How Do YOU Establish a Secure Computing Environment?

sneakyimp writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys. On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and Linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your Linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted? Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the motherboard firmware be compromised? What steps can one take to ensure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"

linux

[blackC0pter]

i actually run linux on the desktop to help stay secure and don't pirate software. Add some ufw firewall rules and a router based firewall and you can survive most non-local (in the room) attacks.

Re:No input, no net connection.

[Anonymous Coward]

Secured and monitored a single site 24/7 using
motion and a wireless camera. Uploaded images live to a cache on the LAN
through which the data immediately went to
redundant cloud storage services in countries
with redundant systems of legal process.

Separated data streams in the local network and the clouds to inform me of unscheduled motion. Used email and one cloud service over G3 with fallback to GPRS and WiFi.

On a daily basis Reaffirmed that the system continued to operate. Monitored and secured the site 24/7. Processed the record generated for redundant archives. Slept well.

get psychiatric help

[onyxruby]

You don't need computer security, you need psychiatric help, seriously. I've known people with paranoid delusional conditions before. Talk to to Psychologist about getting help and make sure you take care of your mental health. You really, really, don't want to end up on the street where your mental health spirals out of control.

If your not willing to work with that than I suggest you keep a few practical thoughts in mind:

The FBI doesn't care about your porn habits unless they involve underage kids.
The CIA could care less about you unless your working on behalf of a foreign government and even then probably not.
The NSA consider you a civil matter.

If your in another country simply substitute your local government agency for the right one.

Frankly if you were working for anybody that the CIA, NSA etc actually cared about you would be getting professional advice from your employer, and not by asking Slashdot. You sound like a young person thinking about becoming a script kiddie or someone with delusion of prosecution over warez trading and porn surfing. The comment is quite sincere, you need to seek help from a mental health professional.

Yes.

[neoshroom]

Do Windows, OSX, and Linux have security holes?

Yes.

Does Windows supply a backdoor for the U.S. or other governments?

Yes.

Should you really trust your Linux multiverse repository?

No.

Do Google and Apple data mine your private mobile phone data for private information?

Yes.

Does Ubuntu's sharing of my data with Amazon compromise my privacy?

Yes.

Can the U.S. Government seize your cloud data without a warrant?

Yes. (The U.S. government can do anything. Your only recourse if they do something wrong is to sue them. Suing them typically takes years of time and hundreds of thousands of dollars for you. Thus, in a practical sense no one really has any firm rights any longer because the system in charge of correcting breaches to those rights is not accessible or swift for an average citizen using it.)

Can McAfee or Kaspersky really be trusted?

No.

Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD?

Use FreeBSD or other extreme minority operating system.

Is it safe to buy a PC from any manufacturer?

Not any, but likely most.

Is it even safe to buy individual computer components and assemble one's own machine?

Again, usually it would be. It seems like software is typically the vector of attack. Hardware much less often comes with built-in vulnerabilities.

Or might the motherboard firmware be compromised?

Less likely than the OS, but remotely possible from some manufacturers.

What steps can one take to ensure a truly secure computing environment? Is this even possible?

Don't connect your computer to the Internet. Even if the OS is hacked, the motherboard firmware is hacked and the hardware itself is hacked, it doesn't matter if nobody can access it but you.

Can anyone recommend a through checklist or suggest best practices?

http://lmgtfy.com/?q=secure+hardware+and+software+computing+checklist [lmgtfy.com]

__