This forum is in permanent archive mode. Our new active community can be found here.

Need to make sure a computer is secure.

edited February 2010 in Technology
Okay, So I'll say what I can, but I can't give all the details.

A company that I'm hired by occasionally for computer support has recently had their computers seized by a federal government agency. There is word that they will be getting their computers back soon, but lets just say they aren't out of the woods yet. Upon their return, I will be tasked with...returning them to a more trustworthy state.

Obviously I'll be wiping the hard drives, inspecting the hardware for key loggers or suspicious components, installing the OS from scratch, and encrypting the hard drives with truecrypt.

Do you guys have any suggestions in locking down these machines? They have to use Windows XP, unfortunately, due to proprietary software which is necessary to the operations of their business.
«1

Comments

  • edited February 2010
    Don't give users privileges.
    Post edited by George Patches on
  • Don't give users privileges.
    • Put that shit behind a NAT firewall.
    • Make sure the updating is AUTOMATIC and FORCED.
    • Edit the HOSTS file.
    • Only allow the websites/ports that the employees NEED TO USE.
    • If possible, don't connect the computers to the internet at all ^_~
  • Install Linux
  • edited February 2010
    Just to clarify: Was it full of insecure stuff that resulted in the audit or do you suspect the government has put some nasty stuff on there during the audit?
    If the latter, I have no idea what kind of stuff the government can get their hands on in terms of surveillance. I'm not sure but I think there are ways of corrupting parts of the hard drive so that they can't be overwritten and leaving something there.
    I'd begin by physically inspecting the computers then, if feasible, replacing the hard drives (BIOS would probably be too much.) then Truecrypting the whole system drive, (Though, making sure the employees don't give their password out is going to be a challenge.) and, again, if feasible, installing Ubuntu to at least cut down on the chance of employees brining anything bad in by themselves.

    Oh, and run Wireshark off a live CD for a while to keep an eye out for anything strange.
    Post edited by Omnutia on
  • If possible, don't connect the computers to the internet at all ^_~
    My first suggestion.
    Don't give users privileges.
    • Put that shit behind a NAT firewall.
    • Make sure the updating is AUTOMATIC and FORCED.
    • Editthe HOSTS file.
    • Only allow the websites/ports that the employees NEED TO USE.
    My other suggestions. You people making me feel useless!

    But why the hell did the government seize the computers, and why the hell are you still working for that company?
  • Hard Drives + Thermite + New Hard Drives + Flash BIOS.

    Be extra safe.
  • edited February 2010
    Just to clarify: Was it full of insecure stuff that resulted in the audit or do you suspect the government has put some nasty stuff on there during the audit?
    Unfortunately, I can't tell you why the computers were seized. However, I had cleansed their computers of baddies only a couple weeks before the Feds seized the computers, so I am more worried about government stuff.
    if feasible, installing Ubuntu to at least cut down on the chance of employees brining anything bad in by themselves.
    Like I said, They have to be running Windows XP because of a proprietary software they are using. They can't use anything else until the company that makes the software make it work in vista/7.
    Oh, and run Wireshark off a live CD for a while to keep an eye out for anything strange.
    That's a good idea.
    But why the hell did the government seize the computers, and why the hell are you still working for that company?
    I'm not in a position to say why the government took the computers, but the only reason I'm still helping these jackasses is because my uncle works there (for now, he might quit because of all the crap the owner's given me). The owner tried to stiff me, twice. The first time he paid because I threatened to make his porn habits known (not pedo, but weird shit). The second time He only paid because I had DBAN ready to go on their main data server. If he tries anything funny this time, I'm just gonna write it off and anonymously email all drive encryption keys to the proper authorities. I don't like having to resort to these sorts of methods, but when I do work I Get Paid.
    Hard Drives + Thermite + New Hard Drives
    Well, what's going to happen is they are supposed to buy new hard drives, give them to the Feds, the feds will copy the drives onto the new ones and install them into the machines, then give the machines back. I'm pretty sure wiping out the drive and over writing it a few times will do it. Besides, thermite is hard to get. But I WILL be installing Windows from scratch, so yeah.
    Flash BIOS.
    Another good idea.
    Post edited by Victor Frost on
  • Besides, thermite is hard to get.
    Rust and aluminium is hard to get? What kind of a country do you live in? ;-)
  • Besides, thermite is hard to get.
    Rust and aluminium is hard to get? What kind of a country do you live in?;-)
    I meant pre-made. Thermite is one of those things you DO NOT want to try making at home.
  • edited February 2010
    I meant pre-made. Thermite is one of those things you DO NOT want to try making at home.
    Bullshit.
    Thermite is stable and safe with unignited, because in it's most common form, it's Iron Oxide and Aluminium, powdered, and mixed together. You can't ignite it with regular flames and such, you need something like a magnesium strip to ignite it, or if you have the right mix, you can light it with a sparkler, if you do it right.

