Firewalls Don’t Stop Dragons Book Review

I’d like to share with you tips from the book Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies by Carey Parker. I’ll give you my review and summary of the book, but I highly recommend that you read it for yourself!

Note: This page contains affiliate links. As an Amazon Associate, I earn from qualifying purchases. Please see Affiliate Disclosure.

Firewalls Don’t Stop Dragons Book Review And Summary

This book jumped straight to the top of my list, next to Cyber Smart! It expertly addresses a range of security and privacy topics related to computers, phones, networks, Internet usage, communication, and parental controls.

Each chapter has two parts: the “why,” explaining the importance of the chapter’s topic, and the “how,” a checklist with specific steps and screenshots to increase your digital security and privacy. Each chapter also ends with a helpful, concise summary.

Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies
$28.87

Rely on this practical, end-to-end guide on cyber safety and online security written expressly for a non-technical audience. You will have just what you need to protect yourself—step by step, without judgment, and with as little jargon as possible. Just how secure is your computer right now? You probably don't really know. Computers and the Internet have revolutionized the modern world, but if you're like most people, you have no clue how these things work and don't know the real threats.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
September 26, 2020 6:06 pm UTC

The book contains over 150 tips, most of which are relatively simple, and free. Parker says that he tried to balance security and convenience. To calm those who feel overwhelmed, he ends the book with 6 priorities; the most important areas to focus on first.

If I write a book someday, I’d like it to be similar to this! Parker explains digital security concepts in clear, simple terms and with helpful analogies. I especially like the castle analogy that’s revisited throughout the book, as I’m a fan of fantasy literature (and a Tolkien geek). Parker’s writing is conversational, engaging, and entertaining.

About the book, Parker says,

Armed with the tips and techniques in this book, you can protect yourself and your family against the most common threats out there.

He also says,

My primary goal is to make you safer. The most efficient way to do this is to just tell you what to do. While I strongly believe that you need to understand why you’re doing these things, when all is said and done, that’s secondary to actually doing them. It’s like eating right and exercising. Sure, it’s good to know why it will help you, but you can get all the benefits just by doing it, whether you understand it or not.

The book is quite up-to-date; it’s been revised since its initial publication. I read the 2018 edition.

Parker is knowledgeable and experienced. He’s a software engineer who describes himself as “deeply concerned about privacy, mass surveillance, and computer security.” He’s a parent of two high school girls, so he’s able to advise on keeping kids safe online, and other digital parenting topics.

Here are my notes from each chapter.

Passwords

Drawbacks to biometrics

  • You could have a disfiguring accident.
  • If your biometric authentication is compromised (e.g. someone gets your fingerprint), you can’t change it.
  • You can’t use biometric authentication and still be anonymous.

Passwords must be at least 12 characters to avoid being easily cracked.

No need to periodically change passwords as long as they’re strong (especially if you have two-factor authentication enabled). If someone gets access to an account, they’re probably going to use it right away in a way you’d notice, not stealthily spy. You should change your password when an account suffers a data breach, or you’re worried that someone may have gotten access.

Password managers

LastPass: Secure Password Management
Free

LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

LastPass setup

  1. Set a strong master password.
  2. Enable Multifactor Authentication.
  3. Disallow LastPass login from foreign countries.
  4. Create a few one-time passwords.
  5. Disable browser’s password saving feature.
  6. Run LastPass Security Challenge.
  7. Replace weak passwords with strong ones, starting with the most important accounts.

Computer Security

Parker says Macs are safer than PCs because they have less market share than Windows, so Windows is targeted more. He says, “I think you’d be hard-pressed to argue that the latest Mac OS is significantly more secure than the latest Windows OS.”

Have an admin account you use only when necessary, and use a regular account for everyday use. Each user of the computer should have their own personal account.

According to a 2017 report by Avecto, 80% of all Windows security vulnerabilities that were considered “critical” could have been prevented or significantly mitigated if the user had not had full administrator privileges. 

Parker says anti-malware (antivirus) software often does more harm than good. It often can’t keep up with threats, bugs in it can make your computer more vulnerable, and it often reports your activity to the software company.

Parker strongly believes you don’t need to pay for anti-malware software, and that free alternatives (built into the OS, or from third parties) are good enough.

For Mac, Parker recommends Sophos Home and Avira.

Sophos: Fully Synchronized, Cloud Security
Free

Sophos provide business-grade cybersecurity for business and home-use. It can block advanced viruses, malware, and ransomware.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Avira Free Antivirus: Real Time Protection and Repair
Free

Avira Free Antivirus blocks spyware, adware, malware, and ransomware, and it gives you real-time protection and updates.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Because Windows 10 Home doesn’t include BitLocker, use VeraCrypt to encrypt your hard drive.

