What do you think?
Rate this book
Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies
Don't Get Caught With Your Drawbridge Down! Just how secure is your computer right now? My guess is that you probably don't really know. Computers and the Internet have revolutionized the modern world, but if you're like most people, you have no clue how these things work or what the real threats are. It's not your fault. Where would you have learned about this? Who would have taught you? While there are tons of technical books on 'cybersecurity' for people that already understand computers and networking, there are almost none for regular, everyday folks. That's why I felt the need to write this book.
Protecting your computer is like defending a medieval castle. While moats, walls, drawbridges and castle guards can be effective, you'd bankrupt the kingdom trying to build something dragon-proof. Security is never absolute, so it's about making the right trade offs and finding the defenses that offer the most bang for the buck. Just like we've learned over the years that we need to wear our seat belts, install smoke alarms, and put on sunscreen before we go to the beach, there are dozens of no-brainer things we should all be doing to protect our computers and safeguard our data.
I've structured this book to give you the maximum benefit with the smallest amount of effort. If you want to know the 'why', I explain how these things work in simple terms than even non-techies can follow; but if you're short on time, you can skip straight to the checklists at the end of each chapter. Each checklist comes with step-by-step instructions, including pictures showing you what you should see on your computer. Topics include: choosing and managing passwords, securely browsing the web and communicating with others, shopping and banking online, creating automated backups, locking down social media accounts, and even some tips for safeguarding your kids online. And if you want to go the extra mile, this book also explains some of the more interesting and important aspects of security such as encryption, password cracking, home networking, the Internet, VPN's, and more! This book covers most recent versions of Microsoft Windows and Mac OS X.
Protecting your computer is like defending a medieval castle. While moats, walls, drawbridges and castle guards can be effective, you'd bankrupt the kingdom trying to build something dragon-proof. Security is never absolute, so it's about making the right trade offs and finding the defenses that offer the most bang for the buck. Just like we've learned over the years that we need to wear our seat belts, install smoke alarms, and put on sunscreen before we go to the beach, there are dozens of no-brainer things we should all be doing to protect our computers and safeguard our data.
I've structured this book to give you the maximum benefit with the smallest amount of effort. If you want to know the 'why', I explain how these things work in simple terms than even non-techies can follow; but if you're short on time, you can skip straight to the checklists at the end of each chapter. Each checklist comes with step-by-step instructions, including pictures showing you what you should see on your computer. Topics include: choosing and managing passwords, securely browsing the web and communicating with others, shopping and banking online, creating automated backups, locking down social media accounts, and even some tips for safeguarding your kids online. And if you want to go the extra mile, this book also explains some of the more interesting and important aspects of security such as encryption, password cracking, home networking, the Internet, VPN's, and more! This book covers most recent versions of Microsoft Windows and Mac OS X.
- GenresNonfiction
325 pages, Kindle Edition
First published January 2, 2015
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 10 of 10 reviews
April 26, 2023
Educational and practical cybersecurity and privacy advice for consumers, covering computers, phones, networks, Internet usage, communication, and parental controls. The book contains over 180 tips, most of which are relatively simple and free. Parker explains concepts clearly, with helpful analogies.
Each chapter includes the "why," explaining the importance of the chapter's topic, and the "how," a checklist with specific steps and screenshots to increase your digital security and privacy. Each chapter also ends with a concise summary and recommended resources.
Parker is a former software engineer who's passionate about privacy. He's also raised children through high school age, so he's able to address digital parenting topics.
This is a review of the 5th Edition (2023). I've also read the 2020 and 2018 editions.
Notes
Privacy Matters
Difference between security and privacy is that if someone steals your stuff, you can generally replace it. If someone breaches your privacy, you can't get it back. Security failures can be fixed; privacy failures can't.
Raise the Drawbridge!
Parker doesn't install anti-malware software on Macs. If you want it, he recommends Malwarebytes (free version), Objective-See software (e.g., Block Block, RansomWhere).
In Windows, enable Controlled Folder Access to limit risk of ransomware.
See which Windows services can be safely disabled.
MacOS' Lockdown Mode can be useful for normal people when traveling abroad, attending a protest, or in any situation where you could be arrested.
Spies in Your Midst
Parker is in favor of ad blockers because they protect against malvertising, but says that sites have right to refuse access to people blocking ads, because it prevents them from earning revenue that pays for the content.
