Computer Security for the Tech challanged

[Geel_jire]

Computer System Security is very difficult to implement and no matter what measures you take, no system is 100% secure. People on the Network-Security side of things are fond of saying that the only secure computer is one that has no connection to the outside world.

 

There are a few tricks that do not contribute directly to security, in fact security professionals hate them & talk about them with disdain nevertheless they 'may' help as a deterrent in keeping away the lazy non-determined hacker who would have hacked your system just for the hell of it.

 

They are:

 

1- Security Theater:- which is the appearance of security without any real measures (this one is especially loved by the cheapos)

A real world analogy would be having a big sign on your front yard that says Beware: Gaurd Dog on premises OR This area is under constant surveillance without anything to back these signs up ... things like this may deter petty thief's but wont stop a more serious one. Assume you have a wireless network at home most residential wireless routers use 'WEP' encryption which can be cracked in under 3 minutes but naming your network 'Virus' might make the neighbors kid think twice about hopping onto your link.

 

 

2- Security by Obscurity:- this is like hiding things in plane sight , suppose you have a folder with 'sensitive' data .. you can bury it under 30 layers of folders with alphanumeric names ... which will make any weary to dig deeper.

 

 

Disclaimer:These measures do not provide security by themselves and should not be used as substitute for strong password authentication, public/private encryption, redundancy.

 

This thread is intended for the tech challenged who currently employ no measures whatsoever.

 

coming up(when i get the chance): Practical security measures including

 

- configurations of:

personal firewalls

spyware removers/blockers

Adware removers/Blockers

 

- Private key encryption (local files)

- Public key encryption (email)

- enforcing complex password policies

- Plausible deniability systems (TrueCrypt)