For Mac, encrypt the external hard drive you use for Time Machine backups.

Securely erase sensitive files; don’t just delete them. For Windows, use Eraser or Freeraser. For Mac, you need to delete the file, empty the Trash, then in Terminal, run diskutil secureErase freespace 0 /Volumes/Macintosh\ HD.

LAN Sweet LAN

Use your router rather than one from your ISP, to protect your privacy and configure the router as you please.

Router brands

Register your devices with the manufacturer, to be notified about security issues and fixes.

VPN services

ExpressVPN: High-Speed and Secure VPN
$99.84

ExpressVPN hides your IP address and encrypts your network data so no one can see what you're doing. You can access any content, no matter your location using ultra-fast VPN servers.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
NordVPN: One Click To Online Security
$84

NordVPN provides a secure VPN service for everyone. It keeps your data safe and helps keep your online identity anonymous.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Private Internet Access: Anonymous VPN Service
$39.95

Private Internet Access provides state of the art, multi-layered security with advanced privacy protection using VPN tunneling. It helps block unwanted connections, hide your IP address, and defend yourself from data monitoring and eavesdropping.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
ProtonVPN: Secure and Free VPN Service
Free

ProtonVPN offers secure VPN through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even when you are using public or untrusted Internet connections.


We may earn a commission if you click this link and make a purchase at no additional cost to you.
SurfShark: Secure Your Digital Life
$71.88

SurfShark enables you to access the Internet anonymously. It prevents malware and phishing attempts, and blocks ads for a better web browsing experience.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
TorGuard: Anonymous VPN
$59.99

TorGuard protects you from hackers, net censorship, identity theft, and ISP's monitoring activities. It provides easy to use services that protect your online identity.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
TunnelBear: Secure VPN Service
Free

TunnelBear encrypts your internet connection to keep your online activity private and anonymous. It's very easy to use for both consumers and teams.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
VPNArea: Fast and Anonymous VPN
$59

VPNArea gives you a secure and anonymous Internet connection. Your browsing history, real IP address, and location will be hidden behind VPNArea's servers.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Windscribe: Free VPN and Ad Block
Free

Windscribe helps you browse the web privately as it was meant to be. It encrypts your web activity and blocks ads for a better web browsing experience.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Practice Safe Surfing

Chrome is probably the most secure browser, and Firefox and Safari are also fairly secure. Firefox and Safari are tied for most private browser, Microsoft Edge is in the middle, and Chrome is last. Parker recommends Firefox.

Other browsers: Opera, Brave, Tor Browser.

DuckDuckGo search engine doesn’t track users.

Security and privacy browser plugins and extensions

Opt-out of tracking by following this post.

Secure Communication

End-to-end encrypted messengers: Signal, Wire, Apple’s iMessage, WhatsApp.

Secure email: ProtonMail. Private email: FastMail.

You should never send sensitive or highly personal information via e-mail or text message. Again, most of these messages should be thought of as postcards, not sealed envelopes. And copies of these messages may remain on servers long after you and the recipient delete the message.

To securely send a sensitive file, use Firefox Send (set a password), or send a password-protected zip file via email, Dropbox, etc. To create a password-protected zip file on Windows, use 7-Zip; on Mac, use Keka. Send a password a different way than you a send file.

Check links with VirusTotal URL scanner.

Check files with VirusTotal file scanner.

Online Accounts and Social Media

If cloud storage providers hold the encryption key, your data can be viewed by employees, hackers, or legal authorities. Use a storage provider that lets you hold the encryption key, such as Sync.

Cryptomator lets you encrypt a file before putting it on any cloud storage.

Beware DNA services such as 23andMe and Ancestry.com. Law enforcement and intelligence agencies use these DNA databases to find people and their relatives.

Parental Guidance

Teach kids the “Grandmother Rule”:

Grandmother Rule: don’t do anything online that you wouldn’t gladly share with your grandmother.

Teach them that anything they post online could someday be seen by college admissions officers, potential employers, and, even, their future kids.

Enable parental controls in Windows and Mac.