Chrome, Firefox, Safari are "very secure." Firefox, Safari, and Brave are tied for most private browser, Edge is close to Chrome, and Chrome is worst. Parker recommends Firefox.
Assume everything you do in Chrome is tracked by Google. In 2020 Google was sued for tracking users even in incognito mode.
https://privacytests.org has privacy info about popular browsers.
uBlock Origin is only privacy add-on Parker recommends for Firefox.
Google's "Results about you" tool lets you request removal of search results that contain your personal phone number, home address or email address.
Set your router to use a third-party DNS provider such as Cloudflare, Quad9, NextDNS. Manually change DNS server settings on laptops and mobile devices for when they're away from home. Encrypt DNS queries for additional privacy (set in OS and/or router). Note that using a privacy-respecting DNS provider, even with encrypted DNS queries, won't prevent ISP from seeing your traffic, because they can still see IP addresses on packets, and figure out the domains they match. Using a VPN will prevent this.
Coded Messages and Wax Seals
Don't unsubscribe from spam unless you know sender; just mark as spam.
To create password-protected zip file on Windows, use 7-Zip; on Mac, use Keka.
Secure file-sending
• https://www.swisstransfer.com
• https://wormhole.app
• https://send.vis.ee
• https://www.filemail.com
• https://filetransfer.kpn.com
Encrypted email: Proton Mail, Tutanota, Mailbox.org, StartMail
Email aliasing
• DuckDuckGo Email Protection
• Apple Hide My Email
• Firefox Email Relay
• SimpleLogin
• FastMail Masked Email
Protect the Market and Town Square
Private cloud storage: Sync.com, Proton Drive, pCloud
Watch over the Lads and Lasses
Kids email services with parental controls: ZillaMail, KidsEmail, TocoMail
DNS filtering to block objectionable websites: OpenDNS, Cloudflare 1.1.1.1 for Families, CleanBrowsing
Armored Carriage: Your Mobile Castle
Secure messaging: Signal, Session, Threema, Matrix
Odds and Ends
Don't use insurance trackers. They can collect a lot of personal info, and possibly resell. Older devices that plug into vehicle computer may be less privacy-invasive than mobile app, but can still collect personal info.
Don't install vehicle manufacturer apps. They can collect data from car and phone, which can be shared or breached.
Prevent ID theft after someone's death
• Send copy of death certificate to IRS.
• Send copy of death certificate to Social Security Administration.
• Cancel driver’s license (and any other license).
• Notify large credit bureaus: Equifax, Experian, TransUnion, Innovis.
• Notify financial institutions.
• Notify health insurance provider(s).
Custom router software: DD-WRT, OpenWRT, Tomato, pfSense
Reverse firewalls software: Lulu (Mac), Portmaster (Windows)
Each chapter includes the "why," explaining the importance of the chapter's topic, and the "how," a checklist with specific steps and screenshots to increase your digital security and privacy. Each chapter also ends with a concise summary and recommended resources.
Parker is a former software engineer who's passionate about privacy. He's also raised children through high school age, so he's able to address digital parenting topics.
This is a review of the 5th Edition (2023). I've also read the 2020 and 2018 editions.
Notes
Privacy Matters
Difference between security and privacy is that if someone steals your stuff, you can generally replace it. If someone breaches your privacy, you can't get it back. Security failures can be fixed; privacy failures can't.
Raise the Drawbridge!
Parker doesn't install anti-malware software on Macs. If you want it, he recommends Malwarebytes (free version), Objective-See software (e.g., Block Block, RansomWhere).
In Windows, enable Controlled Folder Access to limit risk of ransomware.
See which Windows services can be safely disabled.
MacOS' Lockdown Mode can be useful for normal people when traveling abroad, attending a protest, or in any situation where you could be arrested.
Spies in Your Midst
Parker is in favor of ad blockers because they protect against malvertising, but says that sites have right to refuse access to people blocking ads, because it prevents them from earning revenue that pays for the content.
Chrome, Firefox, Safari are "very secure." Firefox, Safari, and Brave are tied for most private browser, Edge is close to Chrome, and Chrome is worst. Parker recommends Firefox.
