12

I am currently investigating using Linux Laptops for my development team. We currently run Windows. The one advantage that keeps coming up for Windows over Linux from a system administration / security perspective is the fact that if a laptop is stolen, it can be remotely wiped upon boot.

I have been trying to find information on this capability for Linux based workstations, but I have come up empty handed. Do any of you use Linux in an Enterprise environment on Workstations and if so, has this been a requirement that you have solved? I'm not sure where else to look.

Thank you

rbieber
  • 121
  • 1
  • 5
  • Are you sure this can be done on boot ? because you need at least a remote connexion to the laptop to be able tell that you want a remote wipe. So I guess this would be done after boot while the laptop is on "login" state ... but as file carving tools are now very efficient, wouldn't it be better to consider encryption of the hard drives ? – noktec Feb 23 '12 at 13:58
  • 2
    Continuing what @noktec mentioned, even for Windows, the remote wipe capabilities are, well... limited. Given an ideal set of circumstances, sure the laptop will be wiped - but it is easy for a smart attacker to prevent that, and thus prevent the wipe. That would only work either for a clueless attacker, or one that is willing to play by your rules :) – AviD Feb 23 '12 at 14:14
  • Oh, and btw - welcome to [security.se]! I hope you stick around, these are interesting requirements. – AviD Feb 23 '12 at 14:15
  • 1
    I would suggest taking a look at [Protecting a Laptop from Simple and Sophisticated Attacks](https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks). It's probably the best introduction to laptop security I've seen. – Gerry Feb 23 '12 at 14:19
  • @notec I might have misstated the question, but yes, my assumption is that it would have to happen after startup - not at boot - as the communication of the wipe command would have to be sent over the internet. – rbieber Feb 23 '12 at 15:13
  • @notec I think we have an idea on the disk encryption - this is also a requirement. However, the argument is that our Windows machines are able to be remotely wiped and we do not have that capability on Linux right now. While there is an argument that someone worth their weight wouldn't boot the machine to access the data, but mount the disk as a secondary drive, the remote wipe capability is still a requirement by our security department - hence the question. There is little information about Linux on Laptops taking into account enterprise security requirements that I've found. – rbieber Feb 23 '12 at 15:16
  • 8
    you should look for some kind of whole disk encryption solutions supported on Linux... –  Feb 23 '12 at 13:17
  • 1
    I think we have that - but the remote wipe capability is still a barrier. – rbieber Feb 23 '12 at 13:30
  • 5
    Why would you need remote wipe on boot if you have whole disk encryption? If the laptop is stolen while the data is unlocked you're SOL, and if you don't trust the encryption then what's to stop someone transferring the data to another computer before cracking it, without ever rebooting or connecting to the Internet? – l0b0 Feb 23 '12 at 13:38

4 Answers4

16

I've had a look and I think this question provides some interesting options. I'll summarise them here:

  • dd if=/dev/zero of=/dev/sdaX copies zeros over your whole disk. rm -rf --no-preserve-root / recursively deletes all files on a disk, overriding the rm -rf / warning on systems where that is enabled. If you can get to a box via ssh, running the dd variant should pretty effectively destroy your disk.
  • The grub option is interesting in that it gives you VNC access - however it would likely be obvious to the attacker that you're launching VNC - they'd need to hit the right grub option for starters! A hidden grub menu with the real launch entry might suffice... but we're talking about trickery.
  • This AskUbuntu question deals with this issue too, recommending a solution.

If you're prepared to do some work yourself, you could configure a very-early-stage init entry with sysvinit or whatever your system uses - check a url you control e.g. https://remotecheck.yourcompany.com and if the device is stolen, begin a wipe.

The ultimate problem with any remote wipe solution is invoking it - you need to be able to access the device. The reason I mention using a custom init-invoked job is that it is more likely you'll have access out than direct or known access in - i.e. if the attacker is behind a router at their base of operations, chances are good that outbound connections are allowed and much lower that they have an IP you can bind to and allow incoming connections on.

Of course, none of these solutions actually guarantee anything - if the attacker knows how they work they can just turn them off. A solution mentioned in comments is to use disk encryption, which will make the disk unreadable under these caveats:

  • the whole disk is encrypted - otherwise your software might write to unencrypted areas.
  • the system is powered off or for example luksSuspend -wipe has been run to remove the keys from memory.
  • the attacker has had no way to observe the key entry prior to stealing the device.

Honestly - I'd go with disk encryption.

Community
  • 1
7

The data may be protected by encrypting the hard disk with Truecrypt for example but this is not enough...

EDIT: check the important comment of Oliver Salzburg about the difference between HD vs Data encryption.

I think the best way to protect and, sometimes, to recover, a stolen laptop is to use an application dedicated for this purpose such as Prey or LoJack. LoJack for example use some low level features in some laptop model to protect it even the hard disk is removed... This is called a "persistence module" installed in some computers models.

Check at Absolute Software web site for a list of computers/models with this technology.

Also look at (for example):

LoJack: http://www.absolute.com/en/lojackforlaptops/home.aspx

Prey: http://preyproject.com/

Hope this help. Let us know.

  • You're welcome. :) –  Feb 23 '12 at 13:53
  • 2
    In fact, it may be more desirable to not encrypt the OS hard drive, so that the operating system (and Prey) can run if the laptop is stolen. This might allow you to track down the device. You should still make sure your *data* is encrypted though. – Oliver Salzburg Feb 23 '12 at 13:57
  • Thank you for this information about Prey and crypted HD vs encrypted data. –  Feb 23 '12 at 14:05
  • A friend also recommended looking at [Intel Active Management Technology](http://www.intel.com/technology/platform-technology/intel-amt/) – rbieber Mar 15 '12 at 16:40
3

Just a quick option I'll throw out there: have it create an SSH tunnel on boot.

You'll have full control over all it's resources as long as it has an internet connection from work. Need to wipe it? Wipe it. Need to grab a file from someone out of the office? Install software? Mount a server resource for them? Install VNC and punch another tunnel and remote assist them.

I believe you can edit a sshd config file so that on tunnel creation with a specific PC you can automate a wipe and log that it's been done.

If anyone else thinks a good idea, I guess we can start poking around as to the viability of it.

Of course if you have full disk encryption, they'll have to boot into the OS to get to this point (as it is now, with Windows, you cannot wipe them until they've cracked your disk encryption, which likely means they've already cloned everything... if you're doing full disk encryption anyway).

StrangeWill
  • 1,603
  • 8
  • 13
0

I use LUKS to encrypt entire hard disk.

If you install Scientific Linux 6 or recent Fedora, you can find a check box to encrypt it. It will require a passphrase at startup.

kamae
  • 99
  • 1