Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Wireless Networking Open Source Operating Systems Privacy Windows Linux

Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking? 140

dryriver writes: A client has given you confidential digital files containing a design for a not-yet-public consumer product. You need to work on those files on a Windows 10 PC that has a wireless chipset built into it. What can you do, assuming that you have to work under Windows 10, that would make 3rd party wireless access to this PC difficult or impossible? I can imagine that under a more transparent, open-source, power-user OS like Linux, it would be a piece of cake to kill all wireless access completely and reliably even if the system contains wireless hardware. But what about a I-like-to-phone-home-sometimes, non open-source OS like Windows 10 that is nowhere near as open and transparent? Is there a good strategy for making outside wireless access to a Windows 10 machine difficult or impossible?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking?

Comments Filter:
  • Don't use wireless (Score:1, Insightful)

    by Anonymous Coward

    First post

      • Or just disconnect the antenna plugs from the wireless card. It's not going to be able to talk to any networks if you reduce its effective range to less than 6 inches. You can always plug them back in when you're finished.

        • by fyngyrz ( 762201 )

          That can be difficult with some hardware designs; it also doesn't address various non-wifi signal capture methods.

          If you're really concerned, then a properly built Faraday cage combined with excellent physical security is the best answer there is.

  • to an area without any possibility of a signal.
    • to an area without any possibility of a signal.

      Like Green Bank, WV [wikipedia.org]:

      Green Bank is located within the National Radio Quiet Zone, which means that radio transmissions are heavily restricted by law.

    • As suggested by other discussion threads here around :

      You can also achieve the same virtually :
      "virtually move" the image to an area without any signal.

      I.e.:
      Windows 10 goes into a VirtualBox VM.
      VM has no network.
      VM has only CD-ROM (so can read from .iso files you mount) and shared folder (VirtualBox sharing doesn't go through network, so it's not opening windows 10 to remote access, at least not without a collaborating host OS).

      You can pass the files and necessary application through shared folders and .ISO

      • WHERE do you find an area with no signal? It happens this laptop has wider radio capabilities than wi fi and there is no interface to see what the laptop radio is saying over what frequency, other than conformant http protocols. The radio buttons never goes out but it was off when the laptop was brand new. The point is to be able to be online without danger, not to be completely isolated. Maybe Win 3.1 was fully isolated, but these new windows do not seem to be able to stop being in permanent conference.
        • WHERE do you find an area with no signal?

          The whole point is *VIRTUAL*.

          The host's virtual manager (e.g.: Virtual Box running on the Host GNU/Linux distro of your choice) is in charge of what happens.
          Windows 10 is installed on a virtual machine, that machine has no network device simulated at all, only a shared directory (Note: Under VirtualBox, shared directory don't work over the network, but use a dedicated separate API offered by VirtualBox. No need to expose the virtual image to the network in order to exchange data. Windows 10 can't phone home

  • Virtualization (Score:4, Interesting)

    by hcs_$reboot ( 1536101 ) on Tuesday March 07, 2017 @08:09PM (#53996169)
    Make a Linux partition via VirtualBox (...), put the encrypted data there through ssh / rsync, encrypt it and keep it encrypted when on disk.
    • by TWX ( 665546 )

      I was thinking about recommending something like this but realized that Windows 10 might be a prerequisite because of some application needed to work with the files. That would then mean finding a way to provide the host OS access to the guest OS's filesystem in order to access those files.

      I would be much more inclined to run Windows as a VM on a Linux box as the host OS, and to restrict stuff before Windows ever boots up.

      • So do it the other way round. Have the host run Linux and run the application in a Windows VM that doesn't have access to the wireless device.
        • Yep, you run win10 in virtualbox on a linux host. You can then disable networking completely or use iptables to restrict access to only the things you need:

          (copy-pasted from a thing I wrote a while back)

          How to make a Windows 10 VM secure with a Linux host

          Simple! Restrict all intarwebs access to everything that you don’t absolutely need:

          1. run virtualbox with the vboxusers group:

          sudo -g vboxusers virtualbox

          2. allow access to the site you want:

          sudo iptables -A OUTPUT -m owner --gid-owner vboxusers -d [i

          • I am not sure why you appear to think that Virtualbox is the only solution.

