Just How Paranoid Are You?

An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"

doctors? lawyers?

[coyote-san]

Why do you think only "corporate" (which seem to be big iron since you contrast it to "personal computers") have sensitive data?

What about doctors? Lawyers? Accountants? Schools? Bookstores? etc.

If you've been paying attention to the news you'll know that every so often somebody buys a used computer disk and finds the results of STD tests (including AIDS) for tens of thousands of people. Or the name, address and credit card information for thousands of customers.

The loss of this information may not cause the DJIA to drop 10%, but it can be devastating to the people involved. But security is often lax since it's "only" a PC and it never occurs to these people that their computers may be stolen precisely because of the confidential information on the disk.

Even home users can face a difficult situation if they take their work home. They have a duty to protect that information... then they work on those files on virus-ridden systems. Today's viruses seem to focus on spam and stealing credit card numbers, but it's not hard to imagine more sophisticated attackers looking for other information.

Re:Physical access!

[BWJones]

Ok, how many admins out there who take backup tapes home as your offsite solution?

This may be modded as funny, but is actually quite interesting. I know of a number (at least I know they used to) of sysadmins whose offsite backup was at home. This included some organizations with fairly substantial interests in limiting the access to their information. It should be company policy to properly pay for and establish a secure off site location for backups that are not in insecure locations like peoples homes. This should include any company that backs up information related to personnel information like SS#'s and such. For lots of companies or research institutions with just research info that is not sensitive, backups at home can be wholy appropriate.

Re:Firey death to the intruders!

[mejesster]

If they have physical access, they can just reset the BIOS... Plus you probably have floppy or CD set as boot first, in which case a simple bootable floppy or CD could circumvent all your elaborate security.