Everyone has at least once heard heartbreaking phrases about the need to maintain a high-quality level of information security. These scary stories about break-ins, filled with screams and despair. The terrible consequences are discussed on almost every site... Therefore, right now you should fill your computer with security tools to capacity, and also cut the wires... There are a lot of tips on security, but for some reason they are of no use It doesn't turn out very much. In many ways, the reason lies in the lack of understanding of such simple things as “what we are protecting,” “from whom we are protecting,” and “what we want to get as a result.” But, first things first.

Information Security This term refers to various measures, state of preservation, technology, etc., but everything is much simpler. And therefore, first answer yourself the question, how many people around you have at least read the definition of this concept, and does not just mean comparing words with their meanings? Most people associate security with antiviruses, firewalls, and other security programs. Of course, these tools can protect your computer from threats and increase the level of system security, but few people have any idea what these programs actually do.

When thinking about information security, you should first start with the following questions::

• Object of protection- you need to understand what exactly you want to protect. This is personal data stored on the computer (so that it does not get to other people), this is computer performance (so that viruses and Trojans do not bring the system to the level of the first Pentium), this is network activity (so that Internet-hungry programs do not send statistics about you every half hour) , this is the availability of the computer (so that blue screens of death do not flood the system), this is...
• Desired level of security. A fully protected computer is a computer that does not exist. No matter how hard you try, there will always be a possibility that your computer will be hacked. Please keep in mind and always remember that there is such a direction as social engineering (getting passwords from trash cans, eavesdropping, spying, etc.). However, this is not a reason to leave the system unprotected. For example, protecting a computer from most well-known viruses is a completely feasible task, which, in fact, is what every ordinary user does by installing one of the popular antiviruses on their computer.
• Acceptable level of consequences. If you understand that your computer can be hacked, for example, by a hacker who is simply interested in you (it so happens that the attacker liked your IP address), then you should think about the acceptable level of consequences. The system breaks down - unpleasant, but not scary, because you have a recovery disk at hand. Your computer constantly accesses naughty sites - pleasant and unpleasant, but tolerable and fixable. But, for example, if your personal photos got onto the Internet, which no one should know about (a serious blow to your reputation), then this is already a significant level of consequences and it is necessary to take preventive measures (exaggerating, take an old computer without the Internet and look at the photos only On him).
• What do you want to get out of it? This question has many implications - how many extra steps will you have to perform, what will you have to sacrifice, how should protection affect performance, should it be possible to add programs to exclusion lists, how many messages and alarms should appear on the screen (if any) , as well as much more. Today there are quite a lot of security tools, but each of them has its own pros and cons. For example, the same Windows UAC in the Vista operating system was not done entirely successfully, but already in Windows 7 it was brought to the point where the protection tool became relatively convenient to use.

Having answered all these questions, it will become much easier for you to understand how you are going to organize the protection of information on your computer. Of course, this is not a complete list of questions, however, a sufficient number of ordinary users do not ask even one of them.

Installing and configuring security tools on your computer is only part of the measures taken. By opening suspicious links and confirming all actions of equally suspicious applications, you can easily negate all the efforts of security programs. For this reason, it is also always worth thinking about your actions. For example, if your task is to protect your browser, but you cannot avoid opening suspicious links (for example, due to specifics), then you can always install an additional browser used exclusively for opening suspicious links, or an extension for checking short links. In this case, if any of them turns out to be phishing (theft of data, access, etc.), then the attacker will achieve little.

The problem of determining a set of actions to protect information usually lies in the lack of answers to the questions from the previous paragraph. For example, if you don’t know or don’t understand what exactly you want to protect, then it will always be difficult to come up with or find any additional security measures (except for such common ones as not opening suspicious links, not visiting dubious resources, and others). Let's try to consider the situation using the example of the task of protecting personal data, which is most often placed at the head of the protected objects.

Protection of personal information this is one of the difficult problems that people face. With the rapid growth in the number and content of social networks, information services and specialized online resources, it would be a huge mistake to believe that protecting your personal data comes down to ensuring a reliable level of security for your computer. Not so long ago, it was almost impossible to find out anything about a person living hundreds of kilometers away from you, or even in a neighboring house, without having the appropriate connections. Today, almost everyone can find out a lot of personal information about everyone in literally a couple of hours of clicking the mouse in a browser, or even faster. Moreover, all his actions may be absolutely legal, since you yourself posted information about yourself to the public.

Everyone has encountered an echo of this effect. Have you heard that the test word for a test question should not be associated with you and others? And this is just a small part. As much as this may not surprise you, the protection of personal information largely depends only on you. No security measure, even if it does not allow anyone other than you to access the computer, will be able to protect information transmitted outside the computer (conversations, Internet, recordings, etc.). You left your mail somewhere - expect an increase in spam. You left photos of yourself hugging a teddy bear on third-party resources, expect corresponding humorous “crafts” from bored authors.

To be a little more serious, the enormous openness of Internet data and your frivolity/openness/frivolity, despite all the security measures, can bring the latter to naught. For this reason, it is necessary to take care in choosing information security methods and include in them not only technical means, but also actions covering other aspects of life.

Note: Of course, you shouldn’t think that an underground bunker is the best place in life. However, understanding that protecting your personal data is up to you will give you a big advantage over attackers.

Information security methods are often equated with technical solutions, leaving out such a huge layer of potential threats as the actions of man himself. You can give the user the opportunity to launch just one program and deal with the consequences in literally five minutes, if that turns out to be possible at all. One message in the forum about the information heard can break the most perfect protection (to exaggerate, about the prevention of protection nodes, in other words, a temporary lack of protection).

To decide on data protection methods, you need to not only search for suitable security tools while lazily clicking the mouse in the browser window, but also think about how information can be distributed and what it can concern. No matter how it sounds, to do this you need to pick up paper and pencil, and then consider all the possible ways to disseminate information and what it might be connected with. For example, let's take the task of keeping a password as secret as possible.

Situation. You came up with a complex password that has nothing to do with you, fully complies with the most stringent security requirements, did not leave a single mention anywhere (aspects such as leftovers in the computer’s memory, on disk and other points are not taken into account), do not use password managers, enter the password from only one computer, using a secure keyboard, use a VPN to connect, boot the computer only from a LiveCD. In one phrase, a real paranoid and security fanatic. However, all this may not be enough to protect your password.

Here are a few simple possible situations that clearly demonstrate the need for a broad view of information security practices:

• What will you do if you need to enter a password when there are other people in the room, even the “best” ones? You can never guarantee that they won't accidentally say indirect password information. For example, sitting in a pleasant atmosphere in a diner, it is quite possible to say “he has such a long password, as many as a dozen and a bunch of different characters,” which quite well narrows down the area of ​​password guessing for an attacker.
• What will you do if this happens and you need another person to carry out the operation for you? Another person may accidentally hear your password. If you dictate a password to a person who is poorly versed in computers, then it is likely that he will write it down somewhere; demanding your fanaticism from him will not be justified.
• What will you do if this happens and someone finds out about the way you come up with passwords? Such information also narrows down the selection area quite well.
• How can you protect your password if one of the nodes that securely transmits your password is compromised by an attacker? For example, the VPN server through which you access the Internet was hacked.
• Would your password be meaningful if the system you were using was hacked?
• And others

Of course, this does not mean the need for a stubborn and persistent search for information security methods for many months. The point is that even the most complex systems can be broken by simple human flaws that have been neglected to be considered. Therefore, when organizing the security of your computer, try to pay attention not only to the technical side of the issue, but also to the world around you.