[CS-FSLUG] How to secure a Windows machine

Yama Ploskonka yama at netoso.com
Tue Oct 9 19:59:13 CDT 2007 

Hi guys, turns out my account was rejecting CS-FSLUG messages so I got 
this only as a repost from Josiah.  (problem fixed now)

I agree totally, great presentation of the problem and the lack of any 
simple solutions.

a friend working "over there" was flying back, with a list of all 
leadership contacts on paper in a binder (probably he thought he would 
work on it during the flight), when he noticed they were doing a very 
thorough search of all carry-aboards, which apparently where he was was 
not that common.  Providentially he had been given as a gift a hadj hat 
(the kind those who go to Mec ca use to show they did it), and he placed 
it right on top of his binder.  When the customs official opened his bag 
and saw the hat, he waved him on.

Yes, it's a Lord thing

Yama

Josiah Ritchie wrote:
> Wow, Tim, that's a very compact and valuable email. I'm going to be
> keeping this one around for awhile. You've summed up the history and
> theory behind missionary tech security in a very small space. :-)
> 
> JSR/
> 
> On 9/30/07, Tim Young <Tim.Young at lightsys.org> wrote:
>> Hi,
>> I am a missionary and do a fair bit with security.
>>
>> First of  all, Linux, by default, does NOT encrypt information.  :)
>>
>> There are a large number of types of encryption/protection schemes for
>> computers.  A CMOS password is actually fairly laughable protection.  It
>> is not the computer that needs protection, it is the data.  And yanking
>> a hard-drive out of a computer and popping it into another computer is
>> very easy to do, and effectively thwarts CMOS password protection.  ;)
>> You can get specialized Hard-drive level passwords that are much better,
>> but much more expensive.
>>
>> There are quite a number of considerations when it comes to missions and
>> encryption.  For example, for a while encryption for missionaries was
>> actually worse than not encrypting your information.  If someone saw
>> that you you were hiding stuff from them, then they decided they really
>> wanted to know what that "stuff" was.  For a time, they always had you
>> turn on your laptop when going through customs.  This was primarily so
>> they knew it really was a laptop, but it also showed them what you
>> needed to do to access information.
>>
>> There are whole-disk encryption products, and there are partial disk
>> encryption tools.  Both of which have strengths and weaknesses.  Most
>> high-end businesses now have various levels of encryption on their
>> laptops, which is very helpful to missionaries.  Now missionaries can
>> use the same level of protection as businessmen do, and they do not
>> appear out of the ordinary.
>>
>> But the funny thing about all this encryption and all is how worthless
>> it is.  I have been in places where the missionaries had very high
>> protection on their laptops, but their cellphones had all their fellow
>> workers numbers on them, un-encoded.  And it is very easy to pick-pocket
>> a cellphone.  I even saw missionaries who kept paper copies of their
>> workers names, addresses, and phone numbers in their wallets.  Wallets
>> are four or five times more common to have stolen overseas than laptops.
>>
>> But in most places, by the time a government gets around to stealing a
>> laptop, they already know you are a missionary.  At that time they are
>> just looking for the rest of your contacts and trying to see who else
>> they can discover.   It is still amazing how much easier it is to set
>> someone across the street from you and watch the house, or to simply put
>> someone in plain clothes and simply ask the missionary why they are so
>> "happy."  Going through th effort of stealing a computer and pulling off
>> information from it is usually a lot more work that they need to do.
>>
>> Because of this, every mission organization has a different security
>> policy.  Some recommend high levels of security on their computers, some
>> recommend very low security.  Most do not have any recommendations and
>> let the missionary determine what they want to do.
>>
>> Linux does have some decent offerings for security, though most of them
>> are not as integrated with the windows interface as one would like.  The
>> fact that you can have multiple users logged in and active
>> simultaneously on a Linux box has posed a much greater series of
>> problems to making good security solutions.   To get root on 98% of all
>> Linux boxes, all you need is a boot-floppy or rescue CD.  Email, which
>> is usually the thing that contains the most incriminating information,
>> is stored in the user's home directory, usually totally unencrypted.
>> There are a few decent packages for auto encryption of your data, but
>> most distros do not bundle that in.
>>
>> The long and short of it is that people will continue to need to go out
>> of their way to encrypt their information.  There are some very good
>> reasons why missionaries should use a wide verity of solutions, not
>> standardizing on one particular solution.  And there is always a balance
>> between security and ease-of-use.  Some missionaries, when you give them
>> a secure setup, will find some way to destroy the security to make it
>> that much easier to use.  What it boils down to is individual training
>> for each individual missionary, balanced for the situation they are in.
>> They all need to know what the issues are, what the effects of their
>> decisions are, and what tools they have at their disposal.
>>
>> While it is important to be as wise as serpents, there are times when it
>> is important to realize that our security, regardless of what we do,
>> ultimately lies in the hands of our loving God.  Many missionaries are
>> incapable of understanding the technology behind security, and they may
>> survive even longer on the field than one who has all the best security
>> tools out there.  We need to be wise with what we are given, but to
>> always keep out faith in the one who sends us to the field for His
>> purposes...
>>
>> :)  Probably more information than you wanted...
>>
>>     - Tim Young, Field Consultant
>>     LightSys Technology Services
>>     www.lightsys.org
>>
>>
>> Yama Ploskonka wrote:
>>> I recently was talking with a laptop-carrying missionary that works in
>>> a restricted country, and I was wondering how safe his stuff was if the
>>> powers and principalities get ahold of his Windows machine.
>>>
>>> I know Linux by default encrypts your stuff, but I felt unable to point
>>> this fellow to savyy procedures to ascertain if his stuff was safe, and
>>> how to make it safer if not.
>>>
>>> Do you know of any such webpage, hopefully geared towards our mindset
>>> and needs instead of that of assorted paranoids and wannabe hooligans?
>>>
>>> BTW, as we all know, the Church is probably trailing all other segments
>>> of the population in adopting/creating open source, so convincing this
>>> friend to go Linux is a waste of time at this moment.
>>>
>>> Yama
>>>
>>> _______________________________________________
>>> ChristianSource FSLUG mailing list
>>> Christiansource at ofb.biz
>>> http://cs.uninetsolutions.com
>>>
>>>
>> _______________________________________________
>> ChristianSource FSLUG mailing list
>> Christiansource at ofb.biz
>> http://cs.uninetsolutions.com
>>
> 
>

More information about the Christiansource mailing list