[CS-FSLUG] How to secure a Windows machine

Josiah Ritchie josiah.ritchie at gmail.com
Mon Oct 8 21:20:49 CDT 2007 

Wow, Tim, that's a very compact and valuable email. I'm going to be
keeping this one around for awhile. You've summed up the history and
theory behind missionary tech security in a very small space. :-)

JSR/

On 9/30/07, Tim Young <Tim.Young at lightsys.org> wrote:
> Hi,
> I am a missionary and do a fair bit with security.
>
> First of  all, Linux, by default, does NOT encrypt information.  :)
>
> There are a large number of types of encryption/protection schemes for
> computers.  A CMOS password is actually fairly laughable protection.  It
> is not the computer that needs protection, it is the data.  And yanking
> a hard-drive out of a computer and popping it into another computer is
> very easy to do, and effectively thwarts CMOS password protection.  ;)
> You can get specialized Hard-drive level passwords that are much better,
> but much more expensive.
>
> There are quite a number of considerations when it comes to missions and
> encryption.  For example, for a while encryption for missionaries was
> actually worse than not encrypting your information.  If someone saw
> that you you were hiding stuff from them, then they decided they really
> wanted to know what that "stuff" was.  For a time, they always had you
> turn on your laptop when going through customs.  This was primarily so
> they knew it really was a laptop, but it also showed them what you
> needed to do to access information.
>
> There are whole-disk encryption products, and there are partial disk
> encryption tools.  Both of which have strengths and weaknesses.  Most
> high-end businesses now have various levels of encryption on their
> laptops, which is very helpful to missionaries.  Now missionaries can
> use the same level of protection as businessmen do, and they do not
> appear out of the ordinary.
>
> But the funny thing about all this encryption and all is how worthless
> it is.  I have been in places where the missionaries had very high
> protection on their laptops, but their cellphones had all their fellow
> workers numbers on them, un-encoded.  And it is very easy to pick-pocket
> a cellphone.  I even saw missionaries who kept paper copies of their
> workers names, addresses, and phone numbers in their wallets.  Wallets
> are four or five times more common to have stolen overseas than laptops.
>
> But in most places, by the time a government gets around to stealing a
> laptop, they already know you are a missionary.  At that time they are
> just looking for the rest of your contacts and trying to see who else
> they can discover.   It is still amazing how much easier it is to set
> someone across the street from you and watch the house, or to simply put
> someone in plain clothes and simply ask the missionary why they are so
> "happy."  Going through th effort of stealing a computer and pulling off
> information from it is usually a lot more work that they need to do.
>
> Because of this, every mission organization has a different security
> policy.  Some recommend high levels of security on their computers, some
> recommend very low security.  Most do not have any recommendations and
> let the missionary determine what they want to do.
>
> Linux does have some decent offerings for security, though most of them
> are not as integrated with the windows interface as one would like.  The
> fact that you can have multiple users logged in and active
> simultaneously on a Linux box has posed a much greater series of
> problems to making good security solutions.   To get root on 98% of all
> Linux boxes, all you need is a boot-floppy or rescue CD.  Email, which
> is usually the thing that contains the most incriminating information,
> is stored in the user's home directory, usually totally unencrypted.
> There are a few decent packages for auto encryption of your data, but
> most distros do not bundle that in.
>
> The long and short of it is that people will continue to need to go out
> of their way to encrypt their information.  There are some very good
> reasons why missionaries should use a wide verity of solutions, not
> standardizing on one particular solution.  And there is always a balance
> between security and ease-of-use.  Some missionaries, when you give them
> a secure setup, will find some way to destroy the security to make it
> that much easier to use.  What it boils down to is individual training
> for each individual missionary, balanced for the situation they are in.
> They all need to know what the issues are, what the effects of their
> decisions are, and what tools they have at their disposal.
>
> While it is important to be as wise as serpents, there are times when it
> is important to realize that our security, regardless of what we do,
> ultimately lies in the hands of our loving God.  Many missionaries are
> incapable of understanding the technology behind security, and they may
> survive even longer on the field than one who has all the best security
> tools out there.  We need to be wise with what we are given, but to
> always keep out faith in the one who sends us to the field for His
> purposes...
>
> :)  Probably more information than you wanted...
>
>     - Tim Young, Field Consultant
>     LightSys Technology Services
>     www.lightsys.org
>
>
> Yama Ploskonka wrote:
> > I recently was talking with a laptop-carrying missionary that works in
> > a restricted country, and I was wondering how safe his stuff was if the
> > powers and principalities get ahold of his Windows machine.
> >
> > I know Linux by default encrypts your stuff, but I felt unable to point
> > this fellow to savyy procedures to ascertain if his stuff was safe, and
> > how to make it safer if not.
> >
> > Do you know of any such webpage, hopefully geared towards our mindset
> > and needs instead of that of assorted paranoids and wannabe hooligans?
> >
> > BTW, as we all know, the Church is probably trailing all other segments
> > of the population in adopting/creating open source, so convincing this
> > friend to go Linux is a waste of time at this moment.
> >
> > Yama
> >
> > _______________________________________________
> > ChristianSource FSLUG mailing list
> > Christiansource at ofb.biz
> > http://cs.uninetsolutions.com
> >
> >
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>


-- 
Our Mission
Technology and Hospitality for God's Workmen
http://missions.ritchietribe.net

More information about the Christiansource mailing list