Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Workstation Security - Poison Pill

Posted on 2006-06-21
5
Medium Priority
?
468 Views
Last Modified: 2013-12-04
I work with confidential data. I'm interetsted in some special security for a PC with Windows Xp installed. I'm looking for something like a "poison pill", that will delete hard drive data when secuirty has been compromised, or that I can initate in a moments notice. Any ideas?
0
Comment
Question by:mapalaska2003
5 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 672 total points
ID: 16956164
I saw this done in a movie once :)

More seriously though, you might want to reconsider the plan.

There are two big problems: (1) What is a compromise and (2) How to erase the data.

(1) We may recognize a compromise when we see it, but will XP do the same?
 The most common compromise may be where someone steals your password, but how will XP know the difference?

(2) Erasing the files. Deleting may not be enough, because as we all know, XP simply modifies the directory, leaving the file contents intact.
A more complete erase may take many, many minutes even on fast disks, giving the savvy intruder plenty of time to stop it by turning the power off, e.g.

All in all it sounds like an accident waiting to happen.

May I suggest that you look into encryption instead? If you go that route, make sure that you have a way to decrypt the data in case passwords are lost, registry is damaged, Windows has to reinstalled, and other similar calamities.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 664 total points
ID: 16956819
Yeah, and it's hard for civilians to gain access to thermite to burn the drive at the drop of a hat... r-k brings up some valid points, and a proper response.
Security is a process, not a product. http://www.schneier.com/essay-028.html
Unrecoverable Data erasure can't be done quickly, hence the thermite suggestion :) http://en.wikipedia.org/wiki/Thermit
But seriously: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html   http://en.wikipedia.org/wiki/Gutmann_method

I recommend truecrypt http://www.truecrypt.org/ , again it's recommended by the best of the best in crypto: http://www.schneier.com/blog/archives/2006/05/truecrypt.html
-rich
0
 
LVL 9

Assisted Solution

by:maninblac1
maninblac1 earned 664 total points
ID: 16965183
They're both right, but we most certainly need to know what you deem is reasonable compromisation.

I can think of three you might consider, network, physical, and internal.

The network can be solved somewhat simply, a good firewall, plus some NAT work, and a "shutdown on intrusion detection policy", meaning when a machine detects intrusion, it simply turns off, since blocking the ip/subnet may not be effective.  You won't destroy the data, but there is no way your perpetrator is going to get their hands on anything worth while in the few seconds they may have access.

Physical, if the whole computer itself is stolen, total drive encryption as suggested above is the best solution, without the proper key the contents can't be deciphered, this is good if something is stolen.  With this situation there is no consumer level hardware that could break the encryption in any reasonable time frame, the drive can be considered deleted at that point.

And lastly, internal, this is your hardest item to fight.  If a login is compromised, you've got a plethera of problems, and there's very little you can do.  The compromised login can hurt you two ways, from inside and from the outside.  There is little you're going to be able to do if someone is sitting right there at the machine compromising it.  That is next to impossible to thwart, XP does not have the facilities to know the difference, nor does any software, the only way it knows is by prompting for passwords, and if things are compromised, we're going to assume our perpatrator knows about it, and your passwords rendering your protection useless.

If your compromization comes from the outside, that's easier to prevent, by disabling remote access to the machine (not necessarily just remote desktop there are several other ways).

The total destruction of a drive is reasonably possible, but even if you write zeros to the disk....there are theoretical methods of recovering the data on that drive, for general purpose we say it's cleared....but it isn't impossible to recover even after that.

So, i'm going to go along the lines of r-k and say that this is kinda of a movie ideal and we don't see it in non-goverment situations.  And, it takes several minutes to wipe a disk on a government machine, though recent technology has dropped that time to a few seconds, but that kinda of equipment i'm guessing is beyond your means or needs.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month12 days, 16 hours left to enroll

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question