiology Section, Department of Radiology, University of Louisville School of Medicine, 530 S Jackson St, Louisville, KY 40202. Received November 10, 2003; revision requested January 30, 2004 and received February 10; accepted February 25. The author has no financial relationships to disclose. Address correspondence to the author (e-mail: rcaruso@louisville.edu).
 |
Abstract
|
|---|
Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user.
© RSNA, 2004
Index Terms: Computers • Internet • Radiology and radiologists, design of radiological facilities
|
Introduction
|
|---|
This is the second of two articles discussing many important aspects of personal computer security for the radiologist. It is assumed that the reader has reviewed the first article (1) and has become familiar with safe Internet browser and e-mail program use (including e-mail program security settings) by referring to other sources, since improper program use will undermine an otherwise secure system.
In this article, after providing a brief update on program upgrades of two software programs discussed in the first article (1), I discuss configuration of the security features in Windows XP, Internet Explorer 6, and Office XP Professional (including Word, Excel, Powerpoint, and Access) from Microsoft (Redmond, Wash). The configuration of Microsoft Office 2003 Professional, which had just been released as of this writing, is similar to that of Office XP Professional but is not discussed in detail in this article. I also explore file protection issues, including header information, defragmentation, backup, deletion, wiping, passwords, and encryption. In addition, I discuss Digital Imaging and Communications in Medicine (DICOM) header "scrubbing," which is necessary to protect patient privacy. I will not discuss monitoring of communications, but radiologists working in a hospital or other network environment, or perhaps using a computer while traveling, should be aware that their files, communications, and passwords can potentially be monitored with inexpensive, easily obtainable software. Employers typically have the legal right to do so, and others may do so either overtly or surreptitiously; check any posted policies. Digital watermarks, which may be attached to some files, are also beyond the scope of this article. Finally, the suggestions given herein are only a point of departure, since it would be impossible to cover all aspects of security in an article of this length; furthermore, recommendations may differ and will certainly evolve. Many of the suggestions will not apply to certain situations, since computers are used in a variety of settings and personal preferences differ. Education related to security and consultations with information technology professionals would be advised. Several selected World Wide Web sites are listed in the Table and in the first article (1). A good place to start is the Microsoft Web site, which covers many aspects of security, including topics such as digital certificates that are not discussed in this article.
Windows software is being featured in this series because it is the most ubiquitous platform and is used by the majority of radiologists; however, I do not endorse it in its present form. In fact, Microsoft has announced that a comprehensive series of security updates will be issued in mid- to late 2004, probably as part of Windows XP Service Pack 2. Incorporated modifications to security settings will very likely affect certain recommendations made in this article. Documentation accompanying any Microsoft security updates should be reviewed with this caveat in mind.
As in the first article, menu items and similar choices discussed in this article are generally capitalized, and if sequential operations are to be carried out, the ">" symbol is used to separate components.
|
Norton Internet Security and Microsoft Office Professional Upgrades
|
|---|
Norton Internet Security 2004 (Symantec, Cupertino, Calif) and Microsoft Office Professional 2003 were released shortly after Part 1 of this two-part series was published, and I installed early copies of both upgrades. (As emphasized in the first article, security software and office suites are available from many vendors; I am simply using these programs as examples.) The vendors’ Web sites and software review sites can be consulted regarding the new features of the programs, including support costs (Table) (1). Licensing is limited, and particular attention should be paid to the various versions if software is needed for two or more computers.
Norton Internet Security 2004, which now includes activation, hung up on the first attempt at upgrading (Pentium 4 Windows XP computer with 256 MB of RAM and ample hard drive space). It installed successfully on the second attempt. Installation on another computer was uneventful. Almost all settings were carried forward, and the new features were configured easily. Improvements include spyware and keystroke logging program detection, spam control, and support of custom configuration of different networks. Boot time was increased by 34% after the upgrade, perhaps related to the new activation software. Once installed, the program functioned well. There is no free telephone support, even for installation problems, and users needing immediate help should plan on paying for telephone support. I did not purchase the stand-alone version of Norton Antivirus 2004.
