Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Oh, the things a bad guy can do if he can lay his hands on your computer! Here's a sampling, going from Stone Age to Space Age:
He could mount the ultimate low-tech denial of service attack, and smash your computer with a sledgehammer.
He could unplug the computer, haul it out of your building, and hold it for ransom.
He could boot the computer from removable media, and reformat your hard drive. But wait, you say, I've configured the BIOS on my computer to prompt for a password when I turn the power on. No problem – if he can open the case and get his hands on the system hardware, he could just replace the BIOS chip. (Actually, there are even easier ways).
He could remove the hard drive from your computer, install it into his computer, and read any unencrypted data.
He could duplicate your hard drive and take it back to his lair. Once there, he'd have all the time in the world to conduct brute-force attacks, such as trying every possible logon or decryption password. Programs are available to automate this and, given enough time, it's almost certain that he would succeed. Once that happens, Laws #1 and #2 above apply.
He could add a recording device or transmitter to your keyboard, then monitor everything you type including your passwords.
Always make sure that a computer is physically protected in a way that's consistent with its value—and remember that the value of a computer includes not just the value of the hardware itself, but the value of the data on it, and the value of the access to your network that a bad guy could gain. At a minimum, business-critical computers such as domain controllers, database servers, and print/file servers should always be in a locked room that only people charged with administration and maintenance can access. But you may want to consider protecting other computers as well, and potentially using additional measures to guard their physical integrity.
If you travel with a laptop or other portable computer, it's absolutely critical that you protect it. The same features that make them great to travel with – small size, light weight, and so forth – also make them easy to steal. There are a variety of locks and alarms available for laptops, some models let you remove the hard drive and carry it with you, and almost all can be used with extremely small, extremely portable storage – e.g. USB thumb drives – for storing your data while you travel. You also can use features such as drive encryption available in most modern operating systems to mitigate the damage if someone succeeded in stealing the computer, or to retain some confidence in its protection if it’s taken from you in an unexpected bag check or unfriendly border crossing. If the computer walks off or is lost, you’ll still need to address the loss of the hardware, but it’ll be harder for your data to be disclosed without your knowledge. But the only way you can know with 100% certainty that your data is safe and the hardware hasn't been tampered with, is to keep them on your person at all times while traveling.
If you need help with your network's security, please contact DNS today. (http://dynamicsupport.com/)
Source: http://technet.microsoft.com/
No comments:
Post a Comment