General Security?

Keith A. Milner maillist at superlative.org
Wed Dec 17 03:20:44 EST 2008 

On Wednesday 17 December 2008 04:46:09 Cam Ellison wrote:
> John C. Harper wrote:
> > I am completely new to GnuCash and Linux. So far, I have not had any
> > serious problems installing and configuring openSUSE 11.0 and GnuCash
> > 2.2.4.
> >
> > Congratulations and Thanks to all who have worked so hard to make it
> > easy for me. This stuff is ready for prime time in my opinion.
> >
> > As I was setting up my accounts in GnuCash, I began to wonder if it was
> > wise to enter all my account numbers and other sensitive information
> > before I knew anything about the general security of GnuCash. It is set
> > up on a computer connected to the internet 24/7 unless I remember to
> > turn it off.
> >
> > Is there any danger that my financial information can be accessed by
> > others? I would like to take prudent, but not necessarily extreme,
> > precautions.
>
> With Linux, and other varieties of Unix, while security is not
> absolutely guaranteed, the use of long and non-word-like passwords
> incorporating a mix of upper- and lower-case letters and numbers (for
> both root and yourself) generally makes a very strong barrier.  It's
> very wise - many would say essential - also to have a firewall (you'll
> have to go to other email lists for that information) with all but the
> essential ports blocked.  GnuCash stores all the information in
> compressed XML files, which is not inherently secure, but if you focus
> on preventing access to the entire system, the need for encrypting data
> within that system becomes somewhat moot.

I agree with Cam's view. However, if you are very concerned there's a few ways 
you can secure your data further. One is to have an encrypted drive partition 
(e.g. www.truecrypt.org ). The other is to keep sensitive data on a 
removeable media, like a USB key, and remove it when you're not using it. 
These will reduce the exposure your data will have to being accessed 
remotely.

Bear in mind even this isn't 100% secure. At some point you need to access the 
data and, whilst you are doing this it is vulnerable. It is entirely possible 
that some virus or remote vulnerability will give a third party access to 
your data during this time.

HOWEVER... whilst it is a very real possibility, with some simple steps like 
the ones Cam suggested (I would add to keep your OS updated) you can make it 
a very, very, very, very, very very unlikely one.

The only real way to have 100% electronic data security is to never put any 
sensitive data on your computer. Clearly this is impractical.

On the other hand, it is relatively easy with some common-sense to get 
99.99999% (or greater) security.

Also bear in mind that many security breaches are physical (e.g. someone 
stealing or copying the USB key or retrieving papers from your trash) or 
social (e.g. phishing).

Remember to keep backups, but also remember to secure them too.

Cheers,

-- 
Keith A. Milner

More information about the gnucash-user mailing list