How much time and effort do you need to expend on ensuring adequate security for your computer systems?
To answer such a question, you need to assess the uses of the computer, the value of the physical machine and it's data, and the ease of access to the system, both physically and via the 'net.
Four common examples:
This is the computer that is set up for playing Quake and Doom. It probably isn't networked and the only important data on the machine are your saved games.
Security threat: Neglible.
Your home Linux box, complete with a dial-on-demand PPP connection to an ISP. This machine may store important files, such as copies of files from work.
Threats from the network are minimal, but the possibility of theft is very real.
Security threat: Minimal.
This may be a web, news or e-mail server (possibly all three!) that is permanently connected to the Internet. The machine may contain customer information such as client information, passwords, account details and even credit card billing details (stupid, but true).
The visibility of the ISP is bound to attract security problems from both customers and outside sources, including rival ISPs.
Security threat: High.
This may be a CAD system, containing the blueprints for the injection
moulding of a new widget, or a software development machine containing the
source code for the next must-have application.
Either way, the files on that computer could be worth millions of dollars.
Hopefully, the computer is not connected to the outside world, but may be on an internal network.
Systems like this are typically under threat from corporate espionage and disgruntled employees.
Security threat: Very high.
Assess the usage of your computer and the value of the data stored on that computer before deciding upon the level of security required.