[SATLUG] Questions about basic security procedures

Brad Knowles brad at shub-internet.org
Wed Aug 6 12:30:42 CDT 2008


pixelnate at gmail.com wrote:

> Assuming I want to start securing my data against having my laptop
> stolen or people somehow getting into my network, where do I start?

There are various different options, depending on what OS you have.

If you're running Mac OS X, you can use FileVault to encrypt everything in 
your home directory.  When you log in, files will get decrypted/encrypted on 
the fly, with a copy of your password as stored in RAM.  When you log out, 
the copy of the key in RAM gets thrown away.

For Windows, options include BitLocker for Vista (or the Windows XP 
equivalent "Encrypting File System") and TrueCrypt.  Note that TrueCrypt is 
also available for Linux.

Of course, there are many other such tools also available.

> Should I start with using GPG for email?

You can sign with GPG, but remember that the party/ies at the other end also 
need to be able to use PGP or GPG to decrypt the message or verify your 
signature, otherwise there is limited utility to being able to create 
messages that no one else can read.

This means you need to know something about the community you communicate 
with, before you select tools in this space.

>                                          How do I encrypt the data on my
> hard drive so that nobody else can use/see it but me?

There are file encryption tools that are also available, but the kinds of 
tools mentioned above (FileVault, BitLocker, TrueCrypt, etc...) tend to be 
easier to use and they protect the entire filesystem on which they run, as 
opposed to just a single file.

>                                                       Will encryption
> slow down my computer?

Yes, but if your computer is fast enough and has enough spare CPU cycles 
available, you may not notice.

>                         What measures should I be taking to guard against
> data theft?

Don't ever connect your machine to any kind of network.  Don't ever allow 
anyone else to touch the machine.  Don't ever install any software from any 
third parties.

Oh, did you mean things that help keep it secure while also keeping it 
usable?  Sorry, those goals are mutually incompatible -- you have to decide 
how much security you're going to have, and therefore how much hassle you're 
willing to live with.

>              Where can I find more information that can help?

The O'Reilly book "Computer Security Basics" by Rick Lehtinen and G.T. 
Gangemi is not a bad place to start.

Matt Bishop is one of the best-known experts in the field, and he wrote the 
book "Introduction to Computer Security".  I don't know anything about it, 
but on his reputation alone I'd say that you should at least check it out.


For Linux-specific books, O'Reilly has a couple more books to consider, 
namely "Linux Security Cookbook" by Daniel J. Barrett, Richard E. Silverman, 
and Robert G. Byrnes, and also "Linux Server Security" by Michael D. Bauer.


If you feel like you need a "Dummies" book, then "Windows Vista Security For 
Dummies" is written by by Brian Koerner with Mike Borkin and Joe Howard, and 
Brian's name is one I recognize as being reputable.

Going a bit further afield, "Internet Privacy for Dummies" is written by by 
John R. Levine, Ray Everett-Church and Gregg Stebben with David Lawrence. 
And John and Ray are both very well known in this space.  Unfortunately, 
their book was publised in 2002 and doesn't seem to have been updated since.

> As a creative professional, security is something that I haven't been
> all that concerned with in the past. I would really appreciate some
> pointers on where to start and where I can find out more.

Let me know if you have any other questions in this area.

> FYI, I mostly use Ubuntu (Hardy) and Mac OSX if that helps.

Ahh, then you might also want to check out "Foundations of Mac OS X Leopard 
Security" by Charles Edge, William Barker, and Zack Smith.

Then there is "Mac OS X Leopard For Dummies" by Bob LeVitus, and Bob's name 
in this business is legendary.  I'm sure this book is not primarily aimed at 
security, but it should at least touch on FileVault and other things you 
want to look at.

-- 
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>


More information about the SATLUG mailing list