Slashdot Mirror
Increasing Computer Security through Hardware?
Audiostar asks: "I am interested in adding some security to several of my computers, but am unsure as to which product to go with. I would like to use some sort of external security measure, such as a pen drive token or something similar. I had considered custom building a key card and reader to install on all my machines, but once I started thinking about the cost and time of building a card reader for each of my computers it became rather impractical. Does anyone have any suggestions for external locking devices or software? I would prefer something that I could use on both my Windows and Linux machines, but protecting the Windows machines are the top priority. I don't need anything too fancy, just an added layer of protection from the multitude of various people who come in and out of my place of business everyday. I own a 128mb flash disk watch, so possibly using that as a token would be both easy and geek chic. Any suggestions on what to install?"
Use a password to log in. And set your screensaver to activate, with a password, after a short amount of time.
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
I don't need anything too fancy, just an added layer of protection from the multitude of various people who come in and out of my place of business everyday.
Really fucking big neodynium magnet installed in the door frame of the entrance to your office.
(Shamelessly stolen from Cryptonomicon. I guess Neal Stephenson should have used a bigger magnet.)
Opinions on the Twiddler2 hand-held keyboard?
Don't use the watch. You'll smack it against something, and then you're screwed. Ditto for a generic USB flash drive, unless you're sure it's bulletproof. Get something reliable, or don't get anything. If you want to be sure you're covered, buy three of whatever it is. Keep one handy, one in a fireproof safe/lockbox on the premises, and one at home. If your only hardware key gets hosed, so do you.
Oh, and KISS. You're right; the cardkey isn't practical, and not just because it'd be difficult/expensive to build. It would probably also be something prohibitively difficult to troubleshoot, should you have problems later. Then you have to call a specialist, and hope he's A) cheap and B) can figure out how to solve your custom-built (and therefore, proprietary) hardware problem. You're probably on the right track with small, removable hardware. Just make sure it's also reliable, or it's useless.
Fritz is a secure cryptoprocessor that implements the trusted computing scheme on personal computers. It uses public key cryptography for the processes communicating amongst themselves. So it would always be helpful unless the security measure is broken by an exact match comprosimed Fritz Chip. ( Which would ofcourse need some quantum computing cycles). So we can assume that it cannot be compromized till date. M$ has plans to incorporate Fritz Chip in the next OS,Longhorn.
Senthil
Check out the Securikey on ThinkGeek. I'm not sure if someone's written Linux drivers for it, but there's your hardware level -- and it's two-factor.
Matthew G P Coe
http://mgpcoe.blogspot.com/
This hardware encrypted hard drive might be part of what you're looking for.
My Web Page
i downloaded Float's Mobile Agent and noticed that with the bluetooth connection, there is an option to automatically lock the workstation when your phone is out of (bluetooth) range. i haven't used it myself, but it looks kinda handy - the number of times i have remembered to pick up my mobile, but not lock the workstation.
:)
and if you really want to make your pc hardware secure, have you tried padlocking it to the wall?
Keep the important stuff on an external HDD, and handcuff it to your wrist.
(Note: this is not meant to be a constructive idea)
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
How does that connect to your computer? USB? Serial? Ethernet?
Is it supported in Linux?
Need a Catering Connection
Audiostar asks: "I am interested in adding some security to several of my computers, but am unsure as to which product to go with...
Er, what sort of security?
A simple bios boot password will prevent the computer-naive from accessing your machine.
GnuPG under Windows and the unix clones will allow you to encrypt/decrypt and digitally sign files.
The unix clones tend to be able to encrypt their entire filesystem by whatever algorythm you want. NTFS claims some sort of filesystem encryption as well, but I'm unfamiliar with the mechanism and thus won't recommend it.
OpenBSD has encrypted swap and tends to be tops on the 'utterly paranoid' scale.
How about you tell us what you are trying to do exactly, and we'll tell you the best solution.
You didn't tell us -- are you protecting against vandalism (some clown messing
up the settings, deleting stuff, whatever) or against information theft? The
solution will be completely different.
To protect against vandalism, nothing beats nightly offsite backups, nothing.
To protect against information theft, how about storing the informationg in
question on an external device that you keep on your person? Then when they
go to steal it, it's not there. Hard to beat that.
Cut that out, or I will ship you to Norilsk in a box.
Abit makes a product that sits between the IDE port on your motherboard and the hard drive. It encrypts all of the data on-the-fly and requires a small dongle to be plugged in externally to work. Combine that with a good case lock, and you should be all set.