Cpgeek Posted January 16, 2015 Share Posted January 16, 2015 I work in IT as a combination network administrator and computer consultant. I often get the question of "how do I keep my computer secure", however, despite the normal "best practices" that I typically return to the average people that I help regularly, I always think to myself "you know, I can think of a few ways these normal techniques can be circumvented" or "normal computer security techniques would probably be a joke to circumvent for the $name_of_3_letter_intelligence_organization". So I started thinking... How do government intelligence agencies handle security? If I did want to commit some kind of massive information crime (not that I would ever want to), how could I ensure that nobody could figure out my physical location, and if they do, how could I secure the information on my equipment in such a way that if seized and analysed by the best computer forensics and cryptoanalysts in the world, that they would find none of the incriminating information for prosecution. It occurs to me that most publicly available crypto software is likely either not strong enough to resist the repeated attempts at circumvention by a government agency with as many resources as the NSA. Is there better software available than bitlocker / filevault2 / truecrypt / luks/dmcrypt? How does one mitigate cold boot attacks? What about mitigating against simple coercion? I know that for most standard United States trials, the fifth amendment gives some protection to people against giving up information in their head as they don't make you testify against yourself, but what about those people in non-public situations or outside of the united states on a waterboard? - a system with authentication expiration would probably be a good idea. somehow integrating a dead-man's-switch into the mix. But in all seriousness, in these days of lowered trust in governments and law enforcement officials, with anti-piracy crackdowns and governments like the Koreans and Chinese who have no free speech policies, or simple private communications, how does one create a secure system? can we really trust the common operating systems we use? windows? mac os x? - even linux and it's associated programs that make up standard distributions that are completely open source, do they have the code scrutiny to say "yes, this is completely secure!"? I really don't think so. and then worse, once you get the base system set up (even if you assume it's 100% secure), once you start adding software that you use on a daily basis, things like word processors, video players, graphical window managers, etc. how do we trust that the programs or the interactions between those programs will be secure as well? tl;dr: If you were Batman, Nick Fury, or the CIA or NSA's CIO, what kind of computer systems would you use and how would you make sure that they were totally and completely secure? How would you secure their networking? and if someone were to raid and seize these machines, how would you make it so the expert government agency with virtually unlimited resources can't access any incriminating data? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.