Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Workstation Security - Poison Pill

Posted on 2006-06-21
5
Medium Priority
?
467 Views
Last Modified: 2013-12-04
I work with confidential data. I'm interetsted in some special security for a PC with Windows Xp installed. I'm looking for something like a "poison pill", that will delete hard drive data when secuirty has been compromised, or that I can initate in a moments notice. Any ideas?
0
Comment
Question by:mapalaska2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 672 total points
ID: 16956164
I saw this done in a movie once :)

More seriously though, you might want to reconsider the plan.

There are two big problems: (1) What is a compromise and (2) How to erase the data.

(1) We may recognize a compromise when we see it, but will XP do the same?
 The most common compromise may be where someone steals your password, but how will XP know the difference?

(2) Erasing the files. Deleting may not be enough, because as we all know, XP simply modifies the directory, leaving the file contents intact.
A more complete erase may take many, many minutes even on fast disks, giving the savvy intruder plenty of time to stop it by turning the power off, e.g.

All in all it sounds like an accident waiting to happen.

May I suggest that you look into encryption instead? If you go that route, make sure that you have a way to decrypt the data in case passwords are lost, registry is damaged, Windows has to reinstalled, and other similar calamities.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 664 total points
ID: 16956819
Yeah, and it's hard for civilians to gain access to thermite to burn the drive at the drop of a hat... r-k brings up some valid points, and a proper response.
Security is a process, not a product. http://www.schneier.com/essay-028.html
Unrecoverable Data erasure can't be done quickly, hence the thermite suggestion :) http://en.wikipedia.org/wiki/Thermit
But seriously: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html   http://en.wikipedia.org/wiki/Gutmann_method

I recommend truecrypt http://www.truecrypt.org/ , again it's recommended by the best of the best in crypto: http://www.schneier.com/blog/archives/2006/05/truecrypt.html
-rich
0
 
LVL 9

Assisted Solution

by:maninblac1
maninblac1 earned 664 total points
ID: 16965183
They're both right, but we most certainly need to know what you deem is reasonable compromisation.

I can think of three you might consider, network, physical, and internal.

The network can be solved somewhat simply, a good firewall, plus some NAT work, and a "shutdown on intrusion detection policy", meaning when a machine detects intrusion, it simply turns off, since blocking the ip/subnet may not be effective.  You won't destroy the data, but there is no way your perpetrator is going to get their hands on anything worth while in the few seconds they may have access.

Physical, if the whole computer itself is stolen, total drive encryption as suggested above is the best solution, without the proper key the contents can't be deciphered, this is good if something is stolen.  With this situation there is no consumer level hardware that could break the encryption in any reasonable time frame, the drive can be considered deleted at that point.

And lastly, internal, this is your hardest item to fight.  If a login is compromised, you've got a plethera of problems, and there's very little you can do.  The compromised login can hurt you two ways, from inside and from the outside.  There is little you're going to be able to do if someone is sitting right there at the machine compromising it.  That is next to impossible to thwart, XP does not have the facilities to know the difference, nor does any software, the only way it knows is by prompting for passwords, and if things are compromised, we're going to assume our perpatrator knows about it, and your passwords rendering your protection useless.

If your compromization comes from the outside, that's easier to prevent, by disabling remote access to the machine (not necessarily just remote desktop there are several other ways).

The total destruction of a drive is reasonably possible, but even if you write zeros to the disk....there are theoretical methods of recovering the data on that drive, for general purpose we say it's cleared....but it isn't impossible to recover even after that.

So, i'm going to go along the lines of r-k and say that this is kinda of a movie ideal and we don't see it in non-goverment situations.  And, it takes several minutes to wipe a disk on a government machine, though recent technology has dropped that time to a few seconds, but that kinda of equipment i'm guessing is beyond your means or needs.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question