1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: firewire/pc express vulnerability and Bitlocker

Discussion in 'General Security' started by tito_john, Jun 22, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. tito_john

    tito_john Thread Starter

    Joined:
    May 18, 2007
    Messages:
    95
    I've inherited an HP Elitebook, which has beefed-up security features commensurate with a business-class laptop.

    I don't have any real secrets to protect other than credit card numbers and such, and I know how to avoid those risks. I've been playing around with this machine's security features just to learn how to use them and to see how well I can button down the machine in case I ever have to do it for real..

    I understand the potential problems with a cold boot attack to capture the Bitlocker key, and so am using two-factor authentication -- a fingerprint and a password to open the TPM. Another password to start up Windows and a screensaver password. I understand that the Bitlocker key is still in system memory when the computer is sleeping, so the machine is set up to use hibernation rather than sleep if I don't want to turn it off completely.

    All the normal things a prudent user would enable on a less-expensive laptop are in place -- firewall, A/V, etc. No sense worrying about whether the NSA has a backdoor into Bitlocker.

    Pause here for the first question -- any gaping security holes so far?

    I've also read about the flaw in which system memory can be accessed and the Bitlocker key read through the Firewire port and the PCExpress port, both of which this machine has. That's only when the computer is awake or asleep..

    Second question: I use Firewire very rarely and PCExpress cards not at all. Could I block this potential security hole by disabling those two devices in Device Manager?

    Finally, just to emphasize what I'm doing, I know this is overkill for a casual user who's not toting around corporate secrets. I'm just trying to learn something new. Thanks.
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    10,854
    If the Bitlocker key can be exposed thru Firewire and PCExpress ports, then I would disable them in Device Manager.

    To properly secure a machine, there are many things to consider. Some of them are :
    . running services that respond to the net
    . networking features active
    . patching Windows and ALL applications
    . disable things from autorunning when media is inserted
    . having an drive image backup for times when attack tools/malware cannot be located/removed
    . runing a low privilege account daily
    . turning on Windows Firewall outbound protection or using a 3rd party firewall
    . having an external SPI hardware firewall or router so that attackers cannot switch off your firewall

    There are more items on the list, please read the links posted below.

    .
     
  3. tito_john

    tito_john Thread Starter

    Joined:
    May 18, 2007
    Messages:
    95
    Thanks for the checklists. I think I'm in pretty good shape on most of them, but I don't have any idea how buttoned down some of the wireless networks I connect to at my clients' offices are. I treat them as public networks, of course.

    On the Firewire/PCExpress card issue, disabling the ports will be enough? I was thinking about uninstalling them, but realized that Windows would probably scan and reinstall them the next time it starts up.
     
  4. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    10,854
    Disabling them would be fine. When they're not active, they can't be used.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    All the vulnerabilities that you are complaining about are pure & simple F U D
    there is absolutely no risk unless you lose possession of the laptop. While the laptop is in your possession there is no risk of a cold boot attack or an attack via the firewire port.

    The simplest & most sensible way to avoid a cold boot attack is to actualy shut down the laptop when you finish using it, not sleep or hibernate. That way there is no risk of the bitlocker key staying in memory, longer than about 15-20 seconds after shutdown
    It is absolutely pointless to disable the firewire or PCI cards because any thief will just re-enable them again

    Be sensible & look at the actual risks not theoretical risks.

    In theory any computer can be hacked at any rime ( it all depends on what effort & how much hardware the attacker is able to or be prepared to throw at it )

    In the real world, you need to look at options and make sensible decisions based on your individual circumstances. While you have physical possession of the laptop, don't worry
    If you lose the laptop then yes there is a possible risk of a hacker or thief getting personal info, but in practice, the risk is so small that it won't happen.

    Bitlocker or any encryption *probably * can be broken by NSA or another nation state with a super computer and enough time, but in the real world, unless you are the chairman of a major public company or a politician with secret info on your computer that a competitor or another country wants, no body is going to go to any major extent to get the info from a normal; users computer.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1128263

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice