How can using multiple laptops improve security?

Question

My being an admirer of Edward Snowden I've read several books about him. In each book and article there was said that he used four laptops in Hong Kong. Not for storing the documents, but because it was for security and it's a security technique.

I've tried to look up how four laptops can be more secure than one, but I can't find anything about why.

So, my question is why are four laptops more secure than one (or two, or three, for that matter) and what role separation should be used on them to improve security?

_{My guess:}

_{Laptop 1: Highly-encrypted and pass-secured disk/BIOS/... air-gapped without NIC laptop to store documents/contacts/files/...}
_{Laptop 2: Highly encrypted network- & connection-encryption for communicating.}
_{Laptop 3: Laptop with IDS (and eventually IPS) to detect network or malware intrusion.}
_{Laptop 4: Same security as laptop 1, but with more obfuscation to store passwords in a self-made local highly-encrypted database (with self-destruction if wrong master-password?) OR for testing USBs and files for malware (because passwords can also be stored on laptop 1).}

@DeerHunter How? He is trained by several spy agencies. I guess that techniques provided by them are (most of the time) pretty solid? — O'Niel, Feb 03 '16 at 20:12
I have edited your question, if you don't mind. Welcome to IT Security SE, please feel free to read the rules in the [help]. — Deer Hunter, Feb 03 '16 at 20:16
@O'Niel The same agencies who keep getting hacked by the Chinese on a near-daily basis? ;-) Something tells me they aren't as competent as people make them out to be. — Mark Buffalo, Feb 03 '16 at 20:29
@MarkBuffalo Generally assuming that someone is competent is human, but wrong. — AdHominem, Feb 03 '16 at 20:40
@AdHominem Absolutely. I don't think Snowden knows everything - no one does. — Mark Buffalo, Feb 03 '16 at 20:53

score 4 · Answer 1 · answered Feb 03 '16 at 20:59

You seem to assume that handling sensitive information is all that Snowden - or anyone else - does all day.

But that's not true. Most people use a laptop for a variety of tasks: Gaming, watching videos, listening to music, surfing the web, developing software, social networks, etc.

Many of these tasks create additional attack vectors. For example, there are games that contained vulnerabilities and DRM systems that were vulnerable. And that's assuming that the person purchases the game legally over a secure channel.

It seems reasonable to separate tasks that produce an additional attack surface but do not contain any sensitive information - eg gaming, music - to a different computer.

Personally, I don't really see the need for 4 laptops. Your ideas might be close to Snowdens thought process though (1 Laptop for communication and 1 for IDS/Firewall seems to make sense at least). Your Laptop 1 is only responsible for storage though. Why not use an external drive for this?

AdHominem · Accepted Answer · 2016-02-03T20:42:38.543

3

The more services and programs you run, the easier it is to attack you. By using four laptops you quadruple the amount of attack vectors and also the effort necessary to keep things up to date and safe. Also managing this plethora of devices will be true pain. Chances are high that, unless you are a good admin, you will not be able to securely configure that many connections and tunnels while also using this productively. If you intend to make your PC your full time employment, you could do it tho.

One well secured and hardened laptop is perfectly fine. If you are truly paranoid, just use Tails.

It's more important to be selective about the data you give away and protect than to randomly encrypt and secure every grocery list.

