Red Cedar
More apocalypse, less angst
hardware security help.
haven’t had much to say this week during my time in prince rupert – mostly spent working, visiting with work friends and in the evenings writing.
here’s a question for the geeks out there who read this blog. if you were to identify a hardware security threat what would it be? (and don’t say keyloggers, i already know about those – and tempest doesn’t count because it’s basically just theoretical and probably doesn’t work with newer monitors anyways).
i’m stumped on framing hardware security issues, and i have to pump out at least 1500 words on the subject (minus the 250 on keyloggers). answer in the comments or send me an email.
thanks.
4 Comments on “hardware security help.”
Leave a comment
Red Cedar 
How about using network switches rather than hubs? Mac address spoofing? The fact that mac addresses form part of an IPv6 network address (sometimes). Wireless I guess kind of comes under this. There was recently some vulnerabilities in the way Windows handles USB (I think to do with the fact that that the drivers get loaded as administrator and could therefore gain full control of the system). And talking of USB, how about a bit on stopping employees using USB sticks (and floppies) in order to steal company data? And how about printers – tracing them by the ink, that sort of thing.
lack of physical security where the computer resides
may not be what you had in mind but i got to agree with david on this one — physical root. all the network security in the world means nothing if someone with a cd and and a usb key can walk up to it and takw whatever they want.
Friend of mine has a zippy fast machine with lotsa ram but a smallish hard drive. Anything he does that is remotely sensitive – client data, etc. – he stores on a removable hard drive that he either carries with him (sometimes to the point of obsession) or keeps locked in a secure location. Every so often, he mirrors the drive onto a series of DVDs which are securely stored, and then destroyed after a new set of backups is added.
So someone could break into his apartment and steal his computer and all of his peripherals and get almost nothing client related or private. Sure, it would be a big blow to replace the hardware and software, but the data is securely kept offsite. And it doesn’t take too much extra effort to do this.