    Making thermite is no more dangerous than, say, mixing Flour and Baking soda, or sand and dirt. The dangerous part comes when you set it off, and even that isn't terribly dangerous, if you do it right.
    Post edited by Churba on
  • I meant pre-made. Thermite is one of those things you DO NOT want to try making at home.
    No problem if you do it outside in a safe area away from any utilities. Avoid doing it on the ground when the gas line is buried below you...
  • If you are really paranoid about key loggers, remember that the best place to install them is inside the keyboards. In there there is power and no one can detect it easily, so it's perfect for long term spying. That being said, in this situation I would also take extreme measures to cover my own ass but I think you are being a little paranoid.
  • RymRym
    edited February 2010
    If you are really paranoid about key loggers, remember that the best place to install them is inside the keyboards.
    This is absolutely correct.

    Basically (if you're paranoid):

    1. Dump your suspect commodity peripherals (keyboards mostly)
    2. Visually inspect the motherboard (probably not necessary), compare to a picture of it online. Don't worry about anything etched or resistors or things like that: focus only on the IO ports
    3. Flash the motherboard BIOS to the newest version from the manufacturer (good opportunity to do so anyway)
    4. DBAN the drives and re-install the OSs
    5. Egress monitor your network

    Step 2 is probably unnecessary, but it wouldn't take long, and the due diligence would look good to your employer.

    If the government actually wants to spy on you, and the above doesn't remove it, you're in over your head anyway, and there's nothing within reason you could do to avoid it. Just go through the motions with the above procedure and leave it at that.

    Now, important question time: did they seize any network equipment?

    Were I a government agency who needed to keep an eye on you, I'd simply leave a back door in your router when I seized it. Anything else is kind of silly. Furthermore, if they did bug your equipment, they likely have a warrant and legal backing to do so, in which case, you'd better be damn sure you're working for the "good guys."

    As I said, go through the motions, get paid, and call it a day. Nothing you do will really affect the outcome of this whole thing whatever it is.
    Post edited by Rym on
  • you'd better be damn sure you're working for the "good guys."
    If you know you are working for the bad guys, then just pretend to fix things up, but don't. Get paid for pretending.
  • edited February 2010
    I meant pre-made. Thermite is one of those things you DO NOT want to try making at home.
    Bullshit.
    Thermite is stable and safe with unignited, because in it's most common form, it's Iron Oxide and Aluminium, powdered, and mixed together. You can't ignite it with regular flames and such, you need something like a magnesium strip to ignite it, or if you have the right mix, you can light it with a sparkler, if you do it right.

