• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 471
  • Last Modified:

Workstation Security - Poison Pill

I work with confidential data. I'm interetsted in some special security for a PC with Windows Xp installed. I'm looking for something like a "poison pill", that will delete hard drive data when secuirty has been compromised, or that I can initate in a moments notice. Any ideas?
0
mapalaska2003
Asked:
mapalaska2003
3 Solutions
 
r-kCommented:
I saw this done in a movie once :)

More seriously though, you might want to reconsider the plan.

There are two big problems: (1) What is a compromise and (2) How to erase the data.

(1) We may recognize a compromise when we see it, but will XP do the same?
 The most common compromise may be where someone steals your password, but how will XP know the difference?

(2) Erasing the files. Deleting may not be enough, because as we all know, XP simply modifies the directory, leaving the file contents intact.
A more complete erase may take many, many minutes even on fast disks, giving the savvy intruder plenty of time to stop it by turning the power off, e.g.

All in all it sounds like an accident waiting to happen.

May I suggest that you look into encryption instead? If you go that route, make sure that you have a way to decrypt the data in case passwords are lost, registry is damaged, Windows has to reinstalled, and other similar calamities.
0
 
Rich RumbleSecurity SamuraiCommented:
Yeah, and it's hard for civilians to gain access to thermite to burn the drive at the drop of a hat... r-k brings up some valid points, and a proper response.
Security is a process, not a product. http://www.schneier.com/essay-028.html
Unrecoverable Data erasure can't be done quickly, hence the thermite suggestion :) http://en.wikipedia.org/wiki/Thermit
But seriously: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html   http://en.wikipedia.org/wiki/Gutmann_method

I recommend truecrypt http://www.truecrypt.org/ , again it's recommended by the best of the best in crypto: http://www.schneier.com/blog/archives/2006/05/truecrypt.html
-rich
0
 
maninblac1Commented:
They're both right, but we most certainly need to know what you deem is reasonable compromisation.

I can think of three you might consider, network, physical, and internal.

The network can be solved somewhat simply, a good firewall, plus some NAT work, and a "shutdown on intrusion detection policy", meaning when a machine detects intrusion, it simply turns off, since blocking the ip/subnet may not be effective.  You won't destroy the data, but there is no way your perpetrator is going to get their hands on anything worth while in the few seconds they may have access.

Physical, if the whole computer itself is stolen, total drive encryption as suggested above is the best solution, without the proper key the contents can't be deciphered, this is good if something is stolen.  With this situation there is no consumer level hardware that could break the encryption in any reasonable time frame, the drive can be considered deleted at that point.

And lastly, internal, this is your hardest item to fight.  If a login is compromised, you've got a plethera of problems, and there's very little you can do.  The compromised login can hurt you two ways, from inside and from the outside.  There is little you're going to be able to do if someone is sitting right there at the machine compromising it.  That is next to impossible to thwart, XP does not have the facilities to know the difference, nor does any software, the only way it knows is by prompting for passwords, and if things are compromised, we're going to assume our perpatrator knows about it, and your passwords rendering your protection useless.

If your compromization comes from the outside, that's easier to prevent, by disabling remote access to the machine (not necessarily just remote desktop there are several other ways).

The total destruction of a drive is reasonably possible, but even if you write zeros to the disk....there are theoretical methods of recovering the data on that drive, for general purpose we say it's cleared....but it isn't impossible to recover even after that.

So, i'm going to go along the lines of r-k and say that this is kinda of a movie ideal and we don't see it in non-goverment situations.  And, it takes several minutes to wipe a disk on a government machine, though recent technology has dropped that time to a few seconds, but that kinda of equipment i'm guessing is beyond your means or needs.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now