0

What steps need to be taken to protect a computer from quick attacks that involve physical access?

(Note unlike this question, I'm primarily interested in stopping the attacks, not detecting them; also I'm only interested in very time limited attacks in this question)

The scenario is protecting my devices (laptops, desktops, mobiles) from stealthy "drive by" attacks in semi-trusted environments. Quick in this context is < ~30 seconds. In particular I consider this to exclude any attacks that involve opening the case. A couple of real-world scenarios for context:

  • Laptop on table in café whilst at the counter
  • Desktop at home when potentially untrusted people could have brief access whilst I'm out of the room

I'm mostly interested in anything that compromises integrity, but confidentiality of data stored in memory (volatile or non-volatile) is also of interest. Don't care about availability, as I have an attack in mind.

Please be clear on any differences between Windows and Linux (recent Ubuntu, if it's relevant).

I have a few things in mind already, but have some questions about some of them.

  • Account logins + screen lock of some kind is a prerequisite
  • Thunderbolt, Firewire and ExpressCard/PCMCIA allow Direct Memory Access so should be disabled. Can anything be done if you don't want to disable one of the interfaces?
  • Disable autorun on Windows so you can't run executables from storage devices (anything equivalent to do on Ubuntu? Does this apply to Windows 7 + 8?)
  • If I've got a separate keyboard / mouse, physical key-loggers are going to be a problem.
  • Any storage devices (e.g. USB sticks, external HDs, SD cards) could be swapped out / briefly accessed and (pre-determined) interesting files copied
  • For touchscreen devices, I can assume any unlock pattern and potentially pin could have been stolen, but probably minimal time to make use of it if this was the first visit.
  • Ditto for fingerprint unlock devices (definitely no time to reproduce it if this is the first time a fingerprint has been obtained)

Do I need to worry about Windows automatically installing device drivers for certain classes of device - e.g. a USB device that pretends to be a printer and provides its own device driver?

Community
  • 1
Michael
  • 2,118
  • 15
  • 26
  • 1
    @Rook, that question is specifically about detecting physical attacks in general (tamper evidence); I'm looking for how to *stop* a much more focussed class of attacks. – Michael Oct 28 '13 at 19:34
  • 1
    This question may not technically be a duplicate of the linked question, but there's several others across Sec.SE or SuperUser which *are* duplicates. Any answer that's good for long-term protection against physical attack is just as effective against the "30-second attack". Besides that, limiting your scope to "30-second attacks" is far from realistic. Nearly every system in the world, and much more so for laptops that will be going to cafes or desktops sitting at home, will have at least one (if not dozens or hundreds) point in its life where it is physically vulnerable for >30s. – Iszi Oct 31 '13 at 13:16
  • 1
    Here's a few questions from across Sec.SE & SuperUser which generally equate to "How do I protect my computer from attacks involving physical access?". These probably aren't the only ones - just the ones I've answered myself. [How can I prevent someone from accessing a Windows XP system via boot disk?](http://security.stackexchange.com/q/2463/953) [How can I prevent my kids from bypassing my computer restrictions?](http://security.stackexchange.com/q/9286/953) [Methods for protecting computer systems from physical attacks](http://security.stackexchange.com/q/10354/953) – Iszi Oct 31 '13 at 13:24
  • 1
    And the one from SU: [How to secure my Windows 7 PC?](http://superuser.com/q/222080/50086) – Iszi Oct 31 '13 at 13:25

0 Answers0