Off the wall Computer Security thought

Encrypting the file system is usually the go-to technique for that. Most operating systems now offer that capability in one way or another; it's not the exotic geekery that it once was. You might be able to have individual files or folders that are encrypted, and have the system prompt you for a key on first access, or the whole file system, and you get prompted when you boot the machine.

The nice thing about working at that level is none of the applications you're using need to have any clue about encryption. It just happens. And it's fairly convenient in use once the key has been entered, but assuming the machine is off when the marauders take it, or they unplug it in order to take it, they're not going to get the data.

Hard drives that do all this internally (SED, self-encrypting drives) are also a thing, so even the operating system you're using doesn't need to support encryption. The drives will require key entry during the computer's boot process. That key entry during boot will work on even quite old machines, because it's the same process that was used years ago by drives that weren't self-encrypting but supported boot-time passwords. The difference is the older drives were saying "give me the key or I won't give you the goods", and a self-encrypting drive is saying "give me the key or I can't give you the goods."

SED also makes repurposing large drives a lot more practical, if you want to get rid of the data from the last use. Ever waited for a low-level wipe/reformat to complete on a hard drive of modern-day size? If it's a SED, you just send it one command, it changes its internal encryption key, and boom, no-one's seeing that old data again.

 

In years past, paranoid hackers built a coil into the door jamb of the room that held their computer. Anyone leaving the room would trigger the degauss sequence and wipe the drive.

A more useful technique used a small amount of thermite on the disk drive. When an alarm is tripped the thermite melts the drive before it can be extinguished.

But ChapmanF hit the nail on the head. Encryption is a great option as long as you are taking adequate measures to ensure that your system does not get hacked in the first place. If you click on a link in an email, all bets are off.

Dan

 

Indeed: recent versions of Microsoft Windows and macOS call this feature BitLocker and FileVault, respectively.

That’s true—but these days, only amateurs unplug the computer. When Ethan Hunt sneaks in to steal a server or a desktop PC, he’ll bring a “power override device” and a UPS, so the computer can be taken back to Secret HQ for analysis without turning it off, which would erase any decryption keys held in RAM.

 

As others mentioned, the physical theft of computers is less of a concern nowadays if you make sure files are protected and usual precautions like powering down the computer every time when done and locking the OS with a strong password and preferably with biometric ID.

I worry more about non-physical theft by hackers. To that end, I recently installed NETGEAR Armor powered by Bitdefender | NETGEAR. It cost a subscription fee but seems to be very comprehensive. I think this one only works with the Netgear router which I have, but there must be a similar product for any router.

 

And with the cost and size of USB sticks now, it makes sense to have all those files on a stick and given to someone who you can trust. I give one to my son 50 miles away so if my house blows up and even my on site backups are lost, I still have that precious data. The spreadsheet with all my passwords and access codes to all my financial data is encrypted. My executor knows the password.

Don't know why TurboTax doesn't do that for you.

Reminds me I take the hard drives out of my old computers when I scrap them. And I've been meaning to disassemble them and physically destroy the platters so I can get rid of them. Better put that on the to do list.

 

I disassembled a bunch, popped the drive disks out, use them as coasters. Pretty sure once they’re out in the air, handled a bit, they’re toast?

 

$work has a little hydraulic press inside a see-through enclosure, just drives a fat spike down through the drive.

3.5 inch platters get all mangled. 2.5 inch platters are ceramic; they go pop and disintegrate into powder.

When time permits, I like to disassemble just to harvest the head positioner magnets. Nice magnets.

 

*EDIT* accidental double post

 

I used to do this for my old job before the IT department got a sledgehammer. no joke.


Also there (used?) to be a company called IRONKEY. Military encryption thumb drives that if the wrong password was entered they would self destruct inside.

 

Most of the security problems that you will encounter will be self inflicted, and not some cretin breaking into your house and making off with your hardware.
We have a $200 Chromebook that we use for biz-banking.
Everything else is done on IOS/Wintel boxes, and we don’t cross the streams.

KISS

 

Also, if you have a Mac, you can remotely do a factory reset if you're ready if the thief turns it on, cracks your password, and connects to the internet.

 

We also have SimplySafe. It was easy to set up and it works. While we were in Florida my nephew was coming into Columbus to visit relatives. We offered him the use of our home. He texted my wife when he arrived to be sure that the alarm was off but she missed the text. Suddenly both our phones started ringing and a SimplySafe rep said that there was a breech. We checked the camera facing the front door and there was the culprit, our nephew, walking in. We verified that he was ok and provided our safe word. I was curious about the range of the motion detecting feature of the camera's but it worked as advertised.

On the computer security, I prefer to keep my passwords on my computer rather than trusting some cloud based app to maintain them. You can secure an Excel spreadsheet with a password which is what we use. In Excel, choose File / Info / Protect / Password.

I just checked our Excel password list and there are 46 entries. How do you accumulate that many passwords? It seems that most commerce sites today require one. We used to have a very simple common password for most commerce sites. Most commerce sites now require a number and a special character as well. We have a much more secure password for our banking sites.

On another note, Windows10 kept nagging me to use OneDrive to save everything and it was the default setting when I chose Save so I finally uninstalled OneDrive.

They also keep nagging me to sign in using my Microsoft account but I set my computer account to Local. I can still do everything on our local network but without so much interference from Microsoft.

 

Do any of the security guys remember the Dumpster Diver Wars and shredding. Microscopic sub bit recovery from magnetic media Clandestine Corporate Departments assigned with changing file header ownership
Or the battle cry of Prior Art in many of the Anti Trust Cases that went to the supreme court in the last 40 years and probably since the beginning of the Anti Trust era.

My computer is a box of wires that connect electronic gears switches pipes and an assortment of other gadgets and gizmos that connect with other similar boxes which they in turn connect to another group of bigger boxes which in turn connects with groups of bigger boxes Ad infinitum

 

I use a Pi-hole ad-blocker which essentially acts as a firewall to block advertisements and tracking domains. It works quite well at keeping the riff-raff away, and protection and security are enhanced by the understanding that what can't be seen can't be stolen. No ad revenue for my ISP either. Just one of many things one of these Raspberry Pi single-board computers can do. I have great fun with them in my spare time.