|
Microsoft Windows XP and Internet Explorer 6 Security Settings
|
|---|
Users purchasing a computer or upgrading to Windows from an earlier version should consider choosing NTFS (new technology file system), which is safer and more versatile than the other two available file systems. To see a drive’s file type, right-click on the drive in Windows Explorer or My Computer and select Properties. Consult Help for details on available file systems, including conversion. Microsoft allows a user who is logging on to the computer with NTFS to choose between Administrator and Limited User accounts. Microsoft and many security experts suggest using the latter for routine work, since it has fewer privileges, thereby making it harder for an external source (or internal user for a multiuser computer) to take control of computer functions. (See User Accounts in the Control Panel.) I have found the Limited User account to be cumbersome for single-user computers, although its use may be easier if the computer is initially set up that way. For instance, the automatic updating and file backup features of some programs will not function outside the Administrator mode. Guest Account should be turned off, and all accounts should have passwords. File sharing, unless necessary and carefully configured, should be disabled. To determine if file sharing is active for a particular drive or folder, right-click on it in Windows Explorer or My Computer and go to Sharing and Security (Fig 1). File sharing can be configured as desired there. Network sharing for folders can be checked and configured at the same time. Care should be exercised in setting up any remote access account. For those who are knowledgeable about file types, a configuration that displays the whole name and path of each file is recommended. Go to Control Panel > Appearance and Themes > Folder Options > View, uncheck Hide Extensions for Known File Types, and check Display the Full Path in the Address Bar. This is helpful in evaluating e-mail attachments and other files, which can otherwise hide their true identity. Note the many other folder options available.
View larger version (76K):
[in this window]
[in a new window]
[Download PPT slide]
|
Figure 1. File and Network Sharing dialog box, which can be reached by right-clicking on a folder or drive in Windows Explorer or My Computer. Local or network sharing should be undertaken with care. Note the access to Help at the bottom of the box.
|
|
The security settings in Explorer need to be considered as well. Choosing the level of Explorer security settings will have a major impact on use of the Internet. As of this writing, Microsoft sets default levels that, in general, permit maximum use of the Internet. However, users should consider setting more restrictive levels for greater safety and deactivating features that are not being used. As is usually the case with security, more restrictive settings will cause some inconvenience, although it can be minimized. Each individual’s tolerances and preferences will be important variables.
From the Tools menu, select Internet Options (Fig 2). Note the various choices. The General tab, which is the default opening, permits users to delete cookies (ie, information available to Web sites that identify you and your computer), temporary Internet files (including those that are off line), and Internet history (ie, Web sites visited). It is usually a good idea to do these things regularly as a privacy measure if you do not have specialty software that does it for you. Note the various settings that can be altered, including the location of the home page. The Privacy tab permits setting how cookies are handled. Explorer uses the Platform for Privacy Preferences Project, which sets privacy policies for cookies. Not only can a general level be set, but the handling of specific Web sites can be individualized. The default setting is Medium, a reasonable choice for most individuals; however, other levels or custom settings are permitted, and the tabs provide explanations for the choices. The Edit icon permits individual site handling. Of the several reasonable ways of handling cookies, I use Custom Settings, which can be seen on the Advanced tab (Fig 3), blocking third-party cookies but accepting first-party cookies (which are deleted frequently, as previously described). Many custom programs are available for cookie handling and similar privacy functions.
The Security tab is the most important and should be set for all four Web content zones (Internet, Local Intranet, Trusted Sites, Restricted Sites) (Fig 4). The definition for each zone appears when that zone is selected. By default, the level of security is set at Low for Trusted Sites, Medium Low for Local Intranet (your network if you have one; check with your network administrator for what is included), Medium for Internet (all sites not belonging to the other three zones), and High for Restricted Sites. Initially, there are no sites listed under Trusted Sites and Restricted Sites. Users may add a site to either category by copying its Web address onto the appropriate list. For instance, to add a trusted Web site to the Trusted Sites list, select the Sites icon on the Trusted Sites tab and add the Web site address to the list. (The easiest way to do this, unless it is a simple address that can be typed in, is to open Explorer, go to the chosen site, and then use <Alt> + D to select the address if not already selected, <Ctl> +C to copy it, and <Ctl> + V to paste it onto the list.) If the address is not a secure site (usually identified by "https" and a lock icon), uncheck Require Server Verification. Obviously, sites are added to the Trusted Sites list only after careful consideration. The current zone is always displayed in the lower right portion of the monitor (by default) in Internet Explorer. The zone may change as a site is navigated, since only the specific address entered on the Restricted Sites or Trusted Sites list activates the settings for those zones.
