Solved

Workstation Security - Poison Pill

Posted on 2006-06-21
5
446 Views
Last Modified: 2013-12-04
I work with confidential data. I'm interetsted in some special security for a PC with Windows Xp installed. I'm looking for something like a "poison pill", that will delete hard drive data when secuirty has been compromised, or that I can initate in a moments notice. Any ideas?
0
Comment
Question by:mapalaska2003
5 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 168 total points
ID: 16956164
I saw this done in a movie once :)

More seriously though, you might want to reconsider the plan.

There are two big problems: (1) What is a compromise and (2) How to erase the data.

(1) We may recognize a compromise when we see it, but will XP do the same?
 The most common compromise may be where someone steals your password, but how will XP know the difference?

(2) Erasing the files. Deleting may not be enough, because as we all know, XP simply modifies the directory, leaving the file contents intact.
A more complete erase may take many, many minutes even on fast disks, giving the savvy intruder plenty of time to stop it by turning the power off, e.g.

All in all it sounds like an accident waiting to happen.

May I suggest that you look into encryption instead? If you go that route, make sure that you have a way to decrypt the data in case passwords are lost, registry is damaged, Windows has to reinstalled, and other similar calamities.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 166 total points
ID: 16956819
Yeah, and it's hard for civilians to gain access to thermite to burn the drive at the drop of a hat... r-k brings up some valid points, and a proper response.
Security is a process, not a product. http://www.schneier.com/essay-028.html
Unrecoverable Data erasure can't be done quickly, hence the thermite suggestion :) http://en.wikipedia.org/wiki/Thermit
But seriously: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html   http://en.wikipedia.org/wiki/Gutmann_method

I recommend truecrypt http://www.truecrypt.org/ , again it's recommended by the best of the best in crypto: http://www.schneier.com/blog/archives/2006/05/truecrypt.html
-rich
0
 
LVL 9

Assisted Solution

by:maninblac1
maninblac1 earned 166 total points
ID: 16965183
They're both right, but we most certainly need to know what you deem is reasonable compromisation.

I can think of three you might consider, network, physical, and internal.

The network can be solved somewhat simply, a good firewall, plus some NAT work, and a "shutdown on intrusion detection policy", meaning when a machine detects intrusion, it simply turns off, since blocking the ip/subnet may not be effective.  You won't destroy the data, but there is no way your perpetrator is going to get their hands on anything worth while in the few seconds they may have access.

Physical, if the whole computer itself is stolen, total drive encryption as suggested above is the best solution, without the proper key the contents can't be deciphered, this is good if something is stolen.  With this situation there is no consumer level hardware that could break the encryption in any reasonable time frame, the drive can be considered deleted at that point.

And lastly, internal, this is your hardest item to fight.  If a login is compromised, you've got a plethera of problems, and there's very little you can do.  The compromised login can hurt you two ways, from inside and from the outside.  There is little you're going to be able to do if someone is sitting right there at the machine compromising it.  That is next to impossible to thwart, XP does not have the facilities to know the difference, nor does any software, the only way it knows is by prompting for passwords, and if things are compromised, we're going to assume our perpatrator knows about it, and your passwords rendering your protection useless.

If your compromization comes from the outside, that's easier to prevent, by disabling remote access to the machine (not necessarily just remote desktop there are several other ways).

The total destruction of a drive is reasonably possible, but even if you write zeros to the disk....there are theoretical methods of recovering the data on that drive, for general purpose we say it's cleared....but it isn't impossible to recover even after that.

So, i'm going to go along the lines of r-k and say that this is kinda of a movie ideal and we don't see it in non-goverment situations.  And, it takes several minutes to wipe a disk on a government machine, though recent technology has dropped that time to a few seconds, but that kinda of equipment i'm guessing is beyond your means or needs.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
unsigned drivers windows 20 44
Windows Folder Permissions 7 80
Mitigation for Win 10 user account bypass 8 83
deny local logon 12 63
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now