Book review - Firewalls Don't Stop Dragons
As you may have noticed, here at Digital Citizen we take cyber security very seriously. Our long-running Security for Everyone series has kept our readers up to date with the latest security software for years now, along with reviews that tell it like it is. While our series does a great job of comparing what's out there, and explaining which audiences might find a particular program to their liking, how does the average person really understand the reasons for installing the security products we recommend? Along comes a book called Firewalls Don't Stop Dragons: A step-by-step guide to computer security for non-techies. Sounds like it might get beginners off to a good start, right? Well, let's see if it lives up to its title.
The author's purpose
The author, Carey Parker, makes it clear right from the beginning who he wrote the book for: The people who don't know what's going on. The people who are always asking their more knowledgeable friends and relatives to rescue them from the trouble they've gotten themselves into. The people like my mom, whose computer had more pop-ups than the kiddie book section at Barnes & Noble.
"The purpose of this book is to walk the average, non-techie person through the basic things that everyone should do to protect their computers and their data. It also takes the time to explain why these things are important and how they work, at a high level. This is the stuff you [ie. the family geek or IT person] wish you had time to explain to all your friends and family."
In order to help these people best, the explanations are going to be simplified and written with the assumption that the reader is a novice. Things are going to be explained step by step. And, of course, since this is a book, the newcomer can go back and re-read everything as often as necessary to catch on, without having to go bug the family IT person again and again and again. As anyone who's had to explain stuff repeatedly and hope for the best knows only too well, this is a noble purpose indeed. :)
A thorough beginning
After a light-hearted look at the various "camps" that people might fall into (Pollyanna, Luddite, and Goldilocks, depending on how oblivious, wary or confident people are about their ability to deal with what's out there) Firewalls Don't Stop Dragons gives a brief listing and explanation of the most common cyber threats: credit card fraud, spam and scams, viruses and other malware, identity theft, email hacking, tracking and surveillance. And there's an explanation of how one person's unprotected or poorly protected computer can compromise everyone around him or her, and how learning about cyber security can keep everyone safe. Each chapter is divided into two parts, which Carey Parker describes as the "why" and the "what." So each chapter's "why understanding this is important" is followed by a "what you can do about it" in the form of a checklist.
The goal of the book is to educate people and thereby make them safer. It covers modern versions of Windows up to Windows 8.1, and Mac OS X from Mountain Lion through Yosemite (as might be expected for a publication copyrighted 2014). NOTE : This review covers the first edition; there is now a second edition available which is updated for newer operating systems. See the author's blog for details.
However, don't be too concerned about the operating systems or the exact details. The idea is to educate people in the basics of self protection, and that basic knowledge is what's essential. If you understand the concept of security and protection, finding the exact steps for your operating system is easy.
To make the concepts most accessible, Firewalls Don't Stop Dragons uses the setting of a nobleman or woman who's gotten an assignment from the king: You now have a huge estate and it's your job to populate it and protect it. You've got a fixed budget of gold and materials. How can you do your job best with only the resources you have? What do you need to protect? What are your priorities? And could you protect yourself against dragons? Well, if the "dragons" are high powered hackers or relentless government agencies, you're doomed. But as for everyday threats, Firewalls Don't Stop Dragon s has a step by step plan that anyone can follow to keep themselves as secure as humanly possible. And this is what the rest of the book is about.
Basics and methods
Setting up defenses for your computer is rather like setting up defenses for a castle. You have to know what to look out for, and you can't rely on just one kind of protection. Most importantly, you have to know what you're up against and you have to know what you're doing. You can't just hide behind a hedge and hope nobody notices you.
And so, Firewalls Don't Stop Dragons begins at the beginning. The reader is given a brief overview of how the internet works, and what kinds of hazards are lurking out there, and then about tools to insure privacy and minimize tracking online. The nuts and bolts come later and in much more detail.
The "First Things First" chapter takes care of local business, so that the reader has a better basis for venturing out into cyberspace. Learn why backups are vital, and how and when to do them. Clean up your computer, so you don't have software or files that you don't need or don't use cluttering up your drive and probably eating up processing power and memory and slowing your computer down. And then go through your installed software program by program and make sure it's all up to date. The older something is, the more likely somebody out there who's got nothing more productive to do has come up with a way to invade it. And that includes your operating system. NOTE: This doesn't mean you have to abandon an older version of your operating system that does everything you want, even though newer versions are out there. It does mean making sure that all the updates are installed and helping to keep you protected.
The checklist for this chapter gives more complete details about configuring and updating operating systems, doing backups, and "spring cleaning." It has screenshots from Windows and OS X and the steps necessary to do everything. Again, if you have a newer operating system than what was available in 2014, don't let that stop you from reading the instructions. Your process will be similar and you will understand the basics.
