Building a secure travel laptop!

This is my first post. English not my first language

I will try to make it as short and clear as possible.

1) Have a laptop for international travelling with security in mind.

HOW TO SETUP:

1a) Enforce higher security by SEPARATION. Separation is achieved by using Truecrypt FDE with Hidden operating system. So to speak the result will be "2 computers in 1".

Decoy system is used for news, entertainment, casual surfing etc.
Hidden system is used for business tasks and internet banking. Has much higher security requirements.

Because of the encryption and this setup if we assume decoy system is compromised by malware it cannot in 99,9% cases infect the Hidden operating system.

So, the most interesting part is how now to setup the Hidden operating system part of the computer, so let's continue with that:

2) General software:

Win 7 64bit (updated, only bare minimum of services running others disabled, UAC max)

Limited number of apps installed (no Java, Flashplayer, using LibreOffice and Foxit reader instead of Adobe and MS products);

For e-mail Thunderbird is used, online e-mail accounts never accessed (Does it matter, I am not sure it's the best solution here?)

Sandboxie running Firefox, sandbox deleted after browser closure.

3) Security products and settings used:

-Comodo Firewall. Custom ruleset (i.e. I define the rules), HIPS enabled (Clean PC Mode), some apps like IE have been denied for accessing the net by firewall rules;

- NOD32 Antivirus, HIPS disabled. Working real-time.

- Emsisoft Anti-Malware. Used because uses Bitdefender engine and has good detection rate. Working also real-time (Yes, with NOD32 - for Emsisoft the real-time protection is set to "scan programs on execution only" to prevent conflict with NOD32). It works!

- Some on demand scanners available (Trend Micro, TDSSKiller, Malwarebytes)

- Plan to install EMET

- Plan to opt also for SRP or Applocker (do not know to which one, is it worth it and where to find a good guide for the setup?)

4) Protection on the network side:

- VPN ALWAYS used ALWAYS with disconnect and DNS leaks protection.

- Open WIFI is always accessed with decoy system. Hidden operating system is only used with internet connection provided by the hotel and preferably wired. Would it make sense to purchase some "travel router" and use it also in hotel for business tasks beacuse of the hardware firewall?
So this would be the setup. In red are things I am not so sure about whether these would make sense/are best practices;

Please if you have interest to read it and have some suggestions, these are warmly welkomed!

Thank you,
Boriss

 

VPN - Mullvad/AirVPN/BolehVPN.

TrueCrypt - Full Disk Encryption.

Done.

 

You could also pick up a nice travel router that runs OpenWRT. If you want to be anonymous you can even run TOR on the router and use it as a bridge. Tunneling all your data over the TOR network transparently to your devices. Or setup a VPN in place of TOR.