Slashdot Mirror
Just How Paranoid Are You?
An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"
Like I'm going to discuss that here on Slashdot! You know who might be reading.
I have OpenBSD on my firewall and main work machine. Encrypted partitions too. GPG everything. My Windows 2000 game machine is locked tight and on a DMZ without IE being used. My monitor is wrapped in tinfoil, naturally, with a small cutout just large enough to have a 640x480 window viewable. I wrapped my mouse in tinfoil but that made it hard to use so I cut a hole in the bottom which allowed the light to hit the desk surface. Problem there was the desk was wrapped in tinfoil, too. So I made my own mousepad because I don't trust the ones made by The Man. It's made from a dead rabbit I found on the street. I flattened it out and dehydrated it. When I need a random number I pinch some fur and pull. however many strands of fur I get in that pull is the random number I use. Of course I need a new mousepad every few weeks as I never reuse the same tuft of fur twice. Never trust the PRNG in any OS, even OpenBSD. Theo is watching. Speaking of that, the other day I was installing OpenBSD 3.6 on a new machine and then I realized... CDs are a form of RFID tag. The unique bit patterns on them can be detected from space. So I wrap my CDs in tinfoil when not in use. Speaking of tinfoil, I find it best to buy the cheapest stuff from dollar stores. They don't usually use the UPC barcoding at those places. Just "$1.. $1.. $1..". Barcode readers don't use OpenBSD but I think Theo is trying to get in there. Speaking of barcodes, the other day I pulled a package of gum from my pocket and the person I was with said "Ohh... Spearmint!" I ran away. He obviously has a remote UPC scanner and knew that I had spearmint gum. He says the wrapper was in plain site but I think that's just an excuse.
Trolling is a art,
After all, doesn't everyone have my best interests at heart? Why, just the other day, a nice Nigerian man sent me an e-mail about a wonderful offer, and I don't even know him!
Hellooooo, Mr. Government Man!
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
Is there any point in trying to protect against BIG Brother really? I mean, if they WANT to get in, they could just storm your house and take away your PC. If the want they could slience you too. So why go so over the top?
Another idea is to make sure any sensitive infomation doesn't have any means of escape, hell build a machine with no network, and no floppy drive or cd writer. Take out the usb slots too, then maybe a passer by wont be able to access it.
30char password? Whats the point? I mean you can still brute force it, and even without doing this, theres still methods such as removing the hdd drive, mounting it under anther computer and 99% time, you got instant access to everything.
People need to learn, senstive data is only protected in ONE place, inside our minds.
Keep it there and no one can snoop it.
- http://www.milkme.co.uk
I run only knoppix Live CD, and I incinerate my RAM after I am done just to be sure there's nothing left on that RamDisk. Kingston loves me now!
Thanks for letting us know you have a 30 character password. That'll be much easier to crack than having to deal with 1 - 29 and 31 - infinity length password.
-- There is no sig line, only Zuul.
Never thought of effecting security by relocating my home server to the no-man's-land in the middle of the Korean peninsula. I think you may be on to something. No one would ever think to check there!
Don't blame Durga. I voted for Centauri.
I pile my old computer hardware into a wall around the house, and from time to time pour gasoline and light it on fire. A hadware firewall. The neighbors don't appreciate it, but it gives me a lot of security
Turns out bad sex is better than no sex. I'll have to be more grateful for what I get with the next girlfriend.
Why do you think only "corporate" (which seem to be big iron since you contrast it to "personal computers") have sensitive data?
What about doctors? Lawyers? Accountants? Schools? Bookstores? etc.
If you've been paying attention to the news you'll know that every so often somebody buys a used computer disk and finds the results of STD tests (including AIDS) for tens of thousands of people. Or the name, address and credit card information for thousands of customers.
The loss of this information may not cause the DJIA to drop 10%, but it can be devastating to the people involved. But security is often lax since it's "only" a PC and it never occurs to these people that their computers may be stolen precisely because of the confidential information on the disk.
Even home users can face a difficult situation if they take their work home. They have a duty to protect that information... then they work on those files on virus-ridden systems. Today's viruses seem to focus on spam and stealing credit card numbers, but it's not hard to imagine more sophisticated attackers looking for other information.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Ok, how many admins out there who take backup tapes home as your offsite solution?
This may be modded as funny, but is actually quite interesting. I know of a number (at least I know they used to) of sysadmins whose offsite backup was at home. This included some organizations with fairly substantial interests in limiting the access to their information. It should be company policy to properly pay for and establish a secure off site location for backups that are not in insecure locations like peoples homes. This should include any company that backs up information related to personnel information like SS#'s and such. For lots of companies or research institutions with just research info that is not sensitive, backups at home can be wholy appropriate.
Visit Jonesblog and say hello.
Good topic. I wish there were more serious posts so the rest of us could gleam some knowledge from the replies instead of the geeks trying to be funny.
We had a couple people leave work recently and they had some data in the computer that we needed to get ahold of. Since my company requires passwords and restrictive permissions on all Windows systems my team was worried that we might never get the docs off the systems.
A co-worker got out the Knoppix security tools distribution ( http://www.knoppix-std.org/ ) CD and was able to bypass the Windows passwords very easily. And it read the hard drive ignoring windows permissions.
If someone wanted a secure system. The Knoppix STD CD could be a good tool to use. Try and see if you or a trusted friend could get in to your PC.
- Bruzer (trying to be constructive)
"Tempt not a desperate man" - Willy S.
My password's set to my dog's name.
My dog's name is currently 4$ter*Zf1, but I change it every 90 days.
bp