| In the meantime, a high level of technical proficiency is needed to defend against monolithic personal computing environments that are hostile by design. * Assume personal computing environment is hostile * Use an external firewall and have a whitelist-only policy * Use an external NIDS * Physically disable all hard-connected non-wired interconnectivity Monitors and keyboards ("I leave message here on service but you do not call") still leak, of course, but this is a good start, and most people need to be concerned with practical attacks that could be carried out over the internet. New Year's 2018 resolutions: 1) Review backup policy including backup testing procedures 2) Implement personal digital security measures I've often thought that the current mentality of a "convenient" monolithic personal computing environment (whether an iPhone, laptop, or PC) doesn't properly assess threats. When broadband internet first became popular in my area growing up, it was acceptable practice (and recommended by ISP's) to simply plug your non-firewall'ed DSL modem ethernet directly into your computer. It truly was unprotected sex in the worst possible way. Perhaps the next evolution will fundamentally reconsider personal computing design from a security-first perspective. |
How much do you trust that firewall?
> ...it was acceptable practice (and recommended by ISP's) to simply plug your non-firewall'ed DSL modem ethernet directly into your computer
You have to plug that modem into some non-firewalled computer. Honestly I trust a well kept PC much more than a firewall appliance.