As in other security areas, there are many different ways to configure these zones. Most users, if they are aware of the zones (which most aren’t), choose to use the Microsoft defaults, which can easily be reset by using the Default Level icon (Fig 4) if they have been altered. Sites can then be added to the two lists if desired. Choosing a setting that is less restrictive than the defaults would not be recommended, and use of custom settings is best undertaken with care by users who are willing to spend some time on the learning curve. I use the Trusted Sites zone for a few sites (including the two Microsoft update sites discussed in reference 1), the Restricted Sites zone mainly for news and for some other sites that function normally in that zone, and the Internet and Intranet zones for all sites, using custom settings (described later). This is only one of many possible methods. For those interested in further information (2), Windows Help, computer magazine Web sites, and hospital information technology personnel are good sources of information. Interim security updates should be carefully reviewed because settings may change.
If you have not previously configured these zones on your computer, or if others have logged on with administrative rights in the interim, you can ensure that the zones are set at the proper defaults by selecting each zone in turn and choosing the Default Level icon. In addition, there should be no sites listed on the Trusted Sites or Restricted Sites list that you have not placed there. (In some network settings, an administrator may have altered the zones per company policy. Check with the network administrator.)
Individuals who wish to try using Custom Settings to specify settings for the Internet zone should first select it in the Security tab. A detailed discussion of the resulting choices is beyond the scope of this article. Simply elevating this zone from the default Medium setting to High would be unacceptable to most users, since commonly used functions such as opening Adobe Acrobat files (which requires Active X, a function that is subject to abuse) would be disabled. In addition, elevating some settings from Enable to Prompt (as I have done) will likely result in dialog boxes that some users might not be willing to accept unless commonly used sites are properly placed in other zones. Moreover, user entry of some information that the program would otherwise enter automatically may be necessary. The default settings rarely result in such inconveniences. For those interested in trying custom settings, first select Medium (the default level) and Apply, then select Custom Level (Figs 4, 5). You can then scan the settings in the Security Settings dialog box (Fig 5) to see the defaults. Knowledgeable individuals might consider more restrictive changes to the default Medium level Internet zone settings. For example, Prompt is specified for Run Active X Controls and Plug-ins, Script Active X Controls Marked Safe for Scripting, Drag and Drop or Copy and Paste Files, Navigate Sub-Frames Across Different Domains, Allow Paste Operations via Script, and Scripting of Java Applets. Disable is specified for UserData Persistence. Prompt for User Name and Password is chosen for Logon. Note the many other choices, such as permission for downloading of files. Active Scripting is left at Enable if safe scripting software (eg, Norton Internet Security) is installed (check software for documentation). (Setting Active Scripting to Prompt results in an annoying series of dialog boxes that few users would accept.) There will be some dialog boxes with the settings indicated, mainly for Active X. Many frequently used sites can be placed in the Trusted Sites or Restricted Sites zone if appropriate. If the user is not satisfied, any or all of the settings can be returned to their defaults or other changes made. (Simply selecting the Default Level icon does not remove items from the Trusted Sites or Restricted Sites zone; this must be done manually.) The High setting can be tried if the user so desires, but most users would not accept this setting for routine Internet use. Note the other tabs on the Internet Options menu (Fig 4). The Advanced tab also includes security settings, mainly at the end of the list under the Security heading. Users who wish to adjust these settings from their defaults should consult knowledgeable individuals or documentation. Windows, again as a convenience, allows autocompletion of forms and passwords. Some individuals might prefer to deactivate these services as a safety measure, particularly if others have access to the computer. To do so, go to the Content tab > Autocomplete and uncheck Forms, as well as User Names and Passwords on Forms (Fig 6). To clear any saved data, use the Clear Forms and Clear Passwords icons. When next prompted for a password, consider not selecting the box marked Remember my Password on this Computer (or some similar wording). Again, this is a matter of personal preference. Those using the Windows Media Player may wish to uncheck Allow Internet Sites to Uniquely ID your Player. This setting is reached by going to the Tools menu of Media Player > Options > Player.
