homepage Welcome to WebmasterWorld Guest from 54.161.200.144
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Webmaster Hardware
Forum Library, Charter, Moderator: open

Webmaster Hardware Forum

    
Protecting my computer from physical access ?
mike2010




msg:4316926
 3:19 pm on May 24, 2011 (gmt 0)

I know this sounds weird & maybe pretty impossible...but is there anyway to physically protect our computers ?

Its a tiny chance, but with all kinds of sophisticated technology these days...It almost feels like think paranoia levels have hit the roof in our business.

Like even if my computer is protected fully software wise..I want it to be protected the same way physically. Like if I go on vacation or something.

Is there a such thing as a laptop enclosure , that the laptop can go into....and the only way to get it out is with key access ?

and what about for desktops ?

thanks

 

brotherhood of LAN




msg:4316937
 3:28 pm on May 24, 2011 (gmt 0)

A physically secure room helps minimise potential issues. Consider encrypting your data while you are gone. If it's the data (more so than the hardware cost) that's the issue, that is a great cost-effective way of deterring access.

mike2010




msg:4316952
 4:04 pm on May 24, 2011 (gmt 0)

It doesn't matter how secure your data is if someone has physical access to it. THAT's the issue.

brotherhood of LAN




msg:4316964
 4:30 pm on May 24, 2011 (gmt 0)

Indeed, it's the part of computer security that's often forgotten, I remember looking at case studies of it in education.

Physically securing the computer is really not too different to securing the room that the computer is in.

laptop enclosure


A safe. Anything that can be 'taken away' i.e. not bolted down can eventually be broken into.

And although encrypting your data doesn't fall into the category of 'physical security', it is another level of security that prevents your data from being stolen.

Your hard drive is essentially what you need to keep safe (again, if it's the data and not the hardware you care about)

Leosghost




msg:4316966
 4:34 pm on May 24, 2011 (gmt 0)

just remove the laptop HD and take it with you ( if you want to be ultra paranoid take the RAM cards too..no need to ..but hey :) if it's piece of mind you are looking for ..SSHD ..even more easily transportable ..smaller than your cell phone.

[edited by: Leosghost at 4:36 pm (utc) on May 24, 2011]

coopster




msg:4316967
 4:35 pm on May 24, 2011 (gmt 0)

The issue truly lies in both the physical access to the device itself as well as the contents within the device. Physical security to the grounds, the building, the room and the computer itself can go as far as you want it to go, as long as you have the money. Physically securing a desktop or laptop within the room itself could indeed be within some form of container but then you have new issues such as heat dissipation and/or cooling as well as the general nuisance of accessing the device itself when you need to load a USB device, a DVD, etc. To "overcome" this issue some personal computer chassis manufacturers have included chassis locks which allow you to keep the box itself locked shut and some provide a method where you can secure the box itself to a desk or some other immovable object, typically a cable and lock.

All that said and done, if you are at all concerned about the contents stored on the hard disk drives, encryption is a must nowadays.

onlineleben




msg:4317066
 7:48 pm on May 24, 2011 (gmt 0)

just remove the laptop HD and take it with you

I prefer putting it into my safe deposit box at the bank.

lammert




msg:4317121
 9:50 pm on May 24, 2011 (gmt 0)

For laptops you can buy special laptop safes. My experience is that laptops don't fit well in ordinary safes. Having a steel cable between your computer and the furniture may help to prevent it from being stolen by a shark, but any thief with serious equipment will be able to cut the cable or lock and take the computer with them.

I have seen permanent anti-theft enclosures for running desktops and small servers which have a forced ventilation system to keep the computer cool. But in such a situation I would rather go for a locked room and put the server there.

J_RaD




msg:4317227
 1:15 am on May 25, 2011 (gmt 0)

to wrap that up go ahead and use truecrypt to do full drive encryption

onlineleben




msg:4317586
 8:02 pm on May 25, 2011 (gmt 0)

Having a steel cable between your computer and the furniture may help to prevent it from being stolen by a shark, but any thief with serious equipment will be able to cut the cable or lock and take the computer with them

When in a hotel, I don't put the laptop into the safe, but use the Stell cable to attach it to the plumbing in the bathroom.
This has 3 advantages:
- you can work while in the bathroom
- a thief usally doesn't have the equipment to remove the toilet bowl
- hotel personnel can open the room safe undetected, but need a plumber to steal my laptop

mike2010




msg:4317749
 3:29 am on May 26, 2011 (gmt 0)

to wrap that up go ahead and use truecrypt to do full drive encryption


I've never tried one of these before.

but basically, would it prevent people from even booting up the computer ? or at-least getting a password prompt before the Windows screen even appears ?

ron15




msg:4317752
 3:38 am on May 26, 2011 (gmt 0)

Truecrypt is the single best thing you can do to protect your valuable data. I encrypt the system volume, my only drive on my laptop. There is a performance hit, but I use an SSD, so overall its very fast, much faster than a conventional hard drive that's not encrypted. If my laptop gets lost or stolen, I have no worries other than being out a few bucks.

