Computer security in a dormitory.

[soulchill]

Obvious things that come to mind are mostly mentioned:
1. if allowed, put a router between you and the dorm.
- don't broadcast your SSID if it's wireless
- use a good password
- don't allow WAN side access to your router
- static assign allowed MAC's to router
2. don't share things (no public/shared folders)
3. turn off remote desktop/remote help (similarly, don't run an ftpd or sshd on it)
4. use anti-virus software and keep it current
5. don't run things you can't trust.
6. Don't let other people access your laptop to where they can get your MAC.
7. Change password on your laptop periodically
8. If your concern is data integrity vs no one seeing it, image the whole thing periodically as well.

There used to be a program called "activeports" that would tell you what ports programs were using, so if you did see stuff hitting your computer, it would show you which process was running.

 

[naisho]

9. hide and bury your hard drives in the yard when they are not in use.

Jokes aside, if you're really worried about your computer data getting stolen - invest in external 2.5" drive. With all the SSD plenty of 2.5" are offered. You can take it off and carry the drive in your backpack or pocket when you are not around your desktop.

Anytime you leave your hard drive data in your room while you are not there, you can't have full control over it.

 

[diehardbiker]

Exactly, refer to Jiro's first post of this thread. It is best you can get when it comes to secure your information. And timing is everything, the longer you connect your computer to the Net, the chances of somebody breaking in your computer increases. Honestly, there is no such thing as 100% fool-proof security when it comes to computer technology. Even Banks had their security breached in the past, mind you their security is much far tougher than your computer security, yet they get break in anyway. Even Government computer network do get hacked in the past.

Quit worry about it, it only hurts your heart and your mind, and you don't need that crap after all.

9. hide and bury your hard drives in the yard when they are not in use.

Jokes aside, if you're really worried about your computer data getting stolen - invest in external 2.5" drive. With all the SSD plenty of 2.5" are offered. You can take it off and carry the drive in your backpack or pocket when you are not around your desktop.

Anytime you leave your hard drive data in your room while you are not there, you can't have full control over it.

 

[Evo Dragon]

[ame=http://www.youtube.com/watch?v=Lbp45dyM1Ic]「GIGABYTE Ultra TPM〠- YouTube[/ame]

 

[The Highlander]

9. hide and bury your hard drives in the yard when they are not in use.

Jokes aside, if you're really worried about your computer data getting stolen - invest in external 2.5" drive. With all the SSD plenty of 2.5" are offered. You can take it off and carry the drive in your backpack or pocket when you are not around your desktop.

Anytime you leave your hard drive data in your room while you are not there, you can't have full control over it.

Are you kidding me?! Did you try put external 2.5" drive in your pocket? It's feels not comfortable. What's wrong with flash usb? It's pretty smaller and easy for pocket.

Yep, Take it with you is more safety than alone in the room. Mobile job box? No problem and just take it with you.

 

[diehardbiker]

I kinda of agree with him, I think 128GB usb flash drive is more than sufficient. Or even 64GB would do just fine.

Are you kidding me?! Did you try put external 2.5" drive in your pocket? It's feels not comfortable. What's wrong with flash usb? It's pretty smaller and easy for pocket.

Yep, Take it with you is more safety than alone in the room. Mobile job box? No problem and just take it with you.

 

[Jiro]

Old school are much wiser, LOL

Since I am not hacker, and not interesting in hacking anyone so I only have general idea.

neither am I. I didn't do any hacking. all I did is click on the app that detects wifi device and I can see bunch of wifi devices (laptop, router, etc.) and I see their MAC address.

and then a hacker will do something to spoof MAC address... that I do not know how to but that's how they do it.

major security risk - any hacker with a laptop and KISMET program (free to download)... he'll sit in middle of busy public area with free wifi and he can snoop into anybody's devices if they're using insecure connection. I wouldn't worry about getting intercepted if I were accessing my bank with iPhone because the connection is already secured.

 

[Jiro]

I ain't carrying USB thumbdrive. I can lose it. I'll just stick with dropbox.

 

[The Highlander]

I ain't carrying USB thumbdrive. I can lose it. I'll just stick with dropbox.

How about this?

 

[Evo Dragon]

How about this?

or USB thumb watches for spying?

 

[SneakerNet]

The only sure way to secure the desktop is by having DVD-ROM only (no RW type DVD) and disabling the USB port (have to do that by modify it in the registry file) and only use PS2 port for keyboard and mouse. There's an adapter with PCI card for PKI card reader to access the desktop/laptop. It will be difficult to copy anything out of the Hard drive because there's no place to store it externally.