|
Microsoft Office XP Security Settings and Options
|
|---|
Office 2003 and Office XP are similar in configuration. The most important adjustments are made in the Security Options dialog box (Fig 7), which can be reached in Word by going to the Tools menu > Options > Security. (The Security box alone can also be reached by going to the Save As menu > Tools.) The Security dialog box is reached in the same way in Word 2003, and most settings are similar; they are not covered in this article. Some security settings apply to the whole program (eg, the macro setting) and some to the specific file open at the time of access. For the macro setting, selecting the Macro Security icon at the bottom of the Security Options dialog box (Fig 7) displays and explains the choices and permits selection. I use the Medium setting, which opens a dialog box each time a macro is encountered. Others may prefer the High setting. Note also the three Privacy Options on the Security tab (Fig 7), the first of which applies only to the file that is open. Consider selecting all three options if they are not already checked. Passwords and file encryption options may also be set here if desired, again for each file. For sensitive files, I recommend selecting the Advanced tab (Fig 7), which opens the Encryption Type dialog box (Fig 8). An RC4 encryption type with a 128-key length is specified for files to be used in Office XP or 2003. See Help if files need to be opened in an earlier version. Note the check box for encrypting file properties. (Further encryption options are discussed later and are recommended for especially sensitive files.) Note the options for shared documents in Figure 7. Numerous other tabs, the settings of which significantly affect program operation, are also seen in the Security Options dialog box (Fig 7). For instance, User Information can be set on its own tab and file locations specified. Options for each Office XP program must be set separately. General and security options for Excel and Powerpoint are quite similar to the settings in Word and are also reached by going to Tools > Security. General program options for Access are reached by going to Tools > Options, whereas security options are reached by going to Tools > Security. Consult Help or other documentation for details, particularly for Excel and Access.
View larger version (45K):
[in this window]
[in a new window]
[Download PPT slide]
|
Figure 8. Word File Password Encryption Type dialog box. For a document to be opened in Office 97 or 2000, the choice shown is made. For documents to be opened in Office XP or 2003 only, a more secure RC4 encryption type with a 128-key length is selected.
|
|
In addition to file encryption options inherent in Office XP, Windows XP Professional includes a utility for encrypting folders or drives. Third-party encryption programs and utilities are also available for use with sensitive files or with the entire computer (Table). Some freeware utilities, such as Cryptext, are simple to use for individual files. Any encryption program should be thoroughly understood before being used. Unencrypted backups, kept in a secure location, should also be considered.
|
File Properties Editing in Office
|
|---|
Each file created in Office (and most other programs) is associated with a Properties tab that gives information on the author, dates saved and edited, editing time, and so on. As previously mentioned, the Security Options dialog box (except for Access) has a checkbox to omit some personal information from the Properties tab. The Properties tab can be accessed by going to the File menu > Properties for an open document; for a closed document, in most file lists simply selecting and right-clicking on the file name will display a menu that includes Properties. Note the information on all three tabs, including the Advanced icon on the Summary tab. (Viewing the Summary tab, including the Advanced component, after omitting information shows what remains; the file can be saved under a different name to eliminate some of the remaining information.) For Word, Excel, and Powerpoint files, much of the information can be modified or omitted by then selecting the Custom and Summary tabs. Save the file for the changes to be effective. (This procedure does not work for Access files or some other Office files, such as those saved as Web pages.) If more than one version of a document has been saved in a file, the previous versions can be removed by going to the File menu > Versions, selecting the versions to be deleted, and clicking on Delete. Consult Help under Remove Personal or Hidden Information regarding removal of tracked changes, text formatted with hidden attributes, and similar items.
