Comments on: Where there’s smoke, there’s FireWire http://www.welivesecurity.com/2011/07/28/where-theres-smoke-theres-firewire/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Aryeh Goretsky http://www.welivesecurity.com/2011/07/28/where-theres-smoke-theres-firewire/#comment-3485 Fri, 29 Jul 2011 19:44:49 +0000 http://blog.eset.com/?p=8821#comment-3485 Hello Harry,

Those are very good examples. I normally expect to see public-facing computers like those in a lab or library locked down physically as well as software-wise, and kiosk computers typically only have their KVM components exposed from their housing, as those are intended to be theft and tamper resistant. Boot loader attacks are always a possibility, which is why it is a good idea to block access to points of ingress for bootable media, as well as lock down such options in the BIOS firmware. Because there are multiple ways of attacking computers, from the hardware on up, it is important to look at defense-in-depth measures, including the physical aspects.

Thanks for the thoughtful comment!

Regards,

Aryeh Goretsky

]]>
By: Ian Grist http://www.welivesecurity.com/2011/07/28/where-theres-smoke-theres-firewire/#comment-3484 Fri, 29 Jul 2011 15:53:52 +0000 http://blog.eset.com/?p=8821#comment-3484 Great article, Aryeh!

]]>
By: Harry Johnston http://www.welivesecurity.com/2011/07/28/where-theres-smoke-theres-firewire/#comment-3483 Thu, 28 Jul 2011 20:55:02 +0000 http://blog.eset.com/?p=8821#comment-3483 It's not quite that simple.  Some computers *have* to be physically exposed to potential attackers – for example, a computer lab at a University, or a kiosk machine in a library.  These machines aren't generally vulnerable to theft either because there are people watching (but probably not watching closely enough to notice someone plugging in a firewire device) or because they have been wired into an alarm system.
It should also be noted that turning the computer off won't actually help against "evil maid" attacks unless it is encrypted and is also configured to require the encryption password at boot.

]]>