On Mon, 8 Jan 2007, Joe Landman wrote:
The idea is you minimize the exposed footprint of the machine to threat facing access. This is why lots of the secure sites are disabling USB ports on the motherboards (but mistakenly then running systems which can install keyloggers and other malware ... ). If the USB does not electrically work, it is not a possible attack vector.
(Ignoring the rest of Joe's quite excellent security summary, which for the most part I completely agree with although I'm much more willing to say the word "Microsoft" than he is, apparently. Microsoft. Microsoft. Microsoft <poof, they disappear>:-) This part reminds me of parts of Neal Stepheson's "Cryptonomicon" and trans-ubercrackerdom. In principle, every time you type a key, you generate a tiny electrical signal with an associated EM pulse signature. Some portions of the energy associated with the signal are immediately radiated into the surrounding environment, where they are e.g. absorbed by components on the motherboard, others cause tiny fluctuations in the power draw. In all cases there exist amplifiers and feedback loops that can cause those signals to modulate existing signals and noise. Indeed, if you run your system's microphone on at high gain (whether or not the microphone is plugged in) and listen to audio noise, you can usually actually hear some of the noise modulation produced by your typing as you do so. In principle those modulations can be isolated from the generic noise and signal mix on e.g. the power lines, ambient phone lines, external high gain EM antennae, and so on. Or in another of my favorite spy methologies, one can bounce lasers off the external windows or microwaves off of the walls of a house, do a fairly simple autocorrelative deconvolution of the reflected signal, and pick up e.g. human conversation or the noise of keyboarding from inside. Since humans tend to type keys in patterns and frequencies that can (with some effort) be stochastically analyzed and matched to keystrokes, if somebody REALLY REALLY WANTS TO they can very likely snoop on your system activity in some pretty extraordinary ways. Ditto in principle one can often recover whole histories of read/write behavior from hard disks by working hard enough on analyzing the residual magnetization distribution of magnetic domains. The "physics" of systems isn't really designed to be secure, it is designed not to annoy people or other hardware devices with EM noise above a certain intensity in certain frequency ranges. BELOW those intensity ranges there is a wide expanse of in-principle detectable. So who wants to this badly (cracking and snooping at this level isn't cheap)? Bad people where there is a lot of money at stake are one possibility -- maybe it is time for another Neal Stephenson novel where the world's largest bank heist takes out the fortune of a well-known multibillionaire computer geek who foolishly allows his online access to enormous amounts of money to be keylogged in many different ways, or where bank officers or bank IT systems are systematically compromised in this way. Banks tend to be paranoid enough to completely isolate their core systems -- NO external network, careful filtering of all power supplies, NO windows, NO external walls, checks on checks at all human levels. Also the military and government, where some secrets are worth more than money on both sides -- as the cracker (of e.g. al queda systems, if any are known) and defending against crackers. Again, I'm fairly certain that most of the NSA's systems are locked down against all of this sort of thing and still more, with systems people that are paranoid even by the borderline personality standards of that insanely paranoid profession... SO it isn't just keeping good passwords or being a boy scout or monitoring a system carefully. Der Ubercracker is, almost by definition, always one leg up on you. The only thing that stops them from cracking you is the investment in time and other resources involved, or the risk of negative penalties if they are discovered trying (which can be minimized by investing more heavily in the effort, etc.). I absolutely agree with Joe's basic approach -- inform everybody that avoiding data theft is a matter of investment and CBA on BOTH sides of the line -- you have to protect the data on the basis of what it is worth. Beyond that, the smart thing to do is engineer the system so that if you are cracked, in some sense you do not care. Your data is backed up (multiply, redundantly, over a long enough time interval that you can go back before the cracker entered and work forward cleaning as you go). Your systems can be reinstalled "instantly" (see previous discussion on automated scalable install and maintenance). Your servers are sufficiently tough and you watch things sufficiently carefully that you probably didn't get cracked there and if you did, well, you reinstall them from scratch too (off the network, taking real care to clean up the primary means of entry as you do so). A good design can make being cracked ALMOST a non-event for less than ubercrackers (who are so good at encapsulation that you may never know they are there, or can only tell that they are there by passively monitoring raw network traffic from an uncompromised box). They get in, you catch them quickly, reinstall the compromised machine and freeze the compromised account (pending a talk with the user, sucker rod in hand:-), and go on with life. rgb -- Robert G. Brown http://www.phy.duke.edu/~rgb/ Duke University Dept. of Physics, Box 90305 Durham, N.C. 27708-0305 Phone: 1-919-660-2567 Fax: 919-660-2525 email:[EMAIL PROTECTED] _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