|
DICOM Header Scrubbing
|
|---|
Patient information associated with DICOM medical images is stored in the file header and can be viewed with appropriate software (3,4), even if the image has been saved with no visible identifying information. If such images are to be incorporated into a teaching file or otherwise accessible to others who are not entitled to the information, such data must be omitted, or scrubbed. The easiest method is to save the image without visible personal information as a tagged image file (TIF) or Joint Photographic Experts Group (JPEG) image, keeping a separate record of the pertinent data for subsequent use if desired. File properties can be checked as described earlier to be certain that no other personal information is present. Saving a file as a TIF or JPEG image is possible with many picture archiving and communications systems (5) and is our preferred method. If the image is saved with information visible on its face, the information can be removed and annotations added in Photoshop as desired (5,6). For DICOM file header scrubbing or for confirmation that no patient information is in the file header, software such as DICOMaccess (DesAcc, Chicago, Ill) can be used. The use of this Adobe Photoshop plug-in for importing DICOM images into Photoshop as 16- or 8-bit images has previously been described (5). This plug-in can also be used to anonymize any open DICOM image in Photoshop 6 or 7, after any necessary editing or annotation, with the Save As dialog box (Fig 9). Any header information stored with the image, even if not visible on the image itself, can be viewed in this dialog box before being removed. Figure 9 shows the anonymized information for a typical image header. Specific information, such as the diagnosis or its code, can also be added if desired. The process can be automated with use of a template; see the vendor’s Web site for details (Table).
The Web site for the Radiological Society of North America (RSNA) is an excellent source of information on DICOM and includes numerous references to related Web sites, including those offering useful freeware utilities (Table). The RSNA Web site includes a hyperlink to Simple-DICOM 3 (Department of Radiology, University of Pittsburgh, Pittsburgh, Pa), a freeware utility that simplifies importation and viewing of DICOM images; this utility can also anonymize, manipulate, and export DICOM images as TIFs or JPEG images.
|
Deletion of Temporary Files and Wiping of Deleted Files
|
|---|
Periodically, temporary files, files in the Recycle Bin, and other unused programs and files should be removed from the computer. The hard drive should also be defragmented regularly. One can right-click on the Recycle Bin to empty its files, and Windows has utilities to carry out the other operations. Consult Windows Help if necessary. Files deleted from disks or hard drives are not actually removed; although no longer visible to the user, they remain until they are overwritten, even if the drive is reformatted. Until these files are overwritten, they can be recovered with easily obtained software, an important consideration when a computer or drive is to be recycled. Special equipment, mainly used by professionals and law enforcement personnel, can even recover files overwritten several times. Accordingly, standards for wiping files have been developed by the United States Department of Defense and others. However, multiple passes are prescribed, which can be time consuming. Radiologists should also be aware that there may be copies of files made by various programs, often as backup files or temporary files, and portions of files may be stored in areas called swap files and slack spaces; these copies and fragments are not automatically deleted at the time the file itself is deleted. File-wiping programs are available, some of which are free (Table) or part of utility suites. Some programs simply overwrite deleted files a single time in the "free space" or overwrite a file at the time it is being deleted. Others are high-end programs (eg, BC Wipe 3 [Jetico, Tampere, Finland]) that can be extensively customized to overwrite all locations where a file or its fragments may persist (Fig 10). Backup files must still be deleted separately. Right-clicking on any file or directory with that program permits deletion with wiping, which is useful for sensitive files. Free, fully functioning trial versions of most programs are available. Window Washer (Webroot Software, Boulder, Colo) is another popular program. I recommend that all appropriate files, programs, personal information, and passwords be deleted prior to recycling any computer or hard drive, followed by defragmentation and wiping. Similarly, any removable media to be recycled should have all files deleted, followed by reformatting and wiping. Most of these operations have already been described.
