Forgot your password?

+ - How do YOU establish a secure computing environment? 3

Submitted by sneakyimp
sneakyimp (1161443) writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys.
On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted?
Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the MOBO firmware be compromised?
What steps can one take to insure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

How do YOU establish a secure computing environment?

Comments Filter:
  • All you have to do is design every single component of computer from the individual transistors up with security in mind - and inspect the build to ensure that it is as-designed using an electron microscope. And then write the operating system and all the apps to never, ever trust their data. And then never, ever connect it to the Internet or any other device that's not equally trusted. And operate it only in a Faraday cage protected by a 300 km completely dead perimeter with no life forms or electronic

    • I was going to say "Build your own CPU, mothervboard, daughter cards, write your own code OS applications and all and never allow it to connection to another device" but let's go with your answer :-)

  • For personal computers: Verify the signatures of all software before you install it. Use openSSH with PKI to tunnel all your traffic. Add a conditional firewall rule that blocks brute force attacks after three failed authentication attempts. Configure your firewall to block all unnecessary traffic. Install an IPS, such as snort. Use rootkit scanners. Use strong passwords. No need to remember them. KeepassX and Truecrypt can be useful tools. Google offers free and open source code to install your own 2-

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow