2008-03-28

Superglueing USB/Firewall ports (LANL)

One of the latest security trends is being able to grab sensitive data from a machine with just a USB key. This got me to thinking about one of the most harumphed thing from LANL employees.. the superglue-ing of external ports of all lab computers and the lock-down of laptops.

Not that its going to quiet down any, but a lot of people could not see any reason why you would want to do this and poo-poo'd the scenarios where someone could steal something from their computer (or use their computer for something bad). Well it turns out that the scenarios were not too far fetched, and you can try it soon yourself with 'DaisyDukes' a memory sniffer that will read data from a 'locked' laptop or office computer... whether its running Linux or Windows.

And if you have any computer with Firewire (hi Macs!) you are even more hosed. The firewire port has direct access to memory and can walk through all the protected parts. And depending on what your USB is and what drivers.. this can be the case also. While most of the published papers have been made public in the last couple of months.. a lot of this has been outlined in public research 2 or 3 years old... [and supposedly older, but I can't read Chinese to confirm or deny.]

I am not saying to go out and superglue your computers USB/Firewire/video-card ports (I am waiting for someone to figure out how to get into a computer with some of the latest video cards memory access).. Just be aware that someone with casual physical access to your computer can get more out of it without needing to take it apart.
  1. Make sure you know who has access to your computer when its on and off. The more sensitive the data you have on it, the more you need to control that access.
  2. Make sure you have a BIOS password and its not 00000, 123456, etc.
  3. Make sure your computer does NOT boot from a plugged in USB key etc.
As with all things security related, you are trying to make yourself less of a casual target...