The "Spring Cleaning" section explains how to remove software you're not using, with the important caveat that you must follow the instructions step by step and do a backup before you even think of messing with what's on your hard drive.
Off we go into the wild Internet
With a backed-up, updated, cleaned-up computer, the reader is now ready to tackle the internet. And of course the first thing one must learn about is passwords. How to create them, how to make sure they're secure, and why they're a lot more serious business than most people seem to think.
The book gives a good, thorough explanation of password strength, and why some seemingly secure passwords are actually worthless. This section is essential for understanding basic security. A cyber villain who gets hold of your password has control of everything you are and do online. If creating strong passwords seems like too much work, stop for a minute and think of what could happen if someone malicious got hold of your bank account, your work email or all your social media accounts. And it will happen if you were lah-di-dah about your passwords.
How difficult is it to construct a really secure password that you could easily remember? Not very difficult at all.
This is followed by an in-depth discussion of password managers, why they add security and how to tell if you've picked one that's really secure. And why even "military grade" encryption might be meaningless in the grand scheme of things.
The reader will also learn how to create a really secure master password to use with a password manager. The author uses the first line in "Stairway to Heaven" as an example and now, doggone it, after all these years of stoutly resisting learning any of the words of a song I always loathed, I know the first line. :) Despite the source material, the method is an excellent one and definitely something that is easy to learn and remember, even with the suggested extra-security add-on characters.
I believe that the checklist for Chapter 5, "Computer Security " , is one of the best overall guides to making your computer secure. It walks the reader through the recommended steps for cyber security, starting with creating a password and moving on through creating a separate admin account and using an account without admin privileges for everyday work (something that I've found many people don't really understand) to installing antivirus software. There are plenty of screenshots, and the book recommends some free antivirus products (but Digital Citizen has better recommendations ). Firewalls Don't Stop Dragons recommends that OS X users turn on disk encryption (there are built-in disk encryption tools available in Windows, but only in the high priced versions). The checklist ends with advice never to trust public computers, never to trust unknown USB devices, unplug or cover webcams when they're not in use, and something that surprised me: Don't use Adobe Reader! Unfortunately, this recommendation isn't really explained.
Safer home networks
I think the chapter on securing home networks is shorter than it needed to be. Although the advice for checking your own equipment and changing your own security settings is good, it's been my experience that often what appears to be a network problem is actually an ISP (Internet Service Provider) problem, and it's also been my experience that ISPs are not going to admit that it's their problem. I'm sure our account with the ISP is laden with notes about this unreasonable woman who won't disable the network card in her computer to fix a house-wide, multi-operating system internet outage. :) Honestly, I would have liked to see Mr. Parker apply his common sense approach to the problem of "It's your equipment, not ours" ISP policy, and offer some practical suggestions for shifting the responsibility to where it belongs.
Browser terminology and security
The chapter "Practice Safe Security" explains all those acronyms that we run into every day. Read it and you'll know what TLS and HTTPS and certificates and DNS (and so forth) are all about. You may not need to know the details on an everyday basis, but it will help if your ISP tries to out-talk you. :)
The section called "Tracking Tech" will very likely make your eyes bug out. We tend to get complacent about internet browsing and not pay much attention to the digital trails we all leave behind. And we don't know how each site we visit is linked to other sites, which may also be gathering their own data on who's who and who's where. There are some graphics in this section that make the point most emphatically--you really don't know who's got your number. And the discussion of cookies (which I would guess most people have heard of) leads into a discussion of other ways that people can be tracked (cookies are only a very small part of it). And who watches the watchers? Who knows?
The checklist in this chapter guides the reader through picking a secure browser, adjusting the security settings, and changing to a search engine that has no interest in keeping track of what you search for. There's instructions for removing unnecessary add-ons (like Java) and installing add-ons that will increase your security. And there's a very brief mention of incognito browsing, a subject Digital Citizen has covered in much more detail.
Where To Buy
Email, social media and online accounts
The chapters that cover these subjects are rather short, but there's plenty of good solid information, all of which involves good solid common sense. So many of us have made email and social media and online banking and shopping part of our daily lives that it's easy to be lah-di-dah about security. Firewalls Don't Stop Dragons provides a good, solid wake-up call. There's also a section on parental controls that should be required reading for anyone whose children are allowed to use the internet.
Firewalls Don't Stop Dragons is one of the few practical, everyday, to-the-point guides to online security that I've read in years. There's no fluff and filler, just real-world advice. The writing is easygoing and readable and the author makes even complex subjects easy to understand. And, of course, understanding the basics makes understanding the more complex topics easier as well. If you want just one guide to help you understand what we're up against out there in cyberspace, this book is the one.