Mrious_be,
It's neat to watch your learning curve on this.
I am now learning about Macintosh ports from you.
<<I like the suggestion of a "stealth" one, if it's save than i probably go for such one.>>
Yeah - one firewall strategy is to be a stout well-protected wall with a few well-watched doors in it.
Of course - the bad guys just try to bang down the doors. Or pick the locks. Or dig under the wall. Or climb over. Or take the doors off their hinges. Or blow a hole in the wall . . .
This is all automated. Nuthin' personal. Exposure is greatly increased on a cable connection.
So ya gotta keep an eye out. Such is life when you are a visible target.
Another strategy is to be completely invisible on the Internet so the bad guys do not even know you are there. :-)
You might try the following sites for a few quick dirty tests of your Internet visibility/invisibility - for example, before and after opening up your firewall for iChat. There are three levels - stealthed (invisible), blocked (visible target but the doors are locked for the moment), and open:
Shields Up
https://grc.com/x/ne.dll?bh0bkyd2PC Flank
http://www.pcflank.com/Note - quick scans are quick because they do not test all your vulnerable ports. Some only test five or so and declare you "secure." Better ones may test twenty or thirty.
But I think there are something like 60,000 ports: a complete test of all of these takes overnight.
Probably worth doing.
_____________________________________________________________
Diana,
As to that password example, I never intended . . .
Sigh.
You are way ahead of me on security. Towards where I hope to be within a few years.
Of course, by then you will be many more years ahead of me.
It never ends.
Do you know anything about encrypting whole hard drives - Linux, Mac, whatever?
That looks like a logical next step, here.
Are there any problems with speed or troubleshooting? I.e., one hardware or software glitch and you lose everything?
Any idea where one might start learning about this?
Looking through the
http://gnupg.org/ site you posted. Learnin' . . .
Good stuff.
You mention a lot on local security in the context of the portable laptop. Good stuff to learn. I run desktops and have been thinking more of remote security issues - i.e., Internet - than local security.
A few thoughts on local security . . .
Anyone with physical access to a PC - Linux or Windows, anyway - can bypass a lot of the security measures by just inserting a boot floppy or boot CD and accessing the PC's hard drive from there. This can be thwarted by going to your bios and setting your hard drive as the initial boot drive and/or disabling the floppy and CD as boot drives. Of course, someone who knows this can just go to your bios and re-enable the floppy or CD as the initial boot drive. So it is prudent to password protect your bios - these options are all available if you explore around your bios on a PC, typically by holding down the "delete" button on startup.
If you need to re-access your floppy or CD as a boot drive, you just go back to the password-protected bios and re-enable.
Password protection of the bios has also been an issue on PCs in the context of viruses that can change the bios settings, kill the processor cooling fan and thereby kill the computer. I don't know if any such Windows virus actually exists, but it is a comforting thought that if someone can think of it, someone else might actually be able to make it. :-)
How does one adjust the "bios" on a Mac - "Open Firmware?" - I dunno. Perhaps there is no equivalent to the PC bios. Any ideas?
Of course - if you do this strategy on a PC, the bad guy's next step would be to transfer your hard drive and read it off of another PC. But that is a lot more work and is a lot more time consuming and conspicuous than accessing it via another boot floppy or CD.
So it is just one more step in security - not a complete solution.
How this works on laptops, I do not know.
Another likely next step here is removable hard drives - kinda like having great big fast reliable zip drives. The gismo fits in a free 5" bay, with individual carriers for each hard drive. With 80 GB WD hard drives occasionally on sale for $20-50, this is beginning to look financially feasible. Just run one relatively insecure hard drive on the Internet, without your financials or business stuff on it. When you want to do taxes and such, disconnect from the Internet and exchange the insecure hard dirve with the relatively secure one.
Of course, ya gotta be careful. One mistake and . . .
Oops!
Diana wrote:
<< You can label me paranoid, but I will continue to try to teach that personal security is worth the effort. When it becomes paramount, you'll be glad if you studied beforehand. >>
Is it paranoid to eat right and to get some exercise? Or to not stay out in the sun too long?
Or is it just good judgment?
Is it paranoid to wear a seat belt?
We thought it a little silly at first. Now is is automatic. Unconcious, really. Can't really remember when we didn't.
Is it paranoid to drive carefully?
Is it paranoid to be careful on the Internet?
Or should it just be become another good habit?
___________________________________________________________
The pendragon wrote:
<< Also, never, ever put anything on your computer that if it were revealed, your life would be ruined. At least those were his words off wisdom. >>
Yup.
A variant is - expose no financial information on your computer you would not want open to the world.
If I ever do any Internet banking, it will be on a little bitty account in a separate bank.
No need to risk anything that I am not willing to completely lose.
The relatives gathered over Christmas, as relatives do. One is a credit union officer who has a PC in the house, set up by the credit union for access to the credit union files from home.
He also lets the kids use it.
He was complaining that it was slowing down so he would need to get a new PC. My brother and I looked at each other, rolled our eyes, and with his permission - we had at it.
Windows 98 - not SE - no maintanace in at least two years. Diagnostics/repair, deleting 2000+ temporary files and defragmenting the hard drive took overnight and well into the next day. No firewall. We could not find any antivirus software on it - "Yeah," he laughed "there isn't any."
He's got a great sense of humor.
We didn't have to ask for any passwords to fully access the guts of the OS - there weren't any
The kids had downloaded all sorts of stuff.
We tried to talk security with him but he was dismissive. Computer security is for his credit union's IT staff to deal with, he told us - that is what they are paid for - it is not his concern. It was clearly a work culture issue - such concerns were beneath someone as important as himself. IT people were like janitors to him - Administrators were the important fellas.
Hey - this is a smart guy. Both a loving and a very intellectual family atmosphere - his kids have various academic honours. The brains are there. It's the attitude . . .
Are my brother and I paranoid? Or is he imprudent and resistant to learning something he really ought to know?
Is he actually stupid? Or is this an issue of the attitudes of the bureacratic financial services culture of which he is a part?
I will leave this as an exercise for the reader.
But if this is typical of financial services culture attitude in regards to computer security - and I submit that it probably is not an isolated attitude, particularly in view of some credit unions and banks now putting Microsoft OSs on their automatic teller machines - I would prefer not to do my credit union/banking activities over the Internet.
And when I deal with the credit unions or banks, I always keep a paper record.
Regards,
Epaminondas