Assume everything you do in Chrome is tracked by Google. In 2020 Google was sued for tracking users even in incognito mode.
https://privacytests.org has privacy info about popular browsers.
uBlock Origin is only privacy add-on Parker recommends for Firefox.
Google's "Results about you" tool lets you request removal of search results that contain your personal phone number, home address or email address.
Set your router to use a third-party DNS provider such as Cloudflare, Quad9, NextDNS. Manually change DNS server settings on laptops and mobile devices for when they're away from home. Encrypt DNS queries for additional privacy (set in OS and/or router). Note that using a privacy-respecting DNS provider, even with encrypted DNS queries, won't prevent ISP from seeing your traffic, because they can still see IP addresses on packets, and figure out the domains they match. Using a VPN will prevent this.
Coded Messages and Wax Seals
Don't unsubscribe from spam unless you know sender; just mark as spam.
To create password-protected zip file on Windows, use 7-Zip; on Mac, use Keka.
Secure file-sending
• https://www.swisstransfer.com
• https://wormhole.app
• https://send.vis.ee
• https://www.filemail.com
• https://filetransfer.kpn.com
Encrypted email: Proton Mail, Tutanota, Mailbox.org, StartMail
Email aliasing
• DuckDuckGo Email Protection
• Apple Hide My Email
• Firefox Email Relay
• SimpleLogin
• FastMail Masked Email
Protect the Market and Town Square
Private cloud storage: Sync.com, Proton Drive, pCloud
Watch over the Lads and Lasses
Kids email services with parental controls: ZillaMail, KidsEmail, TocoMail
DNS filtering to block objectionable websites: OpenDNS, Cloudflare 1.1.1.1 for Families, CleanBrowsing
Armored Carriage: Your Mobile Castle
Secure messaging: Signal, Session, Threema, Matrix
Odds and Ends
Don't use insurance trackers. They can collect a lot of personal info, and possibly resell. Older devices that plug into vehicle computer may be less privacy-invasive than mobile app, but can still collect personal info.
Don't install vehicle manufacturer apps. They can collect data from car and phone, which can be shared or breached.
Prevent ID theft after someone's death
• Send copy of death certificate to IRS.
• Send copy of death certificate to Social Security Administration.
• Cancel driver’s license (and any other license).
• Notify large credit bureaus: Equifax, Experian, TransUnion, Innovis.
• Notify financial institutions.
• Notify health insurance provider(s).
Custom router software: DD-WRT, OpenWRT, Tomato, pfSense
Reverse firewalls software: Lulu (Mac), Portmaster (Windows)
July 31, 2019
Variations on a Theme is a superb piece by Johannes Brahms. Borrowing on that, In Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies, author Corey Parker has written an interesting variation on the theme of security awareness. This is a good thing, as you pretty much can’t have too many security awareness books.
Parker has written a very helpful security awareness guide that readers can use to come up to speed. As the title implies, this is a step by step guide, and can be used to gain an understanding of the core areas around computer security.
Early on, Parker makes a simple observation that far too many people involved in security awareness fail to appreciate. That being most people have no frame of reference for computer security. It’s often far too abstract and far too technical for them. With that, he decided to use the method of using a castle as an analogy for security awareness - thus the title. He is certainly not the first nor the last to use a castle analogy, but it works here.
The book covers all of the core areas, including passwords, patching, safe surfing, parental guidelines, and much more. The book makes heavy use of screenshots, and is good for the reader who needs a lot of TLC.
There’s a few bits of advice I disagree with in the book. Parker is not a fan of fingerprint biometric authentication. He thinks that if the fingerprint image is compromised, then the user will have the fingerprint compromised for life. As there is no standard biometric identifier, even if for example the Apple Touch ID image was comprised, it’s not like it could be used to authenticate into another system.
Parker is also not a fan of anti-virus software and astutely writes of its limitations. Even with all of those limitations, for most users, it’s still much more beneficial for them to have anti-malware software installed, rather than forgo it and base their security on the other tactics described in the book. With that, this is a very helpful and easy to read guide that get help users get up to speed with all of the fundamentals of computer security.
For those looking for a guide to help them secure their computer, laptop, smartphone and more, but are command line apprehensive, Firewalls Don't Stop Dragons should be their go-to guide. And like the castle analogy, for those who need such a guide, Parker will be their information security knight in shining armor.
