This is not bad. I would put heavy emphasis on owning your own router. This will work as a port forwarding, firewall and DHCP client all in one. Be sure and block UDP. If you are ONLY using the hardware provided by your ISP, then this leaves you open to all kinds of monitoring. I have heard reports of ISPs ‘pinging’ your ‘modem’ some 200x/sec. Your ISP uses UDP to typically assign you a dynamic IP, or ‘chat’ with the hardware, this is one required function, and one invasive function. Because it is their equipment, they can legally do anything with it and not tell you, so who knows what they are looking for when they ping your device some 200x/sec, block UDP and this stops.

because you are on a mac, you already have superior defenses against the pc tools of the world, but I would still suggest using the built-in firewall for incoming filtration, a router against ping floods and ddos attempts (remember all the bots and worms out there think your machine is a pc), and get yourself LittleSnitch to foil outgoing connections from software that ‘phones home’.

stw

Very soon there will be a standard on HDD encryption from the FW on the drive. I wasn’t fully in the loop on that at my previous employer (they design systems on a chip and the one I worked on was for SCSI RAID Controller with encryption) but there’s an article on it here:

http://arstechnica.com/hardware/news/2009/01/hard-drive-manufacturers-unveil-disk-encryption-standard.ars

One interesting component of the article I like is the claim that your property will be less valuable, even hardware, because it wont’ be usable. The HDD simply will not work, even when removed in an attempt

Typically emails don’t contain a trail of IP’s? So much like IP Packets then? I haven’t read up on email protocols, just TCP/UDP/ICMP. I’ll have to find another email client, as a mediary. With PGP though I’ll need to send out my Public Key for family who are anything but tech savvy to be able to read my emails. (They STILL ask how to dub VCR to VCR or how to use the universal remote to watch a DVD). Hopefully that won’t be an issue. And you’re write, “Who keeps emails for 7yrs” I guess I don’t need to. I’ve backed some up before and… not once have I really needed to view them.

Again, WOW and thank you for the info. I will keep the questions to a minimum. You answered quite a few with that paragraph.

I will try and do one at a time, you asked alot of questions.

I use macs, so what I describe should be translated into whatever platform you use. I encrypt entire drives, especially the ones that I use for the server. Macs have a built-in utility that encrypts the entire drive, and demands a password to mount the device on startup. There is no impediment to performance using this feature. I encrypt them @ AES 256, solely for that this level of encryption is sufficient for my needs and cannot be readily hacked or bypassed in any known fashion. This eliminates the need to selectively encrypt this or that, while omitting files/folders for whatever reason. This policy covers everything. Simply unplugging the machine or hdd will reset the device and then demand password to re-mount it. For sensitive e-mails that I don’t want intercepted, or read by 3rd parties, I use PGP. I also use several free web based email accounts to bounce/forward from one to the other to obscure the source IP it was sent from. An email contains what is known as a ‘header’, this has information on the protocol used to send the message, the IP it was sent from, and the mail server IP that received it. Typically, this information contains the ‘last’ bounce, and does not contain a trail from whence it came. So using two emails, one as an intermediary to forward incoming and outgoing emails is sufficient to remove any footprints left behind, and with the body of the message encrypted using PGP, it makes it just that much harder to eavesdrop. The DHS is using terrorism as an excuse to basically spy on anyone they want, in the name of national security. I do not like this, therefore I go out of my way to take steps to foil these asshats.

hthm

stw

If I am being cryptic in my responses, it is mainly because I write articles here, and answering your questions, each one could be an article itself. So instead of posting an article sized response, in the future, I will address each of your questions and write an article about it. Remember, when I post, it is for everyone to read, not just as a response to your questions, so I make general comments to the masses, nothing personal.

hth

stw

I don’t think you know me well enough to call me one of the masses.

You do not have control of your information is my point. You never will.

Did my professor (Founder of Certicom) lie when he said that 90% of the security effort of a corporation is to block people from coming in, but 90% of the theft occurs from within the system and without the use of technology. If I wanted your financial/health/employment information I don’t need to hack your system to get it. I know you realize that.

And no, to me you are not explaining yourself very well. I find your answers quite difficult to understand, it is as if you’re speaking with encryption or intentionally being elusive. I am not referring to PGP or any technical terms either.

