The LOCK on the front door of your house is typically what prevents a casual thief from breaking your house.
Many security practitioners believe that "STRONG PASSWORDS" for their Windows and Macs are sufficient. This may protect you from a casual thief that is more interested in selling the stolen laptop and make a quick buck. But, you may not realize that you are going into a gun fight with a knife even if you use strong passwords. Let us look at the landscape to understand the new tools available for attackers.
Anyone that can afford $15 can misuse powerful recovery tools (for example, Kon-Boot and several other boot-kits) to circumvent OS password authentication in seconds. How would you feel if a thief can brazenly walk into your house without even having to use a key for the front door?
Brutally Simple To Use
These tools have been simplified to a point where they are unusually simpleto use and anyone with a pulse can be trained to use it. How would you feel if a novice thief could walk into your house without having to deal with the lock?
These tools generally do not leave behind any obvious digital fingerprints. So,it is possible to steal data without you even knowing about it for a very longtime. How would you feel if a thief walks into your house at will when you are at work and you don’t even know about it since there are no signs or traces?
These tools provide the attacker access to your files in a matter of seconds. How would you feel if a thief can break into your house with no effort?
Implications for Security
- Attackers that are after your data no longer have to steal your laptop/desktops. They just need access to it the for a few minutes to take what they want and will leave no traces behind.
- With persistent bootkits, attackers can plant quickly malware on your computers enabling APT type attacks. They do not have to resort to complex attacks via the network or social engineering to attempt this insertion.
When your CEO leaves his/her laptop in a hotel room to go to the gym, the cleaning crew could be coerced to extract all the files and possibly plant an APT malware. You may believe your desktops are secure because they live inside locked offices. But, cleaning and maintenance crews can be coerced to misuse these tools. They could be copying data onto a USB drive while the carpets are being cleaned. In summary, strong passwords will not even slow downthese attackers.
Is there a Solution?
The simplest solution appears to be to lock down the BIOS and ensure the system can only boot from the regular drive. However, this can quickly become unmanageable because of the need to share these static BIOS passwords for operational purposes. The simplest solution known to block these attacks today appears to be the product category of Drive Encryption.
Products like McAfee Drive Encryption (aka EEPC) have been used by businesses for years to prevent data loss resulting from lost or stolen laptops/desktops.Now, their value is extended further to prevent these new ageattacks where attackers misuse these extremely simple, but powerful tools to silently bypass password authentication for operating systems.