Security for the Paranoid

excerpts:

Most of my internet traffic goes through at least three firewalls. Is that too paranoid?

Sometimes I have a "Password Day" where I change every password I own on the same day, just in case someone might happen to have one of my passwords. I frequently change my passwords after traveling.

I use very long passwords for everything, even with the lamest accounts I have. I require my kids to use at least 14 character passwords on our home network and I'm considering issuing them smart cards. No one else, not even my wife, knows my network password.

I don't just throw out shredded documents; I spread the shredded bits into my garden to use as mulch.

I use a unique, secret e-mail address for each sensitive online account I have. I have always done that. I guess this would look paranoid to most people, but when I get e-mails from my bank, I can check the address the e-mail address they used to see if they sent it to the secret address.

I keep my PC's turned around so I can tell if anyone has installed a hardware keylogger.

I never check in luggage when I fly.

I do my Internet browsing from a locked down VMWare box that has no rights on my network.

I use terrafly.com to see what others might be able to see about my home.

It takes five passwords to boot up my laptop and check my e-mail.

One of those passwords is over 50 characters long.

I also delete unused services on my servers. I block unused ports. And I install hotfixes the day Microsoft releases them.

Henry Kissinger said that "Even a paranoid can have enemies." The fact is that we don't know all the current and future threats so we might as well treat everything as high security. I do, but then perhaps I'm just paranoid.

update 7/21/2008: Mark Burnett's homepage, and a Feb 2008 update