            With a SPICE display, KVM/QEMU gives very good performance, without the need for closed-source plugins just to get support for basic things like USB2.

            • Sorry if I offended your inner zealot. I never said or thought virtualbox was the only solution. It's the one I used when I needed to do this. You can use any virtualisation tool you want, even completely proprietary ones like vmware.

    • Re:Virtualization (Score:5, Informative)

      by scdeimos ( 632778 ) on Tuesday March 07, 2017 @08:57PM (#53996523)

      I was going to suggest VirtualBox as well.

      I routinely install Windows into VirtualBox guests that have no virtual LAN adapters configured (i.e.: no network access). The guests can only access: inserted optical discs and/or .iso files; authorized USB sticks; persistent/non-persistent VirtualBox shares.

      The big downside, though, is accelerated graphics:

      • You pay a significant penalty for DirectX under VirtualBox.
      • The video drivers installed with VirtualBox Guest Additions have OpenGL support limited to API Level 2.1, so you can't run anything that requires OpenGL 3 or better.
      • The VBGA OpenGL driver implementation is also really quite flakey. e.g.: Blender won't work with it, but can be made to work if you download the OpenGL Software Driver from the Blender FTP site. Of course this horribly slow because, you know, no hardware acceleration.
      • Also the VBGA OpenGL drivers are disabled by default for Windows 8 or later guests. You can enable them by running the Guest Additions installer from the command line with switches and/or Registry hacks.
      • authorized USB sticks

        Pay attention that the current default behavious of VBox scripts might open a different kind of vulnerability :

        USB-pass-though requires that the VBox process has access to the raw USB device.
        This is done by the script "/usr/lib/virtualbox/VBoxCreateUSBNode.sh"
        it creates the appropriate entries in "/dev/vboxusb/"
        granting them full group access for "vboxusers"
        Currently this script is called by default by "/etc/udev/rules.d/90-vbox-usb.rules" for any plugged-in device.

        That means the raw USB device of *any* USB

  • by Chris Mattern ( 191822 ) on Tuesday March 07, 2017 @08:09PM (#53996171)

    1) Don't set up an access point. If you still need an access point, set up a encrypted one (which you should do anyways) and don't give the isolated PC the keys. WiFi isn't magic; if there's no place for it to go, it's not going to go anywhere.

    2) Put a Faraday cage around the antenna. This could be as simple as wrapping it in foil.

    • by jonwil ( 467024 ) on Tuesday March 07, 2017 @08:14PM (#53996205)

      Shielding the WiFi antenna (or the whole device) is the only way to be sure its secure.

      You cant trust any software solutions or any hardware on-off switches installed by the manufacturer.

      • Re: (Score:3, Insightful)

        by bughunter ( 10093 )

        You cant trust any software solutions or any hardware on-off switches installed by the manufacturer.

        Especially if today's Wikileaks dump is true.

      • by peragrin ( 659227 ) on Tuesday March 07, 2017 @11:24PM (#53997243)

        Exactly. My Samsung smart TV would randomly turn on the wireless and try to communicate outside. When I first set it up I used wifi, realized how stupid it was and switched it to the wired connection, which then was left unplugged.

        I upgraded my router and was screwing around when I noticed a new device was connecting( I used the same SSID and WPA key in both). After shutting everything down I turned on the TV and checked, wifi off,. I turned on wifi and bam. Same Mac address as my mystery guest. That was promptly banned. No wifi for you sneaky TV.

        So even if you give a device access the only way to be sure is to disconnect it thoroughly.and software can be sneaky.

        • Yes do what you can on the device, but don't trust the device. Additional controls like banning the MAC at the network level are essential.

    • WiFi isn't magic Incorrectly assumes someone doesn't have a system in place that you don't know about, which is likely in any sort of espionage peril.

      Put a Faraday cage around the antenna. This could be as simple as wrapping it in foil. Which may or may not work for most wireless APs, but absolutely will not for any sort of serious espionage peril.

    • 1) Don't set up an access point. If you still need an access point, set up a encrypted one (which you should do anyways) and don't give the isolated PC the keys. WiFi isn't magic; if there's no place for it to go, it's not going to go anywhere.

