[CS-FSLUG] How to secure a Windows machine

Tim Young Tim.Young at LightSys.org
Sun Sep 30 14:50:57 CDT 2007 

Hi,
I am a missionary and do a fair bit with security. 

First of  all, Linux, by default, does NOT encrypt information.  :)

There are a large number of types of encryption/protection schemes for 
computers.  A CMOS password is actually fairly laughable protection.  It 
is not the computer that needs protection, it is the data.  And yanking 
a hard-drive out of a computer and popping it into another computer is 
very easy to do, and effectively thwarts CMOS password protection.  ;)  
You can get specialized Hard-drive level passwords that are much better, 
but much more expensive.

There are quite a number of considerations when it comes to missions and 
encryption.  For example, for a while encryption for missionaries was 
actually worse than not encrypting your information.  If someone saw 
that you you were hiding stuff from them, then they decided they really 
wanted to know what that "stuff" was.  For a time, they always had you 
turn on your laptop when going through customs.  This was primarily so 
they knew it really was a laptop, but it also showed them what you 
needed to do to access information.

There are whole-disk encryption products, and there are partial disk 
encryption tools.  Both of which have strengths and weaknesses.  Most 
high-end businesses now have various levels of encryption on their 
laptops, which is very helpful to missionaries.  Now missionaries can 
use the same level of protection as businessmen do, and they do not 
appear out of the ordinary.

But the funny thing about all this encryption and all is how worthless 
it is.  I have been in places where the missionaries had very high 
protection on their laptops, but their cellphones had all their fellow 
workers numbers on them, un-encoded.  And it is very easy to pick-pocket 
a cellphone.  I even saw missionaries who kept paper copies of their 
workers names, addresses, and phone numbers in their wallets.  Wallets 
are four or five times more common to have stolen overseas than laptops.

But in most places, by the time a government gets around to stealing a 
laptop, they already know you are a missionary.  At that time they are 
just looking for the rest of your contacts and trying to see who else 
they can discover.   It is still amazing how much easier it is to set 
someone across the street from you and watch the house, or to simply put 
someone in plain clothes and simply ask the missionary why they are so 
"happy."  Going through th effort of stealing a computer and pulling off 
information from it is usually a lot more work that they need to do.

Because of this, every mission organization has a different security 
policy.  Some recommend high levels of security on their computers, some 
recommend very low security.  Most do not have any recommendations and 
let the missionary determine what they want to do.

Linux does have some decent offerings for security, though most of them 
are not as integrated with the windows interface as one would like.  The 
fact that you can have multiple users logged in and active 
simultaneously on a Linux box has posed a much greater series of 
problems to making good security solutions.   To get root on 98% of all 
Linux boxes, all you need is a boot-floppy or rescue CD.  Email, which 
is usually the thing that contains the most incriminating information, 
is stored in the user's home directory, usually totally unencrypted. 
There are a few decent packages for auto encryption of your data, but 
most distros do not bundle that in.

The long and short of it is that people will continue to need to go out 
of their way to encrypt their information.  There are some very good 
reasons why missionaries should use a wide verity of solutions, not 
standardizing on one particular solution.  And there is always a balance 
between security and ease-of-use.  Some missionaries, when you give them 
a secure setup, will find some way to destroy the security to make it 
that much easier to use.  What it boils down to is individual training 
for each individual missionary, balanced for the situation they are in.  
They all need to know what the issues are, what the effects of their 
decisions are, and what tools they have at their disposal.

While it is important to be as wise as serpents, there are times when it 
is important to realize that our security, regardless of what we do, 
ultimately lies in the hands of our loving God.  Many missionaries are 
incapable of understanding the technology behind security, and they may 
survive even longer on the field than one who has all the best security 
tools out there.  We need to be wise with what we are given, but to 
always keep out faith in the one who sends us to the field for His 
purposes...

:)  Probably more information than you wanted...

    - Tim Young, Field Consultant
    LightSys Technology Services
    www.lightsys.org


Yama Ploskonka wrote:
> I recently was talking with a laptop-carrying missionary that works in 
> a restricted country, and I was wondering how safe his stuff was if the 
> powers and principalities get ahold of his Windows machine.
>
> I know Linux by default encrypts your stuff, but I felt unable to point 
> this fellow to savyy procedures to ascertain if his stuff was safe, and 
> how to make it safer if not.
>
> Do you know of any such webpage, hopefully geared towards our mindset 
> and needs instead of that of assorted paranoids and wannabe hooligans?
>
> BTW, as we all know, the Church is probably trailing all other segments 
> of the population in adopting/creating open source, so convincing this 
> friend to go Linux is a waste of time at this moment.
>
> Yama
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>
>

More information about the Christiansource mailing list