Stephen Reese

This installment is about keeping your notebook and other technology items safe. I was recently asked what the Defcon locks were for that I have been distributing with the new notebooks. I jokingly said to keep people from taking your monitor and chair from your desk while your on travel but there is a better reason I distribute them.

People assume having your hardware stolen is the ultimate way to compromise your data. An adversary that is smart enough will know better though. A system running TrueCrypt or similar encryption is a near impossible target if powered off while you are away but a system running encryption that powered on on, not so much. Passwords and keys to most encryption are stored in memory while the system is running. Recovering said keys is not an easy task but is possible. If you cannot break the habit of leaving your device on when not around or putting it standby because you cannot stand the boot up time then make sure you are using strong passwords that a difficult to guess to avoid giving the attacker the chance to use tools to capture memory and parse it for your super secret pass-phrase.

Even this has it’s downfalls though, there have been attacks that can thwart the password mechanism on a device and run an attack such as stealing the pass-phrase. An example is the Firewire attack which provides direct hardware access from some devices to your system. If the attacker can do this then it is game over for your data as they can use a tool to crack your system password. Fix, do not let an attacker walk away with your device still powered on, i.e. use a lock when at clients or at a hotel room.

The evil maid attack is often not thought of. You are supporting a remote client, come back to your room to check your mail and leave for dinner leaving your notebook. While gone the evil-doer aka evil maid visits your room to fluff your pillows and notices your notebook on the table. Whether it’s on or off a device that you probably won’t notice is plugged into your system and it records your pass-phrase when you type it in. The evil maid returns to then steal the notebook as they now have the passphrase to get your data. To avoid this one, pay attention to rogue devices plugged into your hardware. Sounds simple but who would check for a small USB device plugged into the back their host. Also use a lock to keep the evil-doer from stealing the hardware after obtaining the key after such an attack.

What am I trying to say here?

  • Use encryption, the performance hit is very small and the newest notebooks with the “i” series chipsets use hardware encryption.
  • Avoid leaving your device running if not around when at foreign locations, i.e. hotels, clients, etc…
  • Use a lock to attach the notebook to a desk, chair, whatever. I know these are not exactly Fort Knox but it is a deterrent.
  • Epoxy ports (warning this may not be an available option for a corporate assets). Yes this is extreme but why do you think some companies enforce this on their desktop systems and/or servers.

Comments

comments powered by Disqus