I’ve spoken with a few experts in the field who’s job is to protect the corporate network (no, not BestBuy, CWCEC for example) and they explained statistically, even just a firewall, regular updates to security patches, router firewalls, etc.. would keep most hackers away. What I found most interesting was that it was not worth the investigative effort to try to hack your system, for whatever reason, as they could easily acquire the information through the sources (banks, health records, library, etc…).

NOTE: By referring to the experts I am NOT assuming I am one of them or they know more than you or any other interpretation to promote a sarcastic comment.

Surfer, when you are answering questions, it seems like you’re making a lot of assumptions about what people do/don’t do rather than ask them first and then you treat them as such, which is often belittling and condescending. Perhaps that is your nature and that’s OK, I’ll keep that in mind in the future. But unfortunately, I don’t know if I want to ask you any more questions.

I also don’t follow ” ‘Just cause I read it somewhere’ doesn’t wash on P2Pnet, we are informed here.” Where did I imply that? I am simply asking for clarifications and when I ask “will this not lock your system down to the point where you can’t use it” does NOT mean I am criticizing your efforts! It seems you took it that way. Those are legitimate questions, not loaded questions or “please, I’m cocky, chew me up and spit me out” questions.

The comment about disconnecting from the web was an attempt to express humour. The rest about the government using other ways to find out about you… do you believe this is false in theory and not executed in practice? I am asking legitimately, no sarcasm.

Basically, Surfer, there are ways of illustrating to someone they are misinformed that is helpful and non-confrontational, and I am struggling to find that in your responses.

Jon writes so much better than I do. I forget the colorful language I use to get my point across.

thanks Paulus for sticking in there, tell your friends..

thanks Jon, its just my style…

consider this article an editorial/blog/comments/editorial/doodad

stw

Its not overkill to control your own private information, you should always exercise your right to control your information. You should control its use.

‘Just cause I read it somewhere’ doesn’t wash on P2Pnet, we are informed here.

http://www.letmegooglethatforyou.com

The easiest and truly safest way is to… disconnect yourself from the web! Nothing can hack you now! Turn off all blue-tooth, wireless, and infrared hardware.

Your computer is now 100% secure.

On a more serious note, what are you trying to protect that you need to lock your system down like it were Fort Knox? If the government wanted to know more about you, they’d get to you one way or another; your bank, unless you’re paid in cash and you keep it under the mattress, your friends, your family, your shopping habits, your eating habits, what you borrow from the library, what videos you rent (if you do) or movies you see (if you do), etc…

And believe me, if the government wanted to find out about you and they knew you were a computer nut who would definitely lock your system down as if you were NASA, they’d find another way to watch you.

stw

also when deleting use the military grade delete …twice
lets just say when that happens and because a that hackers actually have 7GB of DRM development by the top 30 companies with some shoe company at its core.
haha
ya boot time

and if you have ever seen a nasa encrypted file you know what encryption is about.
Mkaes ya wonder why space shits need to be encrypted…..

OH YA one other tip
NEVER …I REPEAT NEVER GOTO GOVERNMENT WEBSITES
they log that ip and you will be visited and scanned

Here is a neat thing to do.
get a server , install file zill ftp server
, then install rtorrent( with ssl),
change limits.conf to handle large file sets.

install encrypted remote desktop tools and server locally and remote.
Notice “encrypted”
then you get a hacker to give you a linux log wiper for your Server
have it run as a cron ( this is an automated process that will run via a script at certain times , and is one reason linux is far more powerful then windows) job as you wish.

then get pgp desktop and encrypt everything while not in use
create a custom instant messenger that has SSL direct person to person chat ability.

go get a outsource audio chat server make it so that you cna encrypt along at either ends via SSL again.

hand keys out to who ever as best you can without internet if possible.
double firewall yourself
if you need windows place it on top of vmware

BTW on top of that pgp desktop encryption use another one and don’t tell no one which.
Double encryption = literally UNCRACKABLE.

If you can design things make a client for YOUR trackers site and make it so ips can only be seen by admins and mods.
Lot less to worry about when its a handful a people isn’t it. Then have them ban all other clients, and make it so a periodic update is required to change the programs headers so as to prevent some one pretending to be that client and data mining.

In irc chats connect via SSL , make sure your client can also encrypt on its own and that all people are able to do same, all it takes is one arse and its all for nothing.

So who am i. I am retired scene, yes that’s right and ive been doing the above for last 8 years, haha its all just routine now.
if everyone did all this, the court cases would be extremely hard to happen.

I love it when you talk dirty. heh

Cheers!

stw