security measures?
Mica Mijatovic
blueness at gmx.net
Sun Oct 16 03:15:21 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Was Sat, 15 Oct 2005, at 09:40:27 +0800,
when nidhog wrote:
> Do you have any suggestions as to what security measures can be
> implemented in the following conditions:
I'll give few ideas, if nothing else than to improve my "karma" for the
next week. (-: There are plenty actually.
> 1. key management
> - how, where to keep keyrings
Encrypted "removable/mobile media" (diskette, CD-RW...) are quite fine.
Perhaps encrypted "containers" on them. (I have one small container of
1.44 MB for key rings.)
> - how to backup (encrypt backup?)
You can keep a backup in another container? Encrypted (.zip or other)
file and similar. It's important for it to be "locked up" somehow.
> - would it be safer to make separate keys to be used for different
> purposes (one for email and one for local file encryption, signing,
> etc)
That's quite good idea.
Even for local (not circulating on Internet) files is good to use some
other algorithm, not the "popular" one. (But about this one opinions
vary/diverge.)
> 2. frequency of changing passphrases
> - in a user who accesses emails via net cafes (think keyloggers)
Also good idea. Let's say after each use via net cafes, as soon as
possible. Well, would be "ideally".
> A link of good/reliable secure computing practices would be much
> appreciated.
Uh, it's a wide area... It might go from specific/particular piece of
software to anthropology. I don't know if there is something like that
at one place...
We have to know...
+ the machine (hardware)
+ the OS
+ particular software
...and then...
+ how the Internet/a Network works (TCP/IP, specific software /
"utilities" used...)
...so I'll give just few titles, coming in mind now, for instance
"Securing & Optimizing Linux 2.0" (quite interesting book; file name for
the download/Google is "Securing-Optimizing v2.0.pdf"; there is chapter
dedicated to GnuPG too), then "Teach Yourself TCP/IP in 14 Days" at
<http://docs.rinet.ru:8083/TCP-IP/tytfmfi.htm#E67E1>, or "Learn TCP IP
from professionals" at
<http://www.techrepublic.com/promotion.jhtml?pc=E62626>, then the Funny
Manuals related to particular OS (those for Linux are good, very good,
and those for...hm, Windows...I don't know, people often visit
<www.microsoft.com>, although I remember that the site
<http://members.aol.com/axcel216/> was abounding with "WinDOwS Tricks ·
Secrets · Bugs · Fixes".
Well, basically all depends on your personal "model" of "security /
safety" you estimate you need/want. Then according to this you choose
what you will learn and how much.
I personally like to tend to be within some "reasonable" limits, that is
I choose the "middle path" between a "paranoia" and a "boobynoia". It is
because always will be someone around knowing more ("technicalities")
than you do, in general or in particular moment, and all your
_technical_ defence will...well, suck in no time, if you have no some
other ways, for instance to avoid an attack or a pestilent situation
_before_ it becomes actual. It relates, then, to this "anthropologic"
dimension, when our own _personal behavior_ (independently of any
software and technical knowledge) defines the situations we'll be
involved in. Once we are clear as to this behavior, it will define what
software and knowledge we'll (choose to) use.
- --
Mica
PGP keys nestled at: http://blueness.port5.com/pgpkeys/
~~~ For personal mail please use my address as it is *exactly* given
in my "From|Reply To" field(s). ~~~
Consultants are mystical people who ask a company for a number and then
give it back to them.
-----BEGIN PGP SIGNATURE-----
iQEVAwUBQ1Gpp7SpHvHEUtv8AQNXRwgArl0pHruliVNInNXV+H6RiL9FRGtWDow+
P5ml3R8oVAIwT5+HUOn6OZSxel+B5ARQHzNvltAX3T1gHZLc3vEE6D0iAeWB8Blb
Iahb4H1VvLOMe00R2T4tpZNUkf9RCHZiXBxYr7meieNCtkCmW2YCTkgLeJqXehhr
vKRE4sB3H+IgVMHRDDul8yoHvAlsG2OxmbabsOwhzQ+q3XDo6kDRAaR1BViMEBdO
N7amDBj6MBQpJD6QiqT3sxGLiiuIxuvMaVX2xl50M4pZ8hxoL7BfH/XMlfgkwKk1
IqeZq+MYxGZlqMrDuRodpPobUe7j2qe7Zzs2huGnilFRUZYKMh2g+g==
=T7DS
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list