 

[Jiro]

How about this?

I have that in my keychain and I don't keep sensitive info in it.

 

[The Highlander]

The only sure way to secure the desktop is by having DVD-ROM only (no RW type DVD) and disabling the USB port (have to do that by modify it in the registry file) and only use PS2 port for keyboard and mouse. There's an adapter with PCI card for PKI card reader to access the desktop/laptop. It will be difficult to copy anything out of the Hard drive because there's no place to store it externally.

Remember OP have gaming computer which it's better for USB as mouse and keyboard. No one want PS2 port due lag or poor performance mouse dpi.

registry file? No problem. Use Linux boot dvd then copy all informations then send them to ftp or email or whatever.

What's wrong with disabled USB and disabled boot order by BIOS and enabled password. Better way to save information in the flash usb.

 

[Foxrac]

Remember OP have gaming computer which it's better for USB as mouse and keyboard. No one want PS2 port due lag or poor performance mouse dpi.

registry file? No problem. Use Linux boot dvd then copy all informations then send them to ftp or email or whatever.

What's wrong with disabled USB and disabled boot order by BIOS and enabled password. Better way to save information in the flash usb.

Yes, that why I prefer gaming grade keyboard and mouse because of low input lag.

 

[The Highlander]

Yes, that why I prefer gaming grade keyboard and mouse because of low input lag.

Same here.

 

[SneakerNet]

Remember OP have gaming computer which it's better for USB as mouse and keyboard. No one want PS2 port due lag or poor performance mouse dpi.

oh yes of course, but just basically I'm talking about securing the computer. If gaming involved, then we wouldn't use the PS2 inputs.

registry file? No problem. Use Linux boot dvd then copy all informations then send them to ftp or email or whatever.

Not if HD is encrypted.

What's wrong with disabled USB and disabled boot order by BIOS and enabled password. Better way to save information in the flash usb.

BIOS can reset easily by jumper reset or removing battery.

 

[The Highlander]

oh yes of course, but just basically I'm talking about securing the computer. If gaming involved, then we wouldn't use the PS2 inputs.


Not if HD is encrypted.



BIOS can reset easily by jumper reset or removing battery.

Now you said about HD is encrypted. What software (Windows) you recommend for HD encrypted?

If you pick right motherboard, Not all motherboard does have CMOS battery. Some motherboards used soldering battery. You can apply epoxy on the CMOS battery for secure. PLUS OP plan to use security screws for the computer.

 

[SneakerNet]

Now you said about HD is encrypted. What software (Windows) you recommend for HD encrypted?

Well, it depend, if you want software or hardware type. SED (self encrypting drive) have zero impact of performance and don't have to worry about key management and it's more secure than software encryption because encryption key doesn't stored in HD. It's all in the hardware.

Software encryption, there are two types, encrypt on the fly and full HD encryption. This will impact the performance, just little. Also it's not 100% secure because the virus can pick up the key that stored in the HD.

Now someone mentioned about TrueCrypt, it's a good software and it's free but the only draw back that there's no key management, If you forgot or lost the paper for passphrase or rescue CD/DVD disk, your hard drive is gone for good. Just have to reformat it. Secondly if you plan to do a full hard drive encryption (depending on number of bit) like formatting 500 GB, 1024 bit with 15 characters passphrase, it will take 7 years to complete it. holy crap forget it...

There's other one called WinMagic SecureDoc which I like it but it's not free.

Now for my vote, I would go for SED with only little more cost than the regular HD.

If you pick right motherboard, Not all motherboard does have CMOS battery. Some motherboards used soldering battery. You can apply epoxy on the CMOS battery for secure. PLUS OP plan to use security screws for the computer.

Yes, it's good for home use to put epoxy on the battery but not for work. We have to follow NSA policy securing the desktop/laptop computers, that include the brand name of the computer (Dell, HP and such), fiber optic network (If working in the SCIF), and on and on. And also whenever the employee leave, fired, resign or whatever, we have to nuke the hard drives (which take bout 92 to 130 hours to format it) before we can re-image the OS.

The best solution is to buy two computers, one that run Linux, for all the personal information fully encrypted and such so you can use it for online purchase, or electronic financing or any other personal stuff, and for other computer use Windows for gaming only.