Announcement

Collapse
No announcement yet.

My computer protocol:

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • nweaver
    replied
    Re: My computer protocol:

    Originally posted by jchillerup View Post
    I'm offering a six-pack to anybody who compromises nweaver's laptop and steals some data he didn't want stolen.

    No offense ;)
    None taken.

    However, I hate to dissapoint you: there is no data worth stealing. That is the real heart of the protocol.

    So if someone wants to compromise my computer, burn a zero day on a limited attack surface or, far easier, just steal it [1], I really don't care too much.

    If you want a few Bro scripts for packet injection detection, I can just send them to you: they are all stripped down versions of stuff from the main Bro archive except for the DNS detector, but that is pretty simple stuff.

    If you want to read my paper in progress, there's no secrets there.

    Either case, it will cost you a single beer directly ("Buy Direct, its CHEAPER"). I prefer Red Hawk, thanks.


    [1] Kidding on the "Just steal it". I'd care about it being stolen! The paperwork is such a hastle.

    Leave a comment:


  • streaker69
    replied
    Re: My computer protocol:

    Originally posted by jchillerup View Post
    I'm offering a six-pack to anybody who compromises nweaver's laptop and steals some data he didn't want stolen.

    No offense ;)
    Here's your plan:

    Leave a comment:


  • jchillerup
    replied
    Re: My computer protocol:

    I'm offering a six-pack to anybody who compromises nweaver's laptop and steals some data he didn't want stolen.

    No offense ;)

    Leave a comment:


  • nweaver
    started a topic My computer protocol:

    My computer protocol:

    Mostly as an FYI: Comments? Suggested additions?

    The following is my computer protocol for visiting a hostile environment. I actually designed it under the threat model of "What if I needed to visit China", which requires facing two nation-state adversaries (the US and Chinese government) which may have legal access to the computer, but I use it for going to DEFCON.

    It may actually be overkill for DEFCON, but as they say "There is kill, and there is no kill, there is no such thing as overkill". I wanted something I believe could work.


    The philosophy is twofold, the first is system hardening, while the second is constraining the damage a compromise could do.

    I begin with a clean OS install on a newly formatted hard drive. The system is brough fully up-to-date and necessary tools are installed (Firefox, Bro, Click, ipsumdump, Tex, etc) that I will need during my trip. Plastic MacBooks are especially nice, as the hard drive is trivial to change.

    I then segregate data. I create a new account on a server I have access to. This account has a new password, and is accessed through a new SSH private key. I create a version control archive on this account which I can also access from my normal account(s), and use this to store the entire working set I will need during the trip, but no more.

    Finally, I set up my web browser. I use NoScript, disable flash, disable Java, and tunnel all traffic through SSH. (I use both browser hardening and a tunnel because its easy to screw up and have traffic escape a tunnel, eg, by forgetting to set Firefox to also tunnel DNS through SSH).

    This works not because what is present, but what is absent. I do not have access to my mail accounts, normal public keys, or full working set. Not only do I harden my system, but I explicitly limit the working set so that a compromise minimizes the damage. If I need email access during the trip, I will set up a new Gmail account and forward my mail to the new account for the duration of the trip.

    And once I do that, no worries! I may be on a hostile network, but I've taken steps to minimize my vulnerability surface. But I know I'm not perfect, and who knows what zero-days are lurking in my computer. Thus I've limited the potential damage from a compromise: you can't compromise data that doesn't exist.
Working...
X