Shared Computer Systems

A shared system is one that is used by more than one person, either at the same time (such as a timesharing system) or at different times (like a workstation in the office or lab). Even a 'personal' computer on a private desktop may have elements of a shared device (for example, the system may be connected to shared drives, be backed up or run common programs from a server).

As a working rule, security is much more difficult to maintain and control when dealing with shared use systems. In addition, security on a 'single user' system is much more difficult to control and maintain when someone else may have direct physical access to the device. Much of information technology security is, in the final analysis, based on trust.

When you are using shared systems you trust the administrator of the system, and to some extent, the other users of the system to have correctly configured and secured the device. You are certainly trusting that no other user has downloaded a file containing a virus or a trojan. Risks increase when another malicious user can load a program on the shared computer. There are many programs available that can capture all keystrokes made at a device and either store them for later review, or email them to another person. In general these programs are designed to not be detected and can usually only be found by detailed examination of the system by a professional.

Computers that process confidential or sensitive data should be generally kept more secure and may require a periodic scan for intrusive programs and devices. Systems with extremely sensitive or condifential data should consider using removable media (such as zip drives, removable hard disks or even diskettes which are physicaly secured when not in use) and providing secure physical environments.

In some cases, use of programs such as Firefox or Internet Explorer on shared devices can lead to unplanned and non-intentional security issues. These may appear minor (for example, viewing the history to see what web pages some one else has used) or appear more significant (for example, when one user may see email belonging to another, especially when POP mail is used, or the titles of email, or copies of all email sent).