      2) Put a Faraday cage around the antenna. This could be as simple as wrapping it in foil.

      Better option, buy a Lenovo M900 mini PC without WiFi and use it exclusively to work on your client files. It's small enough to move around and should be powerful enough (i5 / i7) for most tasks...

  • Bios settings (Score:5, Insightful)

    by smylie ( 127178 ) <spam_me@smy[ ].co.nz ['lie' in gap]> on Tuesday March 07, 2017 @08:10PM (#53996181) Homepage

    Most (all excluding Apple?) laptops wil allow you to turn off / disable the wireless chipset in the bios. Many also have a physical kill switch on the side of the case.

    Barring some wikileaks sort of tomfoolery from the CIA, this should stop any network access (assuming you also don't plug in a network cable).

    • by AHuxley ( 892839 )
      Re 'Barring some wikileaks sort of tomfoolery from the CIA"
      Thats really the question every small or larger brand should be asking.
      Is the US government interested in the work been done?
      Can a competitor afford to hire a person who worked for the US gov or with the US gov tools to access the files?
      Is the competitor another nation, government, with CIA like skill sets or that has a copy of the CIA like tools?
      A private detective with friends who worked for the US gov or some other government the US trusted
      • by allo ( 1728082 )

        Just be sure. Your approach is prone to forget something or somebody or just miscalculate the risk and then the cia(contractor) or somebody using the same security hole still accesses your stuff. Better safe than sorry

        • by AHuxley ( 892839 )
          Thats why the smarter people use couriers, trusted face to face meetings. A world wide faith or cult is great cover too. Trusted, on the move and in every community.
          Re ' somebody using the same security hole still accesses your stuff. Better safe than sorry"
          The Soviet Union had that issue. By the 1950's they had the final proof that the US and UK had broken many of its codes, one time pad re use.
          The option was to stop all chatter on all networks and only use one time pads. That totally locked the NSA
    • Most (all excluding Apple?) laptops wil allow you to turn off / disable the wireless chipset in the bios.

      The Apple macOS menu bar has status indicators. One is for wifi. Select it and a dropdown menu appears. One of the options is "Turn Wi-Fi Off".

      • Most (all excluding Apple?) laptops wil allow you to turn off / disable the wireless chipset in the bios.

        The Apple macOS menu bar has status indicators. One is for wifi. Select it and a dropdown menu appears. One of the options is "Turn Wi-Fi Off".

        And if you prefer to run Windows 10 directly on Apple hardware (Boot Camp rather than emulation) then select the wifi status indicator on the task bar and use the WiFi on/off toggle button.

      • by smylie ( 127178 )

        Yeah - that's just a software control though and (i imagine) trivially turned on programatically.

        • Yeah - that's just a software control though and (i imagine) trivially turned on programatically.

          BIOS is software control too. :-)

          • by smylie ( 127178 )

            yup. but the bios settings are typically a lot harder to change from userland than, well, userland settings (if it's even possible at all - normally it's not)

            • yup. but the bios settings are typically a lot harder to change from userland than, well, userland settings (if it's even possible at all - normally it's not)

              You don't need to change BIOS settings from userland. From userland to kernel to hardware works just as well, the hardware does not care what is configuring and initializing it.

              • by smylie ( 127178 )

                Sure. In theory - I've not heard of it being done in practise other than wrt to specific bios settings like clock speed.

                As far as I know, this isn't possible in Windows (or linux) - happy to be proven wrong though. Do you have any links with further info? My cursory 30 seconds of googling seemed to suggest was still not possible.

                • Sure. In theory - I've not heard of it being done in practise other than wrt to specific bios settings like clock speed. As far as I know, this isn't possible in Windows (or linux) - happy to be proven wrong though. Do you have any links with further info? My cursory 30 seconds of googling seemed to suggest was still not possible.

                  Drivers interact with the hardware all the time. So too could malware as long as it is running in privileged mode, like drivers and other low level OS code. The hardware I am speaking of are the chipsets for the various types of I/O, not the BIOS itself. BIOS is largely irrelevant once the host OS is running. The host OS may look at current BIOS setting and respect a user setting but it is under no obligation to do so, BIOS can not enforce any limitations on the host OS. So if you can get malware running in

    • by dwywit ( 1109409 )

      Lots of windows laptops have this, also. BIOS or hardware switch.