edited Feb 03 '16 at 20:42

answered Feb 03 '16 at 20:08

AdHominem

3,006
1
16
26

Thanks! That's indeed very true. Yet I'm wondering why he and agencies in general use four laptops then. – O'Niel Feb 03 '16 at 20:14
In theory, it helps keeping data separated. But that's a pretty no brainer solution. If you are Truly paranoid you use some RAM based OS like Tails or some live boot, backup all necessary data on an external drive after scanning it for viruses, then reboot and everything is gone. To me, the four laptop story sounds more like an anecdote which might have a different background than improved security. – AdHominem Feb 03 '16 at 20:17
Tails is not a good idea if you're truly paranoid. If there's a vulnerability in the live cd, your attacker will have access to everything. For the truly paranoid, nothing really beats [Qubes](https://www.qubes-os.org/). – Mark Buffalo Feb 03 '16 at 20:23
@MarkBuffalo Well yeah, anything that is not infected from the start and runs in read only mode with Tor will be pretty safe for 99.999% of the paranoids and that last bit of people can still just not use PCs. – AdHominem Feb 03 '16 at 20:28
Qubes is actually a really good OS, too. :] – Mark Buffalo Feb 03 '16 at 20:30
Qubes is good but it had some issues. You should poke around GitHub for the grsec + qubes patches. Or roll your own patch set. That's where it's at. – RibaldEddie Feb 03 '16 at 20:33
@RibaldEddie Got some more information on that? – Mark Buffalo Feb 03 '16 at 20:35
@MarkBuffalo not right now but Google does. – RibaldEddie Feb 03 '16 at 20:43

score 3 · Answer 3 · answered Feb 03 '16 at 20:31

Unless Snowden himself comes here and answers, that part of the question isn't answerable. If you're asking more generally about compartmentalization, then yes it's a good tactic. That's why Qubes-OS is generating interest and controversy, and also maybe why Snowden himself mentions it.

In general if you can use multiple machines and keep them well air-gapped from each other, then only do certain activity on each machine, that is better than doing everything in one machine. Consider the way the classification system works-- you have unclassified, secret, and top secret, plus SCI and NOFORN and other subgroups. You should consider that professional and military agencies rely on compartmentalization as a core tenet of their security practices.

If you have multiple laptops, you can treat each laptop at the classification level that you choose. If you just want to check your email and read slash dot then use a machine that you designate "unclassified". If you have things that you want to keep more secret, use one machine that you designate as "secret" and protect it accordingly.

IMHO anyone interested in security should have figured this out already.

Thanks for the explanation about compartmentalization. However ain't in Snowden's case each document (no matter classification) extremely crucial to keep secure? because no matter classification-level, if you have secret governmental documents on your PC, you're pretty screwed anyway? — O'Niel, Feb 03 '16 at 20:37
@Compartmentalization: I work with classified data every day and it doesn't work like this. If your system is relatively secure, you will always have confidential, open and private data mixed up without creating an issue. Top secret subjects don't possess one top secret laptop, one secret laptop, one confidential laptop and one private. Even if you had, it would definitely make you less secure. — AdHominem, Feb 03 '16 at 20:38
@O'Niel Snowden claims to not have retained any documents. Were that to be true, one would wonder what his so-called [Dead Man's Switch](https://www.schneier.com/blog/archives/2013/07/snowdens_dead_m.html) is. In fact, this doesn't make any sense. His dead man switch gives a lot of people a good reason to kill him. — Mark Buffalo, Feb 03 '16 at 20:54

score 1 · Answer 4 · answered Feb 04 '16 at 05:29

It depends.

One way that can increase security is to have a very isolated machine - not only air gapped, but with an active air moat that attempts to mitigate some of the techniques used to jump air gaps.

No wifi card (physically)
No ethernet card (physically)
No microphone (physically)
No camera (physically)
NEVER plugged into anything that's plugged into an AC outlet
- You run it off of battery connected to a DC-DC power supply by only two wires, like an M2-ATX 6-24V input DC ATX power supply.
- The battery is never connected to power supply and charger at the same time
It has ONLY a DVD drive for input; DVD's are always written once on a different machine, read into the isolated machine, and then shredded immediately after
Nothing ever, ever, ever comes off it. Anything plugged into it stays with it or is shredded/physically destroyed
It has a wired, unlighted (burn the LEDs out) keyboard
It has a wired, unlighted ball mouse
Only powered on in a windowless room with the door shut and no other electronics in the room with lightproof weather sealing around the door (try a closet)
Only powered on when, outside the room, white noise and bright light is being generated

Note that against adversaries that can reconstruct the video of your display from the EM emissions of the monitor, you're more or less out of luck.

Perfect for Mom's chocolate chip cookie recipie!

How can using multiple laptops improve security?

4 Answers4

Linked