[ISN] Justice IG report: Protect laptop data

InfoSec News isn at c4i.org
Wed Oct 12 00:07:22 EDT 2005


Forwarded from: matthew patton <pattonme at yahoo.com>

wow, nobody mentioned using VMWARE? Granted it's less desirable and
clean cut (think KISS) than 2 hard drives but the "classified" VM can
be stripped of it's ability to cut/paste and share network/devices
with the host OS. All files could be saved on an AES/3DES encrypted
disk "image". Even better to require a fingerprint and/or say the CAC
card to unlock the filesystem.

Let's see, slim-line 80GB USB hard drives cost what, $160 from CompUSA
et. al? USB hard drives are bootable now from moderately recent BIOS
ROMs and even if they weren't, it would not be very hard to create one
of those credit-card CDROM images that will bootstrap enough of a
kernel to get access to the USB subsystem and then invoke the
bootloader of the red or green disk that's plugged in.

Along the lines of "specialized" hardware, there's the ol' KVM trick
applied to hard drives. Say the onboard HD is UNCLASS and there is a
little toggle switch that electrically activates the inside or slotted
one. I think I've seen 2" HD slots in place of (or in addition to)
PCMCIA slots in some laptops. Even if not, I'm sure at least one big
player would jump at the opportunity to offer a product to the US
Govt. The easiest circuit to turn on/off would be the power feed. So
even if both HDs were plugged into their bays only one would have
electricity. Pin them both "master" and there'd be no way for them to
coexist even if both managed to get power.

But the article makes a vital point throughout - it ALL depends on a
userbase that doesn't screw it up. Something tells me not to ever
underestimate the creativity of the stupid.





More information about the ISN mailing list