Increasing Computer Security through Hardware? 69
Audiostar asks: "I am interested in adding some security to several of my computers, but am unsure as to which product to go with. I would like to use some sort of external security measure, such as a pen drive token or something similar. I had considered custom building a key card and reader to install on all my machines, but once I started thinking about the cost and time of building a card reader for each of my computers it became rather impractical. Does anyone have any suggestions for external locking devices or software? I would prefer something that I could use on both my Windows and Linux machines, but protecting the Windows machines are the top priority. I don't need anything too fancy, just an added layer of protection from the multitude of various people who come in and out of my place of business everyday. I own a 128mb flash disk watch, so possibly using that as a token would be both easy and geek chic. Any suggestions on what to install?"
Use reliable hardware. (Score:5, Insightful)
Don't use the watch. You'll smack it against something, and then you're screwed. Ditto for a generic USB flash drive, unless you're sure it's bulletproof. Get something reliable, or don't get anything. If you want to be sure you're covered, buy three of whatever it is. Keep one handy, one in a fireproof safe/lockbox on the premises, and one at home. If your only hardware key gets hosed, so do you.
Oh, and KISS. You're right; the cardkey isn't practical, and not just because it'd be difficult/expensive to build. It would probably also be something prohibitively difficult to troubleshoot, should you have problems later. Then you have to call a specialist, and hope he's A) cheap and B) can figure out how to solve your custom-built (and therefore, proprietary) hardware problem. You're probably on the right track with small, removable hardware. Just make sure it's also reliable, or it's useless.
Huh? (Score:2, Insightful)
You mean, like, customers??? Are you implying that these customers are unsupervised for a period of time lengthy enough to get into your computer and do something to it, or read some personal files? Maybe you should invest in something larger than a USB device. ThinkGeek doesn't sell what I'm talking about, but you could find it at the local unemployment office. Thats right, I'm talking about hiring an employee!!!
If an employee is beyond your means, then may I suggest a nifty little Windows feature: Ctrl+Alt+Del, then click "Lock Computer".
Now, if you'd like to admit that you're business is being run out of your dorm room, and you only want something "cool" to lock out your buddies in the dorm, then maybe you'd get some better advice. Otherwise, password protect your machine, change it daily if you're really concerned, and don't leave it logged in when you're not in your room.
Er? Bad question! (Score:5, Insightful)
Audiostar asks: "I am interested in adding some security to several of my computers, but am unsure as to which product to go with...
Er, what sort of security?
A simple bios boot password will prevent the computer-naive from accessing your machine.
GnuPG under Windows and the unix clones will allow you to encrypt/decrypt and digitally sign files.
The unix clones tend to be able to encrypt their entire filesystem by whatever algorythm you want. NTFS claims some sort of filesystem encryption as well, but I'm unfamiliar with the mechanism and thus won't recommend it.
OpenBSD has encrypted swap and tends to be tops on the 'utterly paranoid' scale.
How about you tell us what you are trying to do exactly, and we'll tell you the best solution.
Gimme Access and it wont matter (Score:3, Insightful)
All you can do is slow them down..
Enabling bios passwords, disabling boot from anything but the HD, storing data on the servers, and good system passwords should be enough to keep out the casuals...