Myth 8: Security Tweaks Can Fix Physical Security Problems
A fundamental concept in information security states that if bad guys have physical access to your computer, it is not your computer any longer! Physical access will always trump software securityeventually. We have to qualify the statement, however, because certain valid software security steps will prolong the time until physical access breaches all security. Encryption of data, for instance, falls into that category. However, many other software security tweaks are meaningless. Our current favorite is the debate over USB thumb drives. In a nutshell, after the movie The Recruit, everyone woke up to the fact that someone can easily steal data on a USB thumb drive. Curiously, this only seems to apply to USB thumb drives, though. We have walked into military facilities where they confiscated our USB thumb drives, but let us in with 80 GB i1394 hard drives. Those are apparently not as bad.
One memorable late evening, one author's boss called him frantically asking what to do about this problem. The response: head on down to your local hardware store, pick up a tube of epoxy, and fill the USB ports with it. While you are at it, fill the i1394 (FireWire), serial, parallel, SD, MMC, memory stick, CD/DVD-burner, floppy drive, Ethernet jack, and any other orifices you see on the back, front, top, and sides of the computer, monitor, keyboard, and mouse with it, too. You will also need to make sure nobody can carry the monitor off and make a photocopy of it. You can steal data using all of those interfaces.
The crux of the issue is that as long as there are these types of interfaces on the system, and bad guys have access to them, all bets are off. There is nothing about USB that makes it any different. Sure, the OS manufacturer can put a switch in that prevents someone from writing to a USB thumb drive. That does not, however, prevent the bad guy from booting to a bootable USB thumb drive, loading an NTFS driver, and then stealing the data.
In short, any software security solution that purports to be a meaningful defense against physical breach must persist even if the bad guy has full access to the system and can boot in to an arbitrary operating system. Registry tweaks and file system ACLs do not provide that protection. Encryption does. Combined with proper physical security, all these measures are useful. As a substitute for physical security, they are usually not.
In this tutorial:
- Protecting Hosts
- Security Configuration Myths
- Myth 1: Security Guides Make Your System Secure
- Myth 2: If We Hide It, they Not Find It
- Myth 3: The More Tweaks, the Better
- Myth 4: Tweaks Are Necessary
- Myth 5: All Environments Should At Least Use <Insert Favorite Guide Here>
- Myth 6: "High Security" Is an End Goal for All Environments
- Myth 7: Start Securing Your Environment by Applying a Security Guide
- Myth 8: Security Tweaks Can Fix Physical Security Problems
- Myth 9: Security Tweaks Will Stop Worms/Viruses
- Myth 10: An Expert Recommended This Tweak as Defense in Depth
- Server Security Tweaks
- Software Restriction Policies
- Do Not Store LAN Manager Hash Value
- Anonymous Restrictions
- Security Identifiers (SIDs)
- Password Policies
- SMB Message Signing
- Networking LAN Manager Authentication Level
- TCP Hardening
- Restricted Groups
- Audit Settings
- Client Security Tweaks
- Firewalls
- IPsec Filters
- SafeDllSearchMode
- Local Administrator Account Control
- Limit Local Account Use of Blank Passwords to Console Logon Only
- Logon Events
- Allowed to Format and Eject Removable Media
- The Caution ListChanges You Should Not Make
- Crash on Audit Failure
- Clear Virtual Memory Page File
- Security Configuration Tools