Two Important Security Concepts: Lock Down & Layered Security

23 Sep

Two important security concepts are Lock Down and Layered Security. These concepts apply to personal home security and online computer security.

Lock Down means different things to different people. A prison lockdown is different from a school lockdown during the threat of a crazed shooter. Lock down implies containment of things as they are. It denies harmful forces the chances to make progress and advance. It keeps things as they are, allowing the white hats to ride in and save the day.

A computer user can “lockdown” his computer. This means the computer is hardened against malicious attempts to change it. There are commercial programs (AppGuard) which prevent malicious code from changing your software. There are free programs like Microsoft’s EMET which help you “lock down” weaknesses.

The simplest things can be the most powerful. Any computer user without adding any special software to his PC can tighten security with the simple “lock down” procedure of creating non-administrative user accounts for daily use. Limited user accounts have limited ability to change your operating system and install software. You can still browse the web, check your e-mail, and spend way too much time on youtube with a limited user account. What you can’t do is make fundamental changes to the operating system. You need to log in as administrator to do that.

If a hacker gets control of your limited user account, his rights are limited. His ability to compromise your system is limited. Researchers have shown 92% of the malware out there can’t overcome being contained in a limited user account.

Limited user accounts are an example of the concept of allowing the minimum access and rights and privileges needed to a person. Don’t let strangers walk through your house.

An intruder entered the White House. The news said the White House is the most secure house in the country. O Contrair. MY house is the most secure house. I keep my door locked and I don’t have tourists. “Ah, that’s my stack of dirty underwear. I’ve been meaning to wash it. Moving over here, we see…”

Layered Security is just what it sounds like. It’s layers of defense to stop an intruder. A pit bull behind a locked door is layered security. If the intruder gets past the door, he must still deal with the dog.

A good example of layered computer security is using a DNS name server like Norton DNS Connect Safe to complement your firewall and virus protection.

DNS is like the phonebook for the Internet. DNS works as follows: When you want to visit a website, your computer needs to find the IP address of the site you want to visit. It gets this information from your DNS, which is a computer usually run by your Internet Service Provider (ISP).

A secure DNS will look at the IP address you want to visit and check if the site hosts malware or viruses. If the site is malicious, the secure DNS will let you know and won’t connect you to the site.

If a virus/malware got past your antivirus protection and past your firewall, one thing it would try to do is “phone home” to connect to a malicious web server to download more viruses or to send your private information to hackers. When it tried to make this connection, if your DNS were secure, the secure DNS would likely deny this connection.

I don’t recommend Google’s DNS because of privacy issues. Google likes keeping personal information way too much. You can layer your anti-virus with Google’s VirusTotal website which checks downloads for viruses.

Give some thought to these two security concepts as they relate to your personal security. What layered defenses have you? What is your daily “lock down” and what is your emergency “lock down”?


For airgun shooters, there’s some great information over at ThoughtfullyPrepping.

A great essay about where to start prepping. Not about fighting zombies, but about reality.

2 Responses to “Two Important Security Concepts: Lock Down & Layered Security”

  1. thoughtfullyprepping September 23, 2014 at 3:39 pm #

    Lock down? A computer term I’m not using anymore.
    All security is meaningless anyway if you can’t surf anonymously or use proprietary software. Besides the only true security is to not be connected.

    People are often conned into thinking their communications are safe.
    NOTHING is further from the truth.
    You speak they listen, you write they read, you encrypt and you draw attention to yourself (never a good thing).
    So just be careful what you say as everything is read, somewhere, somehow.

    You are not a person, just a number to be scrutinized, cataloged, and added to “the list”.

    Me? I’m a child of the dark web, using alternative browsers, and UNIX (aka Linux in all it’s exciting forms). Doesn’t mean my communications is safe, it just makes big brother work harder and I love that thought.

    Still this little VERY OLD and EXTREMELY SLOW laptop is just a basic sheep dip computer and nothing ever lives on this puppy.
    So play away demons I’m not worried plus the USB key is wiped on ejection!

    Layers? You don’t get better layers than never being connected.

    p.s. Kind words about the blog, thanks.

    • preppernextdoor September 24, 2014 at 6:34 am #

      You’re correct. No security is perfect and if you aren’t connected to the Internet, you’re PC is safe from hackers. If you’re working on a top secret design or something, stay offline with that PC. Companies with valuable customer data should do that if possible. Some PCs don’t need to be hooked up to the Internet.

      Not having valuable personal information on your PC (or better said “nothing ever lives on this puppy”!) is good advice for the ultimate security.

      Many people bank online or use credit cards online or have personal e-mails and other stuff they wish to protect. They want to be able to surf the net. These are the people who benefit the most from locking down their system and giving thought to PC security.

      You can’t protect yourself from the government agencies. If they want in, they’ll get in. I’m concerned about the 15 year old Russian who wants to hack my PC and encrypt my files and try to ransomware me. That’s the guy my level of security targets. Not the NSA, KGB.

      These ransomeware guys will call and demand money to free your files. This is how I’d respond (without the awesome voice):

Comments are closed.

%d bloggers like this: