Firewalls Don’t Stop Dragons Book Review

I’d like to share with you tips from the book Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies by Carey Parker. I’ll give you my review and summary of the book, but I highly recommend that you read it for yourself!

Firewalls Don’t Stop Dragons Book Review And Summary

This book jumped straight to the top of my list, next to Cyber Smart! It expertly addresses a range of security and privacy topics related to computers, phones, networks, Internet usage, communication, and parental controls.

Each chapter has two parts: the “why,” explaining the importance of the chapter’s topic, and the “how,” a checklist with specific steps and screenshots to increase your digital security and privacy. Each chapter also ends with a helpful, concise summary.

The book contains over 150 tips, most of which are relatively simple, and free. Parker says that he tried to balance security and convenience. To calm those who feel overwhelmed, he ends the book with 6 priorities; the most important areas to focus on first.

If I write a book someday, I’d like it to be similar to this! Parker explains digital security concepts in clear, simple terms and with helpful analogies. I especially like the castle analogy that’s revisited throughout the book, as I’m a fan of fantasy literature (and a Tolkien geek). Parker’s writing is conversational, engaging, and entertaining.

About the book, Parker says,

Armed with the tips and techniques in this book, you can protect yourself and your family against the most common threats out there.

He also says,

My primary goal is to make you safer. The most efficient way to do this is to just tell you what to do. While I strongly believe that you need to understand why you’re doing these things, when all is said and done, that’s secondary to actually doing them. It’s like eating right and exercising. Sure, it’s good to know why it will help you, but you can get all the benefits just by doing it, whether you understand it or not.

The book is quite up-to-date; it’s been revised since its initial publication. I read the 2018 edition.

Parker is knowledgeable and experienced. He’s a software engineer who describes himself as “deeply concerned about privacy, mass surveillance, and computer security.” He’s a parent of two high school girls, so he’s able to advise on keeping kids safe online, and other digital parenting topics.

Here are my notes from each chapter.

Passwords

Drawbacks to biometrics

• You could have a disfiguring accident.
• If your biometric authentication is compromised (e.g. someone gets your fingerprint), you can’t change it.
• You can’t use biometric authentication and still be anonymous.

Passwords must be at least 12 characters to avoid being easily cracked.

No need to periodically change passwords as long as they’re strong (especially if you have two-factor authentication enabled). If someone gets access to an account, they’re probably going to use it right away in a way you’d notice, not stealthily spy. You should change your password when an account suffers a data breach, or you’re worried that someone may have gotten access.

Password managers

• LastPass (Parker recommends)
• 1Password
• Dashlane
• Roboform
• KeePass (offline only)

LastPass setup

1. Set a strong master password.
2. Enable Multifactor Authentication.
3. Disallow LastPass login from foreign countries.
4. Create a few one-time passwords.
5. Disable browser’s password saving feature.
6. Run LastPass Security Challenge.
7. Replace weak passwords with strong ones, starting with the most important accounts.

Computer Security

Parker says Macs are safer than PCs because they have less market share than Windows, so Windows is targeted more. He says, “I think you’d be hard-pressed to argue that the latest Mac OS is significantly more secure than the latest Windows OS.”

Have an admin account you use only when necessary, and use a regular account for everyday use. Each user of the computer should have their own personal account.

According to a 2017 report by Avecto, 80% of all Windows security vulnerabilities that were considered “critical” could have been prevented or significantly mitigated if the user had not had full administrator privileges. 

Parker says anti-malware (antivirus) software often does more harm than good. It often can’t keep up with threats, bugs in it can make your computer more vulnerable, and it often reports your activity to the software company.

Parker strongly believes you don’t need to pay for anti-malware software, and that free alternatives (built into the OS, or from third parties) are good enough.

For Mac, Parker recommends Sophos Home and Avira.

Because Windows 10 Home doesn’t include BitLocker, use VeraCrypt to encrypt your hard drive.

For Mac, encrypt the external hard drive you use for Time Machine backups.

Securely erase sensitive files; don’t just delete them. For Windows, use Eraser or Freeraser. For Mac, you need to delete the file, empty the Trash, then in Terminal, run diskutil secureErase freespace 0 /Volumes/Macintosh\ HD.

LAN Sweet LAN

Use your router rather than one from your ISP, to protect your privacy and configure the router as you please.

Router brands

• Linksys
• Netgear
• Belkin
• D-Link
• Asus

Register your devices with the manufacturer, to be notified about security issues and fixes.

VPN services

• NordVPN
• ExpressVPN
• ProtonVPN
• TunnelBear

Practice Safe Surfing

Chrome is probably the most secure browser, and Firefox and Safari are also fairly secure. Firefox and Safari are tied for most private browser, Microsoft Edge is in the middle, and Chrome is last. Parker recommends Firefox.

Other browsers: Opera, Brave, Tor Browser.

DuckDuckGo search engine doesn’t track users.

Security and privacy browser plugins and extensions

• Privacy Badger
• LastPass
• DuckDuckGo Privacy Essentials (Chrome, Firefox)
• HTTPS Everywhere
• uBlock Origin
• Decentraleyes

Opt-out of tracking by following this post.

Secure Communication

End-to-end encrypted messengers: Signal, Wire, Apple’s iMessage, WhatsApp.

Secure email: ProtonMail. Private email: FastMail.

You should never send sensitive or highly personal information via e-mail or text message. Again, most of these messages should be thought of as postcards, not sealed envelopes. And copies of these messages may remain on servers long after you and the recipient delete the message.

To securely send a sensitive file, use Firefox Send (set a password), or send a password-protected zip file via email, Dropbox, etc. To create a password-protected zip file on Windows, use 7-Zip; on Mac, use Keka. Send a password a different way than you a send file.

Check links with VirusTotal URL scanner.

Check files with VirusTotal file scanner.

Online Accounts and Social Media

If cloud storage providers hold the encryption key, your data can be viewed by employees, hackers, or legal authorities. Use a storage provider that lets you hold the encryption key, such as Sync.

Cryptomator lets you encrypt a file before putting it on any cloud storage.

Beware DNA services such as 23andMe and Ancestry.com. Law enforcement and intelligence agencies use these DNA databases to find people and their relatives.

Parental Guidance

Teach kids the “Grandmother Rule”:

Grandmother Rule: don’t do anything online that you wouldn’t gladly share with your grandmother.

Teach them that anything they post online could someday be seen by college admissions officers, potential employers, and, even, their future kids.

Enable parental controls in Windows and Mac.

Teach kids to protect their identities by giving as little identifying information as possible when creating accounts.

Teach kids they can only accept as online friends people they’ve met in person, unless you approve an exception.

Use OpenDNS to block objectionable web sites.

Enable device tracking in case you need to locate your child in an emergency.

Digital contracts for kids

• ConnectSafely Family Contract for Smartphone Use
• Gregory’s iPhone Contract by Janell Burley Hofmann

Parental resources

• Common Sense Media
• NetSmartz
• ConnectSafely
• FTC: Protecting Kids Online

Don’t Be a Smartphone Dummy

Parker says “iOS is way safer than Android” because of the difference in ecosystems. Google Nexus and Pixel devices are among the most secure Android devices because Google controls hardware and software.

iOS is far more private than Android.

Biometrics don’t offer protection against law enforcement (because in the US you can be legally compelled to use them) or physical attackers (who have access to your body). 5th Amendment prevents law enforcement from compelling you to give up a password. For most people, biometrics provide a worthwhile tradeoff between security and convenience.

A full password on your phone is best, but a 4-digit PIN is enough for most people, since unlocking requires physical access.

Before you get rid of an iOS device, follow this article.

Before you get rid of an Android device

1. Take a full backup.
2. Remove the SIM card, if present.
3. Remove the SD card, if present.
4. Log out of any services and accounts you use on the device.
5. Encrypt device, if not already done.
6. Perform a factory reset. Look in Settings for reset option.

Odds and Ends

If your email is hacked

1. Change the password to a strong one.
2. Change security questions.
3. Check inbox for password reset notifications you didn’t ask for, indicating those accounts are compromised. Change those passwords to strong ones.
4. Check the Sent folder for emails you didn’t send. Warn recipients about them.
5. Check settings (signature, forwarding, vacation reply, etc.).
6. Tell email provider you were hacked but you changed your password.
7. Enable two-factor authentication, if possible.

Securely erase a hard drive with DBAN.

Parting Thoughts

Priorities (do these first, and the rest when you can)

• Back up your files.
• Keep your computer and phone software updated.
• Use strong, unique passwords for important sites.
• Turn on two-factor authentication when possible.
• Browse the Web safely using a good browser with security plugins.
• Don’t open attachments or links you’re not expecting.

Recommended websites

• Firewalls Don’t Stop Dragons: Site by the author of this book.
• Naked Security blog: Security info.
• Spread Privacy blog: Blog by DuckDuckGo.
• Schneier Blog: Bruce Schneier’s analysis of current events, with long-term context.
• Microsoft Digital Skills: Many resources for security and privacy.

Firewalls Don’t Stop Dragons Book Review – Final Thoughts

If you found this summary helpful, then read the book, Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies by Carey Parker.

The Resources page has additional books about Internet safety, security, and digital parenting.

What You Should Do

Here are the top tips I’ve selected from this book.

1. Use a password manager to create strong, unique passwords. Parker and I like LastPass.
2. For secure messaging, use an end-to-end encrypted messenger: Signal, Wire, Apple’s iMessage, or WhatsApp. Don’t use email or text (SMS) for sensitive messages.
3. To securely send a sensitive file, use Firefox Send (set a password). Don’t use email or text (SMS) for sensitive files.
4. Use a storage provider that lets you hold the encryption key.
5. Teach kids to protect their identities by giving as little identifying information as possible when creating accounts.
6. Teach kids they can only accept as online friends people they’ve met in person, unless you approve an exception.
7. Use OpenDNS to block objectionable web sites.
8. Before you get rid of a computer, iOS device, or Android device, reset or wipe it. See the instructions in this post.
9. Back up your files.
10. Turn on two-factor authentication when possible.