Increasing Computer Security through Hardware?

Audiostar asks: "I am interested in adding some security to several of my computers, but am unsure as to which product to go with. I would like to use some sort of external security measure, such as a pen drive token or something similar. I had considered custom building a key card and reader to install on all my machines, but once I started thinking about the cost and time of building a card reader for each of my computers it became rather impractical. Does anyone have any suggestions for external locking devices or software? I would prefer something that I could use on both my Windows and Linux machines, but protecting the Windows machines are the top priority. I don't need anything too fancy, just an added layer of protection from the multitude of various people who come in and out of my place of business everyday. I own a 128mb flash disk watch, so possibly using that as a token would be both easy and geek chic. Any suggestions on what to install?"

Use reliable hardware.

[ezraekman]

Don't use the watch. You'll smack it against something, and then you're screwed. Ditto for a generic USB flash drive, unless you're sure it's bulletproof. Get something reliable, or don't get anything. If you want to be sure you're covered, buy three of whatever it is. Keep one handy, one in a fireproof safe/lockbox on the premises, and one at home. If your only hardware key gets hosed, so do you.

Oh, and KISS. You're right; the cardkey isn't practical, and not just because it'd be difficult/expensive to build. It would probably also be something prohibitively difficult to troubleshoot, should you have problems later. Then you have to call a specialist, and hope he's A) cheap and B) can figure out how to solve your custom-built (and therefore, proprietary) hardware problem. You're probably on the right track with small, removable hardware. Just make sure it's also reliable, or it's useless.

Er? Bad question!

[dasunt]

Audiostar asks: "I am interested in adding some security to several of my computers, but am unsure as to which product to go with...

Er, what sort of security?

A simple bios boot password will prevent the computer-naive from accessing your machine.

GnuPG under Windows and the unix clones will allow you to encrypt/decrypt and digitally sign files.

The unix clones tend to be able to encrypt their entire filesystem by whatever algorythm you want. NTFS claims some sort of filesystem encryption as well, but I'm unfamiliar with the mechanism and thus won't recommend it.

OpenBSD has encrypted swap and tends to be tops on the 'utterly paranoid' scale.

How about you tell us what you are trying to do exactly, and we'll tell you the best solution.

Gimme Access and it wont matter

[nurb432]

If someone has physical access and determination, nothing you do will be 100%..

All you can do is slow them down..

Enabling bios passwords, disabling boot from anything but the HD, storing data on the servers, and good system passwords should be enough to keep out the casuals...