Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking?

Posted by BeauHD on from the safety-first dept.

dryriver writes: A client has given you confidential digital files containing a design for a not-yet-public consumer product. You need to work on those files on a Windows 10 PC that has a wireless chipset built into it. What can you do, assuming that you have to work under Windows 10, that would make 3rd party wireless access to this PC difficult or impossible? I can imagine that under a more transparent, open-source, power-user OS like Linux, it would be a piece of cake to kill all wireless access completely and reliably even if the system contains wireless hardware. But what about a I-like-to-phone-home-sometimes, non open-source OS like Windows 10 that is nowhere near as open and transparent? Is there a good strategy for making outside wireless access to a Windows 10 machine difficult or impossible?

7 of 140 comments (clear)

  1. Two options immediately suggest themselves: by Chris+Mattern · · Score: 4, Interesting

    1) Don't set up an access point. If you still need an access point, set up a encrypted one (which you should do anyways) and don't give the isolated PC the keys. WiFi isn't magic; if there's no place for it to go, it's not going to go anywhere.

    2) Put a Faraday cage around the antenna. This could be as simple as wrapping it in foil.

    1. Re:Two options immediately suggest themselves: by peragrin · · Score: 5, Interesting

      Exactly. My Samsung smart TV would randomly turn on the wireless and try to communicate outside. When I first set it up I used wifi, realized how stupid it was and switched it to the wired connection, which then was left unplugged.

      I upgraded my router and was screwing around when I noticed a new device was connecting( I used the same SSID and WPA key in both). After shutting everything down I turned on the TV and checked, wifi off,. I turned on wifi and bam. Same Mac address as my mystery guest. That was promptly banned. No wifi for you sneaky TV.

      So even if you give a device access the only way to be sure is to disconnect it thoroughly.and software can be sneaky.

      --
      i thought once I was found, but it was only a dream.
  2. Bios settings by smylie · · Score: 5, Insightful

    Most (all excluding Apple?) laptops wil allow you to turn off / disable the wireless chipset in the bios. Many also have a physical kill switch on the side of the case.

    Barring some wikileaks sort of tomfoolery from the CIA, this should stop any network access (assuming you also don't plug in a network cable).

  3. If you're that paranoid.. by nawcom · · Score: 4, Informative

    .. and disabling the device in Windows 10 or the BIOS isn't enough, then just remove the wireless card. If by PC you mean desktop PC, unless it's a USB wifi chip soldered onto the motherboard, it'll be a typical miniPCIe or M.2 card. Remove it. For laptops a physical switch or hotkey for disabling the wifi card at the firmware level is common, but the same goes for that. They're not soldered onto the board (with some very rare exceptions) - they're miniPCIe or M.2 cards that are removable. Whether they're easily accessible varies by laptop model, but they're still removable.

  4. Probelm identifaction by buss_error · · Score: 4, Informative

    on a Windows 10 PC First problem

    that has a wireless chipset built into it Second problem.

    1. Don't work on sensitive issues using Windows of any version. Explore a windows VM under a more secure hypervisor where the guest cannot override the host on hardware or network issues.

    2.Don't work on sensitive issues using a system with communications ability that does not use a verified hardware kill switch. EG: Avoid systems that use software to check the hardware switch to disable. Use hardware that uses a hardware switch to either kill power to that subsystem or uses an NMI to prevent function.

    3. Build a Faraday cage room for sensitive work stations. There are government manuals on how to create TEMPEST spaces.

    Sound hard? Somewhat. But then again, security, real security, isn't trivial.

    --
    Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
  5. Re:Trump by TWX · · Score: 4, Funny

    Okay, I'll take a shot...

    Maybe that orange mass on his head isn't hair. Maybe it's a finely woven copper Faraday cage.

    --
    Do not look into laser with remaining eye.
  6. Re:Virtualization by scdeimos · · Score: 5, Informative

    I was going to suggest VirtualBox as well.

    I routinely install Windows into VirtualBox guests that have no virtual LAN adapters configured (i.e.: no network access). The guests can only access: inserted optical discs and/or .iso files; authorized USB sticks; persistent/non-persistent VirtualBox shares.

    The big downside, though, is accelerated graphics:

    • You pay a significant penalty for DirectX under VirtualBox.
    • The video drivers installed with VirtualBox Guest Additions have OpenGL support limited to API Level 2.1, so you can't run anything that requires OpenGL 3 or better.
    • The VBGA OpenGL driver implementation is also really quite flakey. e.g.: Blender won't work with it, but can be made to work if you download the OpenGL Software Driver from the Blender FTP site. Of course this horribly slow because, you know, no hardware acceleration.
    • Also the VBGA OpenGL drivers are disabled by default for Windows 8 or later guests. You can enable them by running the Guest Additions installer from the command line with switches and/or Registry hacks.