-1

I thought I read that if my network connections, both wifi/ethernet, are NOT on, that if someone wanted to try and work on hacking my OS, that they would have to wait until the network connection is active, even if my computer and everything connected to it is powered on (firewall, switch, router, etc).

topencrypt
  • 13
  • 4
  • "hacking my OS" - how are they hacking your OS? Over the network? If so, doesn't the question answer itself? – schroeder Sep 18 '19 at 08:36
  • Does "_if someone wanted to try and work on hacking my OS_" imply you think someone may be _specifically_ targeting you? Most attacks are opportunistic: probing ports to see if there's a vulnerability. Turning off networks will, stop "random probes" but – as Overmind says – if someone is attacking _you_ they can monitor connectivity and resume attack when you _are_ on. Also, in cases of a _directed_ attack, it's _conceivable_ that they have some previously exfiltrated (encrypted) files/data: work on cracking those could happen whether you are on-line or not. – TripeHound Sep 18 '19 at 08:37
  • @TripeHound Yes, someone is targeting me. Could you explain in a little more detail: "it's conceivable that they have some previously exfiltrated (encrypted) files/data: work on cracking those could happen whether you are on-line or not". Thanks. – topencrypt Sep 18 '19 at 23:08

2 Answers2

0

Of course you disable all your connection noone will be able to access your system but that does not provide you any protection for when you reconnect.

If someone wants to access your system it will simply wait for the connection to be up and then attempt the access.

So you should not count on such a thing as a primary security measure. It's fine to have for when you're not working on your PC, but should not be treated as a solid security measure.

Further, if your system is already infected with something, your network connections could be reconnected automatically by the malware. And if you can physically remove the wire, in the case of wireless, a malware could just re-enable the adapter and connect to your network via wireless.

Overmind
  • 8,779
  • 3
  • 19
  • 28
  • Thanks. I don't think of it as a solid security measure, but if I feel someone is trying to hack my os, no point in leaving the "network connections active" even if the rest of my system is on. Which brings me to my next question...another thread – topencrypt Sep 18 '19 at 08:15
  • So, based on the answer, I could have my system on 24 hours a day and they can not work on hacking my OS if I do not have an active connection at all during that time. This is my understanding of the answer. Please let me know if this is not correct. Thanks. – topencrypt Sep 18 '19 at 08:21
  • @topencrypt It depends on what your adversary is able to do, and how motivated they are to do that. And the downside, of course, would be that you would not have internet access anymore. –  Sep 18 '19 at 08:26
  • @MechMK1 I would say they are quite motivated. – topencrypt Sep 18 '19 at 23:11
  • That would imply possible access to advanced skills and tools. In that case, the disconnect will only help you make sure nothing is exfiltrated when you're not looking. – Overmind Sep 19 '19 at 06:34
0

The network is not the only attack surface for an attacker. An attacker with physical access to your computer, especially if it is powered on, can also gain a lot of information that way.

For example, an attacker can get access to the memory of your computer, which may contain valuable information. If your hard drive or SSD is not encrypted, it can be removed and duplicated, giving an attacker access to all your data.

If the attacker has prolonged access to your system, they may replace certain hardware with their own. This would be incredibly difficult to detect, even if you suspect that this is what is happening.

Rule #3 of the 10 immutable laws of security states:

If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

  • I think we can exclude physical access as that would defeat the purpose of doing anything else. – Overmind Sep 18 '19 at 08:32
  • @Overmind Just for the sake of completeness –  Sep 18 '19 at 08:35
  • @MechMK1 Physical access is always possible, but not likely as I have my computer under surveillance. – topencrypt Sep 18 '19 at 23:12
  • If you believe that a motivated attacker may have physical access to your computer, then your threat model is quite different than, say, your average Joe, who worries about script kiddies. –  Sep 19 '19 at 07:47
  • @MechMK1 On one hand, physical access is not a main concern, but I have already taken proactive measures for it too. Important related question: as mentioned above, if i do not have a network connection, the os can not be broken into/hacked. What if my desktop comp is fully on all day with no network connections, could an advanced hacker "work on" breaking thru the os to the point that they are just waiting for me to connect, and once i connect, they get thru the os almost immediately? (Sort of like malware on top of a .doc waiting for it to be opened under "rw" so it can write then.) Thx! – topencrypt Sep 27 '19 at 07:16
  • @topencrypt I would ask that in a seperate question –  Sep 27 '19 at 08:14
  • @MechMK1 Ok, thanks. – topencrypt Sep 27 '19 at 08:51