[NBLUG/talk] How do you handle physical device passwords?

Alan n1al at sonic.net
Tue May 9 10:52:10 PDT 2017 

I have two computers sitting side-by-side on my desktop.  The Windows 7 
computer, which has all my important stuff, has no physical connection 
to the Internet so it is immune to hacking.  A side benefit is that it 
still boots up and runs just as fast as the day I bought it.


The other computer, that connects to the Internet, runs Ubuntu Linux.  
The only physical connection between the two computers is the KVM 
switch.  I use "sneakernet" (USB thumb drive) if I need to download 
something from the Internet to the Windows computer.


The Linux computer is actually dual-boot with Windows XP in case I need 
to run some Windows software that absolutely requires an Internet 
connection.


Alan Bloom



On 05/09/2017 09:45 AM, Kevin Ablett wrote:
> i am running Windows 7 on my development computer.  I have no password 
> and no virus protection.  I have never had a problem.  How do I get 
> away with this?  It is not connected to anything.
>
>
> On Tuesday, May 9, 2017 9:26 AM, Rick Moen <rick at linuxmafia.com> wrote:
>
>
> Quoting Allan Cecil (allan at nblug.org <mailto:allan at nblug.org>):
>
> > My brute force concern was one of "my laptop was stolen".  Now, I have
> > an encrypted home partition but not an encrypted disk (on one of my
> > laptops, anyway) and thus /etc/password and /etc/shadow are in theory
> > accessible if the volume is mounted which would in theory allow an
> > offline dictionary attack.
>
> Even a system with encrypted disk suffers credible threat models if
> stolen while powered up.  The major spook agencies have efficient means
> to attack running systems, which I won't go into further here, but you
> can find descriptions in the usual places (Schneier's blog and
> Crypto-Gram, etc.)  And, over time, techniques pioneered by the spooks
> trickle down to lower-rent attackers, too.
>
> One interesting hypothetical is:  I'm about to visit a country known to
> be nosy about travelers' laptop computer.  (Pick your favourite bad boy.)
> What measures should I take to ensure that I don't have various types of
> problems (of which several can be named)?  EFF has published some guides
> giving advice about this problem.
>
>
> > Even the low attack rate of SSH passwords is too high for me so I've
> > disabled password-based login entirely.
>
> As the saying goes, choose your own level of paranoia. ;->  I've seen
> so many cases of stolen public keys that I have my doubts about this
> avoidance having advantages that outweigh the drawbacks.
>
> > Not as a matter of security by obscurity but more because I have
> > multiple hosts on one IP address I also use a non-default SSH port
> > which substantially reduces attacks.
>
> You call those attacks.  I call them doorknob-twisting. (But see
> traditional saying.)
>
> _______________________________________________
> talk mailing list
> talk at nblug.org <mailto:talk at nblug.org>
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nblug.org/pipermail/talk/attachments/20170509/c68d38fd/attachment.html>

More information about the talk mailing list