    Making thermite is no more dangerous than, say, mixing Flour and Baking soda, or sand and dirt. The dangerous part comes when you set it off, and even that isn't terribly dangerous, if you do it right.
    Also, here in the US, it's legal to ship the ingredients for thermite mix. Just go to United Nuclear or Make:Chemistry Store, order aluminum in 80-100 mesh and Fe2O3 powder. It'll cost you $15 with shipping, maybe $20 if you buy magnesium ribbon. 4oz will melt as many hard drives as you care to stack, just be sure to do it in a pit filled with sand, or a large ceramic flowerpot filled with the same at its base. You could make the mix with a postal scale and a paint stirrer.
    Post edited by WindUpBird on
  • In other news, we've all now been added to the FBI's terrorist watch list...
  • In other news, we've all now been added to the FBI's terrorist watch list...
    ...this could cause me trouble.
  • edited February 2010
    In other news, we've all now been added to the FBI's terrorist watch list...
    Because thermite is reallllllly dangerous...It requires several thousand degrees of heat to start the reaction, and is pretty impractical for anything other than welding, quick-n-dirty metalwork, or data destruction; everyone here is fine. If you have a high school chem book, you know how to make thermite. Check your section on enthalpy and exothermic reactions.
    Post edited by WindUpBird on
  • edited February 2010
    In other news, we've all now been added to the FBI's terrorist watch list...
    Because thermite is reallllllly dangerous. It requires several thousand degrees of heat to start the reaction, everyone here is fine. If you have a high school chem book, you know how to make thermite. Check your section on enthalpy and exothermic reactions.
    Topics covered in this thread:
    • Obstructing a possible Federal investigation.
    • Destruction of government property.
    • Acquisition and manufacturing of high-grade incendiaries.
    • Use of said incendiaries to attack U.S. infrastructure and ultilities.
    • Proper application of various electronic warfare components, including keyloggers and hacker operating systems (Linux)
    /not srsbsns, duh
    Post edited by Andrew on
  • Because thermite is reallllllly dangerous...It requires several thousand degrees of heat to start the reaction, and is pretty impractical for anything other than welding, quick-n-dirty metalwork, or data destruction; everyone here is fine. If you have a high school chem book, you know how to make thermite. Check your section on enthalpy and exothermic reactions.
    You know what's more dangerous? Sawdust. You can make what is basically a fuel-air bomb on a smaller scale with sawdust and sawdust alone.
  • edited February 2010
    If you get enough smoke detectors, there will be enough radioactive material for a dirty bomb.

    You need to fill out paperwork to buy pseudoephedrine, which can be used to make meth, but not to buy a smoke detector.
    Post edited by Apreche on
  • edited February 2010
    Topics covered in this thread...
    Well, point 1 is up to Sonic's decision, as is point 2; I wouldn't fuck with shit if I knew it dealt with a government investigation or government property. Point 3, eh. The government has bigger fish to fry than amateur and potentially professional chemists. Point 4, I never suggested either of those things.

    I guess my overall advice for this thread would be do what Scott said: pretend to do your job, get paid for pretending. It sounds like these guys aren't the greatest, and OoJ is, unlike this thread, srsfknbsns.
    You know what's more dangerous? Sawdust. You can make what is basically a fuel-air bomb on a smaller scale with sawdust and sawdust alone.
    Wood shop explosions...You always hear those stories. Wired ran an article on how to do the same thing with a soup can of dairy creamer, a wax paper cap, and nichrome+a 9v for the Fourth.
    If you get enough smoke detectors, there will be enough radioactive material for a dirty bomb.
    Or to build a crazy-dangerous breeder out of aluminum foil like that one kid.
    Post edited by WindUpBird on
  • Wood shop explosions...You always hear those stories. Wired ran an article on how to do the same thing with a soup can of dairy creamer, a wax paper cap, and nichrome+a 9v for the Fourth.
    Powdered non-dairy creamer + fire = exciting!
  • edited February 2010
    They'd probably pick up on the smoke detector bomb, given the number of smoke detectors you'd have to extract it from. I heard what might be an urban myth about a boy who made a bomb from Americium that way, though, you need 60kg to cause a chain reaction.
    Post edited by Omnutia on
  • Because thermite is reallllllly dangerous...It requires several thousand degrees of heat to start the reaction, and is pretty impractical for anything other than welding, quick-n-dirty metalwork, or data destruction; everyone here is fine. If you have a high school chem book, you know how to make thermite. Check your section on enthalpy and exothermic reactions.
    You know what's more dangerous? Sawdust. You can make what is basically a fuel-air bomb on a smaller scale with sawdust and sawdust alone.
    I prefer flour for the bakery fresh bread smell afterwards.
  • Even better. Dowse a hay bail with water and wait for it to catch fire. ^_~
  • edited February 2010
    Side note: The International Atomic Energy Agency has a bitching flag.
    image
    That is all.
    Post edited by Omnutia on
  • In other news, we've all now been added to the FBI's terrorist watch list...
    Nothing studying chemistry/physics/engineering/visiting anywhere vaguely Arab/joining a communist group in collage/owning any copy the anarchist cookbook/buying bulk curry spices did not already do
  • buying bulk curry spices
    Nanami got away with it.
    image
Sign In or Register to comment.