Parker has written a very helpful security awareness guide that readers can use to come up to speed. As the title implies, this is a step by step guide, and can be used to gain an understanding of the core areas around computer security.
Early on, Parker makes a simple observation that far too many people involved in security awareness fail to appreciate. That being most people have no frame of reference for computer security. It’s often far too abstract and far too technical for them. With that, he decided to use the method of using a castle as an analogy for security awareness - thus the title. He is certainly not the first nor the last to use a castle analogy, but it works here.
The book covers all of the core areas, including passwords, patching, safe surfing, parental guidelines, and much more. The book makes heavy use of screenshots, and is good for the reader who needs a lot of TLC.
There’s a few bits of advice I disagree with in the book. Parker is not a fan of fingerprint biometric authentication. He thinks that if the fingerprint image is compromised, then the user will have the fingerprint compromised for life. As there is no standard biometric identifier, even if for example the Apple Touch ID image was comprised, it’s not like it could be used to authenticate into another system.
Parker is also not a fan of anti-virus software and astutely writes of its limitations. Even with all of those limitations, for most users, it’s still much more beneficial for them to have anti-malware software installed, rather than forgo it and base their security on the other tactics described in the book. With that, this is a very helpful and easy to read guide that get help users get up to speed with all of the fundamentals of computer security.
For those looking for a guide to help them secure their computer, laptop, smartphone and more, but are command line apprehensive, Firewalls Don't Stop Dragons should be their go-to guide. And like the castle analogy, for those who need such a guide, Parker will be their information security knight in shining armor.
May 25, 2022
I work in IT, and I love it when procedures and documentation explain the “why” as well as the “how to” for the process I am doing.
As a long-time fan of the podcast, I felt it was time to get and read the book. And I was not disappointed! I thought I would know all the settings to tweak and what the values should be, but I was wrong.
I would recommend this book to Windows, Mac iPhone and Android users who are wondering if they should do more to protect their privacy. (The answer is “yes”, by the way)
This book will walk you through finding and changing the settings on your devices to improve your control over how much information you are giving away every time you go onto the Internet. You don’t have to flip every switch listed in the book, but you will know what they are and whether you want to flip it.
Good stuff!
As a long-time fan of the podcast, I felt it was time to get and read the book. And I was not disappointed! I thought I would know all the settings to tweak and what the values should be, but I was wrong.
I would recommend this book to Windows, Mac iPhone and Android users who are wondering if they should do more to protect their privacy. (The answer is “yes”, by the way)
This book will walk you through finding and changing the settings on your devices to improve your control over how much information you are giving away every time you go onto the Internet. You don’t have to flip every switch listed in the book, but you will know what they are and whether you want to flip it.
Good stuff!
June 28, 2020
Respecto al tema de la ciberseguridad, soy un ciudadano interesado, mas no informado. Este libro me pareció una introducción adecuada al tema, especialmente porque más que detallar mecanismos en forma técnica, da instrucciones sobre cómo estar más seguro en la internets. Se lo recomendaría a todo el mundo, a pesar de sentir que esta misma información se puede encontrar desperdigada en blogs, podcasts y otros medios de la web.
May 27, 2018
I read this book in conjunction with a class taught by the author and highly recommend it to everyone, especially anyone who thinks privacy is not that big a deal. It’s written for non-techies and not hard to understand and keep up with. The “tips”at the end of each chapter are actually tasks that, when completed, will increase security, and perhaps even more importantly, privacy.
January 5, 2019
The book was written very well, with lots of examples, and provided a couple of things for me to correct. The book was written for the non-tech minded, so you will find it written from that point of view, but it was still very informative for anyone not extremely security minded. Great book, and recommend it to anyone trying to increase their personal digital security.
February 4, 2020
A good starting point for beginners. I'd probably make some different software recommendations but overall it's a great resource for non-techies.
June 19, 2020
Good basic computer security book.
Easy language and fun to read.
Easy language and fun to read.
April 11, 2015
A very good non-techie introduction to contemporary computer security. The only downside is that this is a book where the checklists will become obsolete quickly as new versions of Windows and OS come out.
April 11, 2015
Everyone should be following the tips in this book. Covers backups, hard drive encryption, multi-factor authentication, etc.
Displaying 1 - 10 of 10 reviews