Lexur




msg:4317754
 3:51 am on May 26, 2011 (gmt 0)

a) use the password option in the BIOS
b) move your content to a USB HD to keep it always with you and make regular (in the shadow) backups with GoodSync
c) buy a security cable (AKA Kensington cable) to attach your notebook to your bag, to the hotel's bed or plumbery

J_RaD




msg:4318184
 7:30 pm on May 26, 2011 (gmt 0)


I've never tried one of these before.

but basically, would it prevent people from even booting up the computer ? or at-least getting a password prompt before the Windows screen even appears ?


right, before ANYTHING loads you get prompted for a pass, no pass? no dice.

remove the drive and stick it in another machine? unreadable!

as stated you will take a perf hit but if your stuff has to be safe you won't mind.


a) use the password option in the BIOS


huh? c'mon those don't work!

mike2010




msg:4321680
 7:03 pm on Jun 3, 2011 (gmt 0)

a bit of a follow-up question..

Anybody know if there's a laptop manufacturer that doesn't even allow internal hard drives ?

almost every laptop you buy these days comes bundled with internal drives..

#1 I could save money.

#2 i'm only interested in external drives from now on.

mike2010




msg:4321968
 3:42 pm on Jun 4, 2011 (gmt 0)

One of the reasons I brought the above up is because...Truecrypt doesn't appear to have any security towards physical access -

[en.wikipedia.org...]

Physical security

TrueCrypt documentation states that TrueCrypt is unable to secure data on a computer if an attacker physically accessed it and TrueCrypt is used on the compromised computer by the user again (this does not apply to a common case of a stolen, lost or confiscated computer).[21] The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called "evil maid attacks"

Leosghost




msg:4321980
 4:09 pm on Jun 4, 2011 (gmt 0)

re no internal drives ..
Not heard of a manufacturer that doesn't allow them ..but nothing is stop you disabling the current HD bay ( and even resining it to prevent substitution by another HD ) and booting from removable HD or flash memory ..both linux ( and windows 7.. with a few "tweaks" ) can be run as the boot OS from thumb drives or external hard drives..spinning or SSD )..Grub will let you choose between them .

I have linux and win7 ult on thumb drives ..and most of my everyday apps like browsers and email, ftp etc etc etc on thumbdrives, saves carrying a laptop around with you, 3 thumb drives 16,8,4 ( or one large capacity one 32 gigs and you have it all ;-)..you can make most win apps portable via "thinstall" ..and run them from removable drives via wine under linux..or as portable apps in win.

plus you can always encrypt the sensitive areas on the thumb drives with whatever you wish..

J_RaD




msg:4322136
 4:16 am on Jun 5, 2011 (gmt 0)

mike.....dood, what in the heck kinda stuff are you doing. do you have window tappers?


TrueCrypt documentation states that TrueCrypt is unable to secure data on a computer if an attacker physically accessed it and TrueCrypt is used on the compromised computer by the user again


use truecrypt to create a hidden encrypted partition in your system on top of the whole drive encryption. the new hidden encrypted partition will be known ONLY to you, so if someone pokes around at your data too much they'll only be looking at what seems to be nothing....and will just start overwriting your hidden encrypted partition. So it doesn't matter who is standing at your hardware only YOU know what is there and isn't there.


The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software,


ok well 1st off there won't be any installing of SOFTWARE on a fully encrypted hard disk granted you did a full power off. hardware keyloggers? i'd hope you'd notice such a device on a laptop.

how about full power off then removing the drive from the laptop and storing them away from each other in other physically secure enclosures.

mike2010




msg:4322253
 5:45 pm on Jun 5, 2011 (gmt 0)


mike.....dood, what in the heck kinda stuff are you doing. do you have window tappers?


haha, nah man. Just working on a new project , coded from scratch..and wanna make sure my stuff is as secure as possible.

thanks for the tips though. I guess Truecrypt is still in the cards.

J_RaD




msg:4322257
 6:20 pm on Jun 5, 2011 (gmt 0)

yea it has many different options, the hidden encrypted partition in a partition seems to be about as safe as you can get with it

[truecrypt.org...]

but as safe as you want this data its not going to hurt to just go overkill and do it all.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Webmaster Hardware
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved