7

I'm sure many of you have probably seen (online or in-person) the DEFCON 18 presentation, demonstrating what can happen if you steal a hacker's computer. For those who haven't, the link is below. It's quite an entertaining presentation.

(Warning: Video may be NSFW/NSFLE due to offensive language and some censored, full nudity.)

http://www.youtube.com/watch?v=U4oB28ksiIo

The video demonstrates how, after having his desktop computer stolen, one hacker used a combination of DynDNS updates and remote access services to recover the system and some data. However, as the presenter admits himself, this is only possible through leaving open what some may consider major security holes.

  • The hard drive was not encrypted.
  • The thief was able to use the system without authentication & authorization.
  • Remote access services present a larger attack surface.

Had the system been secured more thoroughly, his data would have been very well protected. However, he would not have been as likely to recover the hardware. Hardware is something that directly equates to cold, hard cash. Data on the other hand, especially data that has been properly backed up to off-site storage, has less of a direct impact on one's bottom line - particularly for home users. In corporate environments, data theft can be a huge fiasco. However, for average Joe User, the risk can range from mild inconvenience to still-mostly-preventable identity theft, or just a general loss of some privacy.

How could one weigh the pros of hardware recovery against the cons of data loss, or vice-versa? Are there particular scenarios where each protection scheme particularly outweighs the other? Can there be a good compromise between the two - a scenario in which all of your data is tightly guarded, but your system is configured to be easily trackable?

AviD
  • 72,138
  • 22
  • 136
  • 218
Iszi
  • 26,997
  • 18
  • 98
  • 163
  • 1
    My laptop's hard-drive is fully encrypted so the data on it is safe from thieves and the such. However, I still have Prey (tracker) installed on it with an open access Guest account because I always keep my laptop on standby - this means that if my laptop was to be stolen, it will most definitely be in the standby state, unencrypted. This gives me the advantage of tracking it down **if** the thief was to *just* power it on and access the guest account. It also gives me the advantage of having the HDD encrypted if the thief was to shut it down or take the battery out. That is my compromise. – emtunc Jun 05 '11 at 08:34
  • This seems too subjective to me as is, since you present a range of possible requirements. I wonder how an answerer will know what answer you're likely to accept. I suggest presenting a clear scenario and asking for the best configuration to meet your requirements. – nealmcb Jun 05 '11 at 16:56
  • 1
    @emtunc I suggest changing that comment to an answer - its good (depending on what the actual question requirements are....) – nealmcb Jun 05 '11 at 16:57
  • @nealmcb thanks Neal, I have posted as an answer with more details along with a pros/cons conclusion. – emtunc Jun 05 '11 at 18:19

4 Answers4

6

In general, since I don't have a specific case to look at, you simply need to answer the question:

Which is worth more to you?

Where worth is defined however you like. Hardware is expensive and data is cheap monetarily, so let me expand and consider two use-case scenarios:

  • You're working on something ground-breaking/commercially sensitive. Having your data stolen is going to be a problem because this data is very, very important to your future profitability. In which case, if somebody steals your laptop, that's expensive, but not nearly as critical as losing that all important latest mix, or whatever.
  • You're a bog standard home user. You've got doc1.doc files all over your hard disk, but most of them contain "Photos of the cat aged 3 1/4" or "That funny email from dave!!!11". You've got a few saved games you'd rather not lose and a bookmark to your favourite lolcat. This is not really critical to you.

Clearly I am choosing two fairly contrived extremes, but the point holds. In either case, the security measures you apply should be appropriate to the risk you're trying to mitigate. If you don't hold much data of any significant interest or value on your computer, you should do enough to ensure you can trust your system to do whatever it is you want to do. If you do process information you think is pretty valuable, start adding encryption and the like into the mix.

5

Following Neal's suggestion, I am adapting my earlier comment in to an answer... with a bit more detail which is hopefully easier to understand :-)

My laptop's hard-drive is fully encrypted so the data on it is safe from thieves and the such.

However, I still have Prey (tracker) installed on it with an open access Guest account because I always keep my laptop on standby - this means that if my laptop was to be stolen, it will most definitely be in the standby state, in an unencrypted state(!).

This gives me the advantage of tracking it down if the thief was to just power it on and access the guest account. It also gives me the advantage of having the HDD encrypted if the thief was to shut it down or take the battery out. That is my compromise... a compromise which comes with several advantages and disadvantages.

Pros:

  • Full volume encryption so all data is protected if laptop is ever powered down
  • Guest (standard, non-admin) account has no access to my user directory or any other for that matter
  • If all goes well, (this is also a negative as I will explain below) the thief will play around on the Guest account long enough for me to get several reports back from the tracker with a location, picture and other potentially useful information

Negatives:

  • My compromise pretty much relies on a 'typical', not-so-smart thief (which most of them are thankfully :))... a thief that won't be looking for hacks and other privilege escalation exploits which could potentially leave my files open for access.
  • If laptop is powered down straight away then I have no way of tracking the laptop... however, see point 1 on the positives list :)
emtunc
  • 165
  • 1
  • 5
  • Thanks. So you encrypt the whole disk, including OS, and an attacker can't boot without the encryption key/password? What disk encryption do you use for that? Vs. coming out of suspend you only have normal access control protections. – nealmcb Jun 05 '11 at 18:33
  • @nealmcb I use TrueCrypt but I know it also works with Jetico Volume Encryption. The entire disk is encrypted with a password. As long as you go in to standby where the running config of the system are stored in RAM, you're good to go. It will not work in Hibernate mode as the running config is stored back on disk which means that it goes through the boot process and hence you will be asked for your encryption key/password. – emtunc Jun 05 '11 at 19:27
2

Try taking a tiered approach. Data comes in a variety of types and demands.

There is:

  • data you don’t care about (man page for UUCP),
  • data you would like to have but won’t spend significant resources to retrieve (photos from the company picnic),
  • data that you need but won’t break the bank to retrieve (your personal script archive),
  • and data you can’t live without (stackexchange password).

Also with data need comes availability:

  • data you need by a certain date this year (i.e. for income taxes),
  • data you need this month (i.e. end of the month financials),
  • data you need this week (everyone’s availability for on-call shifts next week),
  • and Data you need now (config files to run your primary application),

Protect the data as it appropriate to its type and availability. If you are managing your data correctly, you don’t care about the laptop hardware (except for its replacement cost), because your data’s confidentially is protected (with encryption), and its availability is protected (with backups).

For example, data I need now and can’t live without I keep on an encrypted USB flash drive, and make multiple backups on other USB flash drives. Data I need in the next month or later I keep on encrypted backups in offsite storage.

this.josh
  • 8,843
  • 2
  • 29
  • 51
2

Though you're asking a specific scenario, it's not such an uncommon dilemma: how to solve conflicting CIA requirements.

Often systems will have strict availability requirements, in addition to confidentiality/integrity. These will have to be compared to each other, and a sensible tradeoff made.
This same tradeoff is basically the one you're looking for here, though part of "availability" in this case is recoverability of the physical hardware.

First step is mapping out the value (to you) of each of the at-risk resources: cost of replacing the physical hardware, the time and hassle of not having the hardware until it's replaced, loss of the different types of data, secrecy of different types of data you have (e.g. passwords, documents, email, pictures... etc)...

After you map out all these (@Ninefingers has some more pointers on this, as does @this.josh), you can start evaluating which tradeoff works for you.

You can then layer on additional technical safeguards, to enhance the tradeoff in the direction you want (and at the cost that makes sense for you). @emtunc's answer notes several good solutions here.

Bottom line, thats what risk management is about - finding sensible tradeoffs, at the right cost.

AviD
  • 72,138
  • 22
  • 136
  • 218