Main Area and Open Discussion > Living Room

Thinking about setting up a dedicated "secure PC" in my house.. Thoughts?

<< < (4/6) > >>

longrun:
As one of the foremost experts on unnecessarily complicating one's life I would like to offer a slightly different perspective.

Setting up such a PC has non-monetary costs. You'll have another PC to maintain, and the more complicated the system the more likely you are to make mistakes and the less time you'll have for other pursuits. If you use PayPal or banking fairly often, do you really want to have to go to another PC? When do the small risks justify extraordinary measures? For example, the consequences of having the websites you maintain hacked would be far greater than those of a fraudulent credit card transaction for which you wouldn't be liable.

Have you taken all the simpler steps first? Do you already use non-text, maximum-length, encrypted passwords? That doesn't require another PC.

If you're worried about banking and credit cards, have you taken all the steps you should take whether or not you set up a security PC, such as:

-setting up alerts on your accounts for transactions exceeding a certain amount
-monitoring your credit reports up to 3x a year for free
-setting up fraud alerts with the credit reporting agencies
-using virtual credit card numbers if you have any doubt about the vendor

If you're worried about the consequences of burglary, have you properly secured your house? Your data may be safe with FDE, but it's still a hassle to lose your stuff.

Have you thought about where the greatest risks actually lie? For example, I've used PayPal, eBay, and online banking extensively for years and have never had a problem, but I've had a couple of fraudulent transactions on a credit card I don't use online. Also, someone tried to open a Capital One account using my mother's information, and she's never touched a computer.

How often has your computer actually been infected with malware? I used to obsess about security software, etc. until I finally realized this just hasn't been a problem for me.

If you do decide to go ahead, I like the idea of a virtual machine (a cheap, simple, and convenient option). I dislike the idea of off-lease equipment (that is, equipment that was leased rather than bought, used for the lease period (often 3 years), and returned). Security and reliability are inextricably linked.

I don't mean to disparage your idea. Those of us who like to tinker with computers are inclined to think of adding new equipment as a solution. Setting up a security PC isn't a bad idea; it's just not the first idea one should consider.

app103:
Why a dedicated PC? Why not keep everything (OS included) on a bootable USB thumb drive? Then you can keep the drive locked away securely in a safe or something.

Pop it into whatever computer you want to use it with & boot it up.



Another idea is to just get yourself one of these: http://www.thinkgeek.com/computing/thumb-drives-storage/99f1/

paarkhi:
my humble suggestion would be Virtual OS and logging it from there as suggested by some members.
Booting from Linux and surfing is also a good option but little painful (But if you are paranoid about your security then OK)

Nod5:
This is a very good idea mouser. You mentioned two alternatives: a separate computer or one computer with virtualization software. A third to consider is one computer with a physical SATA switch, like this one http://www.thesataswitch.com/ , to switch between two separate (sets of) harddrives. I have a switch like that but for PATA. Pic above website:

drawbacks:
- you can't flip between host/virtual OS, you must shut down and reboot
- requires tinkering/soldering

advantages:
+ less costly and space consuming than buying an extra computer
+ more complete separation between the two systems compared to virtualization software (First, the software might have bugs that allow things to break out of the guest OS into the host. Second, if malware makes it onto the host then it might be able to keylog, do screenshots etc in the guest OS window too. The risk for that is low I think, but why not remove it if it comes easy.)
+ requires tinkering/soldering ;D

Netbooks are becoming so inexpensive now that getting an extra one might be the overall best option though. You get better portability. With a separate computer you can also use some KVM switch to use the same keyboard, mouse and screen for regular and secure PC.

It sounds like your intended use is mostly online transactions and server stuff, not things that need very specific applications. Then consider using some minimal Linux variety like Xubuntu or an even lighter one. That will cut down boottime compared to XP. The vanilla Ubuntu alternative installer CD has full disk encryption options so chances are the xubuntu one does too.

One more thing to consider: putting both the secure PC and another PC on the same LAN makes the secure PC more vulnerable to possible malware on the regular PC. Is there some easy way to separate them?

mouser:
Thanks for all the great suggestions -- I hoped this thread would be useful to others as well who might be considering a similar idea.

Let me help rule out some of the possible suggestions based on my experiences.

While I love the idea of swappable/switchable hard drives and use them for my external usb backup storage, I don't think this is a viable option for what I want here -- nor is a bootable cd/usb.

The reason is simple -- I don't want to have to turn off my main pc that I am working on -- and I have to be able to quickly turn on this other pc (whether virtual or real).

The virtual machine approach is still very much in consideration -- as it offers a good combination of secure isolation, and quick resume/sleep.  It also allows very quick backup/restore.

Navigation

[0] Message Index

[#] Next page

[*] Previous page