TrueCrypt has software that is free and good. There are no great mitigations, but here are some imperfect steps you can take (in addition to the other ones mentioned here): None of the answers proposed on this web page can stop all of these attacks. Some key loggers are small, unobtrusive dongles that fit between your keyboard and your PC, so no amount of locking down the case of your PC is sufficient to protect against that threat. You just have to accept that as a fact of life.įor example, if your enemy has physical control over your PC, then he can remove the hard drive from your PC and read and write it to his heart's content on his own PC.Īs another example, the enemy can surreptitiously introduce a key logger that records all your passwords and other key strokes.
The short answer is: there is no good way to provide strong security if your enemy has physical possession of your PC. For ideal security, and if you're really paranoid, do both. A secured cabinet will do that, and also hinder any attempts at plugging in or loading alternative boot media. A chassis lock will hinder efforts to clear the BIOS password by using jumpers on the motherboard, and efforts to remove the hard drive for loading into another system. If possible, lock the system's chassis with a padlock and/or place it in a secured cabinet. Set the system to only boot to the system drive, and set an Administrator password on the BIOS so that this cannot be changed. This is the only measure that will generally survive an attack involving physical access to the system. This will prevent any attacker from reading or manipulating the system files when booting into their own environment. Also, avoid using any dictionary words in any part of the password. Make them 15 characters long at minimum, and use all four character types (lowercase letters, uppercase letters, numbers, non-alphanumerics).
That said, here's what you can do to prevent or hinder these attacks from affecting your system. Once an attacker has their hands on your computer, most other security methods in place are easily circumvented. There is already a thread on SuperUser which has some recommendations, which I will likely repeat here.Īs security compromises of a PC go, physical access is perhaps by far the worst kind. The real issue here is that the attacker only needs physical access to your hard drive in order to read or manipulate the files which contain your password hashes.
0 kommentar(er)