|
File Backup
|
|---|
Eventually, all radiologists will experience loss of at least some files. Occasionally, a file will be inadvertently deleted or become corrupted. The entire hard drive, representing months or years of work, can be lost for a variety of reasons. Program files can be restored relatively easily, but personally created files are another matter. Fortunately, backing up files onto a compact disk (CD) or other medium is fast and easy with modern software, which is usually bundled with a CD or digital video disk writing drive. I use Nero Burning Rom (Ahead Software, Glendale, Calif), one of many such utilities. This software backs up files from one or more computers, including subsequent updates, onto a CD. A just-released version also permits writing to digital video disk drives. Any backup media should be kept in a secure, off-site location. For most casual users, a weekly backup is sufficient, although an updated backup can be performed more frequently. Heavily used files (eg, manuscripts) can also be backed up as often as desired (typically by simply copying them to a floppy disk or other convenient medium). It is advisable to know the location of all important files. Most will be in the My Documents folder (or other specified default location), but others may be stored with their programs (eg, Quicken) or elsewhere. (File location can usually be specified by the user, thereby simplifying backup.) Some custom settings files such as Internet Favorites, the Custom Dictionary, and program settings (eg, for Adobe Photoshop or Office XP) might also be specified. Some such files may be "hidden"; if they are not visible, they can be observed by enabling Show Hidden Files and Folders on the View tab of Folder Options. In Office XP, a "wizard" simplifies the saving of settings for that suite. Go to the Start menu (with all Office XP programs closed) > All Programs > Microsoft Office Tools > Save My Settings Wizard. Then follow the instructions to save the file in a convenient location for backup. (For Office 2003, the pathway on the Start menu is slightly different; see Help if needed.) The locations of all files to be backed up can be saved in most backup programs as a custom file, obviating selection each time. Windows also has a limited restore utility (see documentation). More advanced third-party programs are available to recover many deleted or corrupted files, restore the hard drive to an earlier date, or recover some passwords. Specialty companies can often recover data from physically damaged drives, although usually at considerable cost. Some individuals may prefer to purchase a program that provides an exact duplicate of the hard drive (or any part thereof), which can then be restored in its entirety, including all settings and programs. Popular programs include Powerquest Drive Image 7 (Powerquest, Orem, Utah), Norton Ghost 2003 (Symantec), and Acronis True Image 6.0 (Acronis, South San Francisco, Calif) (Table) (1).
|
Conclusions
|
|---|
Configuration of software security settings and proper file maintenance are important and necessary. The degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Patient identifying information, contained in the header section of DICOM medical images, needs to be anonymized prior to use of these files in a public educational or research environment.
|
TAKE-HOME POINTS
|
|---|
Digitalized personal information must be safeguarded.
Careful software configuration is essential for safe Web use.
Proper procedures must be followed before a drive or disk is recycled.
|
Footnotes
|
|---|
Abbreviations: CD = compact disk,
DICOM = Digital Imaging and Communications in Medicine,
JPEG = Joint Photographic Experts Group,
NTFS = new technology file system,
TIF = tagged image file
Editor’s Note.—Microsoft has announced that a comprehensive series of security updates will be issued in mid- to late 2004, probably as part of Windows XP Service Pack 2. Incorporated modifications to security settings will very likely affect certain recommendations made in this article.
|
References
|
|---|
- Caruso RD. Personal computer security. Part 1. Firewalls, antivirus software, and Internet security suites. RadioGraphics 2003; 23:1329-1337.
- Bott E, Siechert C. Microsoft Windows security for Windows XP and Windows 2000 inside out Redmond, Wash: Microsoft, 2003.
- Cao F, Huang HK, Zhou XQ. Medical image security in a HIPAA mandated PACS environment. Comput Med Imaging Graph 2003; 27:185-196.[CrossRef][Medline]
- Ernst RD, Baumgartner BR, Tamm EP, Torres WE. Development of a teaching file by using a DICOM database. RadioGraphics 2002; 22:217-221.[Abstract/Free Full Text]
- Caruso RD, Postel GC. Image editing with Adobe Photoshop 6.0. RadioGraphics 2002; 22:993-1002.[Abstract/Free Full Text]
- Caruso RD, Postel GC. Image annotation with Adobe Photoshop. J Digit Imaging 2002; 15:197-202.[CrossRef][Medline]
Top
Abstract
Introduction