Bark: The Smart Way To Keep Kids Safer Online
$49

Bark lets you proactively monitor your child's text messages, emails, and social media accounts for potential safety concerns or privacy threats, so you can save time and gain peace of mind.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Kaspersky Safe Kids: All-In-One Parental Control Software
$14.99

Kaspersky Safe Kids gives you an affordable tool to protect your child against online threats. You can also monitor all your child's devices to block any inappropriate websites.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
KidLogger: Free Parental Control App
Free

KidLogger helps you observe what your kids are doing when they are using their devices. You can monitor their web history, keystrokes, messages, emails, and application usage.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Mobicip: Parental Control Software and Internet Filter
$40

Mobicip helps protect your family on the Internet, limit screen time, manage apps, and track your kids' location/s. You can manage and monitor all family devices from one parent app or dashboard.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Net Nanny: Parental Control Software and Website Blocker
$39.99

Net Nanny protects your child against dangerous content and online threats. You can block apps and websites on your child's device, and get peace of mind with the best parental control software on the market.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Norton Family: Award Winning Parental Control Software
Free

Norton Family helps you supervise your kids' online activities and protect them against unsuitable content. It helps block inappropriate websites while your kids are surfing the Internet.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Qustodio: Best Parental Control Software
$54.95

Qustodio provides powerful monitoring tools and parental controls for things like screen time, adult content, and games. It gives parents visibility and creates daily opportunities to talk with kids about their online experiences.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Teach kids to protect their identities by giving as little identifying information as possible when creating accounts.

Teach kids they can only accept as online friends people they’ve met in person, unless you approve an exception.

Use OpenDNS to block objectionable web sites.

Enable device tracking in case you need to locate your child in an emergency.

Digital contracts for kids

Parental resources

Don’t Be a Smartphone Dummy

Parker says “iOS is way safer than Android” because of the difference in ecosystems. Google Nexus and Pixel devices are among the most secure Android devices because Google controls hardware and software.

iOS is far more private than Android.

Biometrics don’t offer protection against law enforcement (because in the US you can be legally compelled to use them) or physical attackers (who have access to your body). 5th Amendment prevents law enforcement from compelling you to give up a password. For most people, biometrics provide a worthwhile tradeoff between security and convenience.

A full password on your phone is best, but a 4-digit PIN is enough for most people, since unlocking requires physical access.

Before you get rid of an iOS device, follow this article.

Before you get rid of an Android device

  1. Take a full backup.
  2. Remove the SIM card, if present.
  3. Remove the SD card, if present.
  4. Log out of any services and accounts you use on the device.
  5. Encrypt device, if not already done.
  6. Perform a factory reset. Look in Settings for reset option.

Odds and Ends

If your email is hacked

  1. Change the password to a strong one.
  2. Change security questions.
  3. Check inbox for password reset notifications you didn’t ask for, indicating those accounts are compromised. Change those passwords to strong ones.
  4. Check the Sent folder for emails you didn’t send. Warn recipients about them.
  5. Check settings (signature, forwarding, vacation reply, etc.).
  6. Tell email provider you were hacked but you changed your password.
  7. Enable two-factor authentication, if possible.

Securely erase a hard drive with DBAN.

Parting Thoughts

Priorities (do these first, and the rest when you can)

  • Back up your files.
  • Keep your computer and phone software updated.
  • Use strong, unique passwords for important sites.
  • Turn on two-factor authentication when possible.
  • Browse the Web safely using a good browser with security plugins.
  • Don’t open attachments or links you’re not expecting.

Recommended websites

Firewalls Don’t Stop Dragons Book Review – Final Thoughts

If you found this summary helpful, then read the book, Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies by Carey Parker.

Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies
$28.87

Rely on this practical, end-to-end guide on cyber safety and online security written expressly for a non-technical audience. You will have just what you need to protect yourself—step by step, without judgment, and with as little jargon as possible. Just how secure is your computer right now? You probably don't really know. Computers and the Internet have revolutionized the modern world, but if you're like most people, you have no clue how these things work and don't know the real threats.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
September 26, 2020 6:06 pm UTC

The Resources page has additional books about Internet safety, security, and digital parenting.

What You Should Do

Here are the top tips I’ve selected from this book.

  1. Use a password manager to create strong, unique passwords. Parker and I like LastPass.
  2. For secure messaging, use an end-to-end encrypted messenger: Signal, Wire, Apple’s iMessage, or WhatsApp. Don’t use email or text (SMS) for sensitive messages.
  3. To securely send a sensitive file, use Firefox Send (set a password). Don’t use email or text (SMS) for sensitive files.
  4. Use a storage provider that lets you hold the encryption key.
  5. Teach kids to protect their identities by giving as little identifying information as possible when creating accounts.
  6. Teach kids they can only accept as online friends people they’ve met in person, unless you approve an exception.
  7. Use OpenDNS to block objectionable web sites.
  8. Before you get rid of a computer, iOS device, or Android device, reset or wipe it. See the instructions in this post.
  9. Back up your files.
  10. Turn on two-factor authentication when possible.

Leave a Comment