[cryptome] Re: airgepped computer?--not for long maybe.

• From: Andrew Hornback <achornback@xxxxxxxxx>
• To: cryptome@xxxxxxxxxxxxx
• Date: Thu, 4 Dec 2014 12:24:48 -0500

Right, but you would think that an organization with the kind of
operational security needs that they would go to the lengths of installing
a separate physical network would have their systems on that network locked
down to prevent ANY form of removable media - whether it's used for
installation of an OS or storage of documents due to various threats and
the idea of preventing data loss/leakage.

As to your thought on connecting to a possibly infected system -
organizations that go to these lengths would most likely also install brand
new hardware on that network to mitigate that risk.  Of course, it's
possible that those systems would come from the factory with something
onboard (which is the big knock against Lenovo at this point) to allow for
snooping.

At this point, the only real way to mitigate and eliminate every risk would
be to leave the systems in the original shipping container, surrounded by a
Faraday cage, in a locked room with no lights or windows a single door
locked, welded shut, surrounded by thermal, IR and visual spectrum cameras,
barbed wire, land mines, a moat filled with flesh eating bacteria and
patrolled by a vampire bunny with a hangover, a .45 and a bad attitude.
But, since that would put a slight crimp in worker productivity...

--- A

On Thu, Dec 4, 2014 at 12:02 PM, Libertas <libertas@xxxxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/04/2014 11:18 AM, Andrew Hornback wrote:
> > In an environment that requires an air-gap level of security and
> > scrutiny, to allow removable media (especially USB drives)
> > unfettered borderlines on the infinitely stupid.
>
> It's not about allowing unfettered access, it's about using a USB on
> the machine for any reason at any point. Its firmware could have been
> infected in many ways, as it's likely been attached to another machine
> which was networked. This is especially true considering that many
> cheap laptops don't have CD drives these days, and that USBs are
> commonly used as install drives.
>

• References:
  • [cryptome] Re: airgepped computer?--not for long maybe.
    • From: Andrew Hornback
  • [cryptome] Re: airgepped computer?--not for long maybe.
    • From: Libertas

Other related posts:

• » [cryptome] airgepped computer?--not for long maybe.- Shaun O'Connor
• » [cryptome] Re: airgepped computer?--not for long maybe.- Andrew Hornback
• » [cryptome] Re: airgepped computer?--not for long maybe.- Libertas
• » [cryptome] Re: airgepped computer?--not for long maybe.- Shaun O'Connor
• » [cryptome] Re: airgepped computer?--not for long maybe. - Andrew Hornback
• » [cryptome] Re: airgepped computer?--not for long maybe.- doug
• » [cryptome] Re: airgepped computer?--not for long maybe.- Shaun O'Connor
• » [cryptome] Re: airgepped computer?--not for long maybe.- doug
• » [cryptome] Re: airgepped computer?--not for long maybe.- Shaun O'Connor

1. Home
2. cryptome
3. Archive
4. 12-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---