Description
This book is intended to walk you, the end-user, through the best practices for securing both a personal computer running the Windows 7 operating system (OS) and your personal digital footprint. Though this book does cover the basics, my intent is to provide tools and techniques that allow the reader to far surpass a mere “basic” level of security and privacy. My goal is for the reader to have the advanced tools and knowledge to be in the top tier of security- and privacy-minded users.
To accomplish this goal, this book is intended to be read and implemented from start to finish. The original idea for this book was to create the book I wish I had had years ago: a guidebook to setting up a brand new computer, from start to finish, with security and privacy as the primary goals. Though this is perhaps most easily implemented on a brand new machine (or clean installation), all of the techniques covered here can be applied to a machine that is already in use. Various sections in this book will reference material previously covered, so it is perhaps best to take it in order, but the user may use this book as he or she sees fit.
There are several concepts that will be referred to constantly and consistently within these pages. The first is redundancy. Many of the ideas expressed here may seem to overlap each other and you may wonder why I recommend so many steps that seem duplicative of previous effort, but this is by design. Computer security is not simple, nor is it easy, and redundancy is required. Massive vulnerabilities are routinely discovered in security software and protocols that are assumed to be secure. For example, in early 2014 the socalled “Heartbleed” vulnerability was discovered in the SSL protocol, a system of encrypting Internet traffic that had been assumed to be secure for years. Users who relied on the SSL protocol alone to protect their sensitive Internet browsing sessions potentially had vast amounts of information exposed online. Had these users implemented a second, redundant form of encryption for their Internet traffic, the Heartbleed vulnerability would not have been nearly so alarming. For this is the reason I recommend a sound defense-indepth with overlapping security measures. When working with security programs I always work with the underlying assumption that one or more of the protocols or applications I am using is compromised. Though this may seem paranoid, the concept has proven itself time and time again.
The second concept to which this book will continually refer is the idea that convenience and security are inversely correlated. To wit, the more convenient a system is, the less secure it is. This is, in my opinion, the reason computers are not more secure than they are. End users are typically unwilling to give up convenience for the sake of security and are constantly seeking more and more convenient systems (a concept the market validates by offering increasing convenience at the expense of security).
If the previous statement does not apply to you, and you are willing to sacrifice some convenience on the altar of security, then this is the book for you. Following the steps there will take time and patience, and will doubtlessly make your system somewhat less convenient to use, but the process will also make it far more secure. My intent, however, is not to purposefully make the system inconvenient. Where possible, I have tried to simplify and render security measures as painless and transparent to the user as possible without sacrificing security. It is up to each individual to find his or her own personal “sweet spot,” that ideal balance of inconvenience you are willing to endure and the corresponding level of security that you are comfortable with.
Contents:
Part I: Basic Best Practices
- Os Hardening And General Security
- User Authentication
Part Ii: Data-At-Rest
- Securing Data-At-Rest
- Secure File Deletion
Part Iii: Data-In-Motion
- Securing Data-In-Motion
- Internet Browser Security
- Securing Online Accounts