I have several computers in my office that pull files from a Linux server as needed. But those computers can only access the server. I no longer want to access the net tough all the machines which is why I am documenting a few scenarios here on my blog.
To keep my work private, I pay a lot of attention to how my computers communicate with the internet. Originally, the net was fun but now one must exercise caution because small things like hovering of a link can cause unwanted actions. So here is the blueprint of my setup. The steps include:
- Firewall
- Network file sharing
- Windows & Linux
- Encryption
- Backups
Firewall
Most of us are connected 24/7 via a router which the internet service provider includes in the package. To set up the router, one needs to “log in” as administrator and configure the device as needed. The first thing I do is change the SSID and administrator password. After that, I enable the firewall which, by default, is off.
With the router (modem) our of the way, it’s time to focus on how each computer connects.
Network file sharing
Individual computers are kind of limited if they can’t talk to each other. Windows 10 and W10 Pro make setting up a home network easy but with that easy comes the first problem. Each computer connects to all other computers plus the internet. Unfortunately, in my case, that is not what I want.
First of all, I do not recommend to use the wireless WI-Fi option. Network cables are faster and don’t spread the signal to my neighbors. I also disable internet access on all but one machine. There are a few days to do this but the easiest is to simply disable the name server which severs the internet connection while keeping the machine on the local network.
Windows & Linux
I have used Linux since 1999, OS X since 2009 and Windows since 1995. Yes, I stood in line to buy Windows 95 and was excited to move on from 3.1 which replaced Atari. OK, let’s focus on now.
Last year, I switched from OS X (iMac) back to Windows 10 while doing 90% of my work on the Linux OS. Then I started to record music which made me prioritize Windows more. There are a few reasons why I did this but what matters is that the computer which can access the internet runs a hardened version of Linux. On top of that, it is only on when I am actually using it.
This strategy has paid off because I never had to deal with a virus or malware except cleaning other peoples computers. Being careful surely pays off but is still not enough to safeguard valuable assets. To achieve that, one needs to make use of data encryption.
Encryption
Encrypting data is a huge topic and just a few weeks ago, I wrote an eBook on that topic. Here are the important parts. I use ether PGP or 7zip to keep sensitive data safe. Amazingly, the files I encrypt with 7zip can be opened on all of my computers regardless of which OS they run. This is convenient.
The most important part of encrypting content is to use a strong password. I leave it up to you how you want to approach this. Very important files such as the passwords and usernames for web servers, email accounts and other sensitive information obviously need at least a 32 character password at a minimum. Keep in mind how often you have to type that password in and chose accordingly.
The idea is to prevent someone from booting a machine from an USB stick and by doing so, revealing the contents of the hard drive. It’s a simple procedure a child can do so be smart and encrypt. So with your data secured, there is only one more thing to do and that is making copies.
Backup
Backing up date is expensive because it needs to be done on external hard drives. Amazingly, the USB3 or USB3.1 speeds make the task manageable and less time consuming. The most important part to understand about data storage is to never even save it on the internal hard drive in the first place. If you are short on space, then use the internal unused space for storing encrypted files. Important work should always go on multiple external hard drives.
The reason for using external drives is simple. If your equipment fails and has to go to the repair shot, then your data stays at home. It’s that simple. Imagine if you used an iMac for online banking and saved the password in the browser. It’s secure to do so and many people do. But if the graphics card or the display goes, then the machine needs to be serviced by a tech center for a few days.
What happens when the tech who fixes it loads the browser and sees the sites you access?
Conclusion
Computers are amazing tools. They let us create CAD and graphics assets, record and edit music, design websites and access remote servers and much more. To protect those assets, it’s best to limit which computer can access the internet and encrypt and backup the data at least once.
If you do this, then you can rest easy. I do. All I have to remember is my super long password to unlock the instructions and info I need to do what I do. The whole thing reminds me kind of a snooker game. Every shot is easy if you know how to spin the cue ball.