Security notes - security for the everyday person: Difference between revisions
Jump to navigation
Jump to search
Line 140: | Line 140: | ||
--> | --> | ||
==Is it important to encrypt my PC?== | ===Is it important to encrypt my PC?=== | ||
<!-- | <!-- | ||
tl;dr: | |||
: if you think it'll get stolen specifically for the data on it, yes. | |||
: it helps against some [[evil maid]] style attacks | |||
: if you | : if you think a not-specifically-interested thief might still poke around, and want peace of mind that they can't, yes | ||
: yet practically | : yet practically | ||
:: people don't generally take their PCs anywhere - LAN parties happen... less than since the nineties | :: people don't generally take their PCs anywhere - [[LAN parties]] happen... less than since the nineties | ||
:: the first two of the above assumes you are a person of interest, and someone is taking the time specifically on you | |||
:: even theft by non-interested people is not too much threat. Yes, they could poke around, but chances are that they or the next owner will just reinstall the thing. | :: even theft by non-interested people is not too much threat. Yes, they could poke around, but chances are that they or the next owner will just reinstall the thing. | ||
Line 163: | Line 165: | ||
:: ...or other things | :: ...or other things | ||
* added disks would have to be separately encrypted | * added disks would have to be separately encrypted | ||
--> | |||
<!-- | |||
===Is it important to have secure boot / Trusted Execution features / pre-boot authentication=== | |||
It depends on your threat model. | |||
Each of these helps in different ways, | |||
but none of them may be overly relevant. | |||
Say, if you have full disk encryption, physical access does not immediately get people into that data, | |||
but you might care about an [[evil maid]] style attack -- someone tampering with an unattended device, | |||
in this case e.g. to get you to type a password into something that is something else. | |||
Secure boot help ensure you are typing a password into the right thing. | |||
At least, it ups the stakes of the attack - which would now have to replace ''firmware'', | |||
which is very high-effort (complex and model-specific). | |||
Trusted execution | |||
Pre-boot authentication e.g. disables drive reads until, | |||
it e.g. means people cannot boot a liveUSB environment without ''you'', | |||
but neither of these things adds anything when you use full-disk encryption anyway. | |||
Pre-boot auth | |||
Full disk encryption ups the | |||
However, if the device is password protected, as with full disk encryption, the firmware of the device needs to be compromised, usually done with an external drive | |||
Revision as of 15:09, 27 June 2024
Security related stuff.
Securing services
Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted |