There's no such thing as "perfect" security or "overkill" when it comes to computer security.
Printable View
There's no such thing as "perfect" security or "overkill" when it comes to computer security.
"Perfect" and "overkill" are such vague terms, security is overkill when it interfere's with user functioning at an unacceptable level.Quote:
Originally posted here by amorphous
There's no such thing as "perfect" security or "overkill" when it comes to computer security.
I think perhaps the original intent of this post is one of two things:
1. To brag (?) perhaps and impress all of us with his um... security, though the system is not as secure as it could be. (see my post above) ("Perfect?")
2. Because this level of security is interfering with his functioning at an unacceptable level and he is looking to see if it would be ok to detune it. ("Overkill?")
Again I will state to the original poster, all the boot crap is silly, an attacker will just yank the drive first, I know I would to ensure it is in a controlled environment. And encryption is always less secure than just not storing any data on the system, plus this deals with the third point of the security triad that you have missed, Availibility. That data is not availible if you are storing it on the laptop and the lap top is stolen.
catch
#1 if you read through you will notice that it says that i havent done it but would like to, so theres nothing to brag about.
#2 again i havent done it so theres nothing to interfere with my daily usage
and for #3 again i dont care if it is stolen, i just dont want anybody to beable to access that drive.
Then why did you post?Quote:
Originally posted here by Pirogoeth
#1 if you read through you will notice that it says that i havent done it but would like to, so theres nothing to brag about.
#2 again i havent done it so theres nothing to interfere with my daily usage
and for #3 again i dont care if it is stolen, i just dont want anybody to beable to access that drive.
I have answered your question, don't store data on the computer, store it on the network.
catch
Look at it this way:
- All of your bios screen measures are essentially futile if someone removes the HD and puts it in another machine
- You say "PGP encrypt all files" - but most programs cannot work with pgp encrypted files, hence they need to be temporarily decrypted. They then hang around in slack space and remain there after power off
- Having more than one layer of encryption is pretty pointless. Nobody is going to attack the key anyway.
The system is only as good as its weakest link... who are you trying to protect it from?
Most attackers would stop if they didn't know what was in there - for this reason you should probably use an encrypted container file, which prevents the filenames or other attributes from being seen without the key. Also you might want to consider using steganography to further hide your stuff.
They can't attack it if they don't know it's there.
But more seriously, it is very difficult to prevent bits of sensitive files ending up in the registry, the swapfile, or temporary space.
Overkill or perfect? I'm thinking yes to overkill because it's just too much trouble and definately not perfect because you failed to mention physical security....what gets me is that you change your bios password every single day but you can only try 3 times before it locks you out for a day....what happens when you forget your password? I change my passwords once a month and then I have trouble remembering the new for about a day, so it just seems like it's too much trouble. So there's MHO :D
how about this.....
encrypted hard drive
how about this...
store your kiddie porn somewhere else. Seriously, what could be so important that you have to go through all those rediculous motions just to keep it safe. This thread ought to have been in tech humor so we could all contribute ideas to building a rediculously "secure" system.
That's not a bad idea....somebody should make a thread like that in tech humor! I don't know enough to get it started though, so it's definately up for grabs. Whoever can take it and run with it should do it. Seriously though, I'm wondering what is so important that you'd need that much security....if I were a hacker (and I might be but I'd never say that...:p) and I ran into that much security on a computer, I'd steal it and then try and find whatever I could just because I'd be so curious... Ever hear the phrase "hidden in plain sight", well it isn't false.....security should be as small of a hassle as possible but also as strong as possible, and the way you've got it set up is far too much of a hassle and not as simple or as strong as it could/should be. I like Roadclosed's solution, but seriously, you shouldn't have anything extremely important on a laptop.
depends on what you mean by "security" if you just don't want anyone else to get your data, that'll do it, if you want to make sure your data isn't lost, its overkill, in fact, if you go that overboard to protect your data, i can almost guarentee you'll lose it. if not to a theif, to a stupid accident. good luck.