Travelling Securely
In a previous post I said I wanted to write about travelling securely. I’ve given this a lot of thought, and am interested in what other people think as well. I think I’ve come up with a pretty good setup that is very portable and, once set up, not a lot of work to maintain.
Requirements
So let’s go into what my requirements were. I came up with these a few months before we left for Peru and had lots of time to prepare.
By the way, this isn’t really necessarily specific to Peru. I’ve felt about as safe here as anywhere I’ve travelled. When travelling in general, though, you open yourself up to be a target. You look and talk different from everybody else, and this likely means you have something valuable to snag. So I’ll be doing all this any time I’m on the run.
Data and Hardware Must Both Be Secure
If someone steals my machine, they can’t be able to get at my data. Lots of it isn’t even mine and is protected by NDA’s.
Also, if the hard drive crashes, I have to be able to get my data back quick. I can’t start from scratch reinstalling everything and syncing the whole tree from Perforce through the VPN. I’ll have been down too long and I’ve got to get paid!
And finally, I want a reasonable degree of physical security, to try to avoid the theft happening or being effective in the first place.
Online Personal Data Must Be Secure
This is a hairy one. Lots of times I need to do online bill-pay or check credit card balances or my email, and the only option is at an internet cafe. And I have to assume there are key loggers running. Whether installed by a malicious shop owner, a malicious user, or a virus delivered by USB drive by an unsuspecting user, it doesn’t matter. I don’t trust public internet machines, but I am forced to use them fairly often.
The best option would be to use my notebook and plug in direct (I have a cable just for this purpose), but lots of shops do not permit this or are clueless on where a switch is and don’t want you crawling around under desks looking for it. And forget about Wi-Fi. It’s just not common enough down here to even mention, except in the largest cities, and even then it’s still fairly rare.
Security Can’t Overwhelm Utility
We’re not going to carry around a giant safe with us. Security is a tradeoff. Whatever we do, it must be portable enough to go in a day pack with lots of extra room for other stuff. Water bottles, a book or two, sunscreen, hat and light long sleeve shirt (learned my lesson there), iPod, etc. while still leaving some room for whatever we pick up along the way. So the security has to mostly be visual and then of course, electronic, which doesn’t weigh anything.
And I have to deal with the electronic usability issues. Allison is just not going to memorize more than one password. It really is too much to ask – having to remember which site has which password, and each has to be secure, dealing with each site’s dumb requirements. She’ll end up using allison123 as a password again.
So instead we’ll pick a good solid and long password for her (passphrase, actually) and lock everything with that, using LastPass. More on that in a bit.
Disclaimer
This should be obvious, but I need to point out that I’m not a security professional or a criminal psychologist! I’m just an average scruffy software engineer who listens to the Googles, and reads Bruce Schneier regularly. I’m doing my best to protect what I can. I’m very interested in hearing others’ opinions on what I’ve come up with.
Next Up
In writing this up originally, it got pretty long, so I’m breaking it into three parts. The next part is on physical security of hardware when mobile.
Posts in this series:
