Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Ever seen a dead-man switch?

from [Volker Tanger] Network Security [Permanent Link]
Subject: Re: Ever seen a dead-man switch?
Date: Wed, 20 Oct 2004 08:52:08 +0200 
Greetings!


On Tuesday 19 October 2004 08:39 am, Lachniet, Mark wrote:

Out of curiosity, has anyone *ever* seen one (a dead man switch) in
the field?  I know its something that can be done, and a risk, but I
can't say I've ever heard a report of finding one.  Just curious. 
Seems like every time your DSL or cable modem flaked out, your hard
drive would get formatted :)  Considering my local service, that
would mean a lot of OS re-installs.


Various - though I would not call them "dead-man-switch". I've seen
"dead-process-switches" more often, where e.g. the master process kills
the remains of the hanging one and restarts that one anew.

Back to the "dead man" - and very simple implementations: 

I've seen appliances/firewalls that boot from a removable medium -
sometimes to the extent that they boot and wait for removal before
really starting. Power loss (for whatever reason) means reboot - which
will fail without boot medium of course. Getting hold of the config will
not bee too easy on a RAM-only system, either.

Examples are: 
Linux floppy-routers (fli4l.de et al.), SuSe Firewall-on-CD (no longer
produced), Firestick.de firewall, ...

This gone to extremes would be a (removable-boot) linux system with
iptables shut down into HALT state. The kernel will still be forwarding
packets, but you'll have a really hard time trying to pry around in that
system as nothing else will run...


The other (simplistic) implementation is mounting a filesystem on
cryptoloop or cryptfs. Power off or reset and the key (in RAM) is gone
and the data (presumably) safe.


And of course we all know the (locking) screen saver: do noting for N
minutes and the screen will be locked. An advanced combination would be
e.g. XAUTOLOCK with SHUTDOWN/poweroff configured as "screensaver" and a
cryptoloop and you got a reasonable dead-man-switch for securing your
data.


Bye

Volker Tanger
ITK Security

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Ever seen a dead-man switch?, Altheide, Cory B. (IARC)
Next by Date:  RE: Ever seen a dead-man switch?, Jerry Shenk
Previous by Thread:  Re: Ever seen a dead-man switch?, Bill Laut
Next by Thread:  RE: Ever seen a dead-man switch?, Schmidt, Eric W
Indexes:  [Date] [Thread] [Top] [All Lists]