      Also, depending on the situation, you could:

      1. only one AP in range? i.e. are you working from home, and out of range of other APs?. Blacklist your laptop's MAC address at the AP.

      2. turn off DHCP on the laptop, set static IP to 169.254.xxx.xxx

      3. not sure about this one, but: arp -s 127.0.0.1 your-mac-address

    • by beckett ( 27524 )
      for OSX you can remove IO80211Family.kext from /System/Library/Extensions to stop the wifi drivers from loading.

      However, Typically i'd just go into system preferences and remove the wifi interface from the network settings. OSX will make no attempt to land there if it doesn't have a network interface.
  • Disable the wireless interface in the device manager. Or, look for the switch on the side of the computer that turns of the wireless, if it still has such a thing.

    • by msauve ( 701917 )
      This, but with the knowledge that malware on the PC could potentially turn it back on without your knowledge. If that's still a concern, the wireless card can be removed from many systems - it's often an m.2 or PCI-e card which is plugged into a socket.
      • by TWX ( 665546 )

        It might also be possible to disable it in the BIOS.

        Or if you're going through the effort to remove it, you might just unhook the tiny little connectors that connect the antennas to it.

        • Or if you're going through the effort to remove it, you might just unhook the tiny little connectors that connect the antennas to it.

          Frankly, this is probably the only way to be sure. Newer laptops I'm not sure about, but many older ones, the wifi mini-board is easily accessable. Less than 5 minutes to pop it in or out.

          Alternatively, if you trust Windows.. airplane mode perhaps?

  • by Yoik ( 955095 ) on Tuesday March 07, 2017 @08:14PM (#53996209) Journal

    Put all the critical files on an external drive that is only plugged in when the system is isolated. Not perfect, but with good higene and an innocuous configuration on the base it should be fine.

    • by TWX ( 665546 )

      Sounds like this is a developer. Good hygiene may be a problem.

    • Or just encrypt the machine, take standard security precautions, realise that no one is going to magically remotely configure your machine to turn on wifi and act as an access point, and keep the tin foil for baking lasagne.

      Seriously. State secrets are not protected against the type of mythical attack being proposed here. And lets face it, getting a windows PC to connect via WiFi as an access point is hard enough to do when you want to and have full administrator privileges on a machine.

      If you're really tha

  • by nawcom ( 941663 ) on Tuesday March 07, 2017 @08:17PM (#53996227) Homepage
    .. and disabling the device in Windows 10 or the BIOS isn't enough, then just remove the wireless card. If by PC you mean desktop PC, unless it's a USB wifi chip soldered onto the motherboard, it'll be a typical miniPCIe or M.2 card. Remove it. For laptops a physical switch or hotkey for disabling the wifi card at the firmware level is common, but the same goes for that. They're not soldered onto the board (with some very rare exceptions) - they're miniPCIe or M.2 cards that are removable. Whether they're easily accessible varies by laptop model, but they're still removable.
    • by Anonymous Coward

      Just more as an FYI and less as relating to the question asked, but there does seem to be a number of motherboards available now with wifi built in and not in a removable form.

      Now to be clear, the only two I've seen so far were clearly marketed as "gaming" computer motherboards and for the DIY demographic, so there is next to no chance of finding this in any company setting.

      But I previously had a MSI X99 board in a system that was physically damaged (crap water cooler block) so I salvaged what parts I could

    • Yep. Not sure what's so hard about it. Pull the physical card out of the laptop and be done with it.

    • ^ So much this. The only way to be 100% sure that nothing leaks out is to remove the Wi-Fi module. Plug in an Alfa USB wireless adapter when you want it to communicate.
  • by buss_error ( 142273 ) on Tuesday March 07, 2017 @08:23PM (#53996287) Homepage Journal

    on a Windows 10 PC First problem

    that has a wireless chipset built into it Second problem.

    1. Don't work on sensitive issues using Windows of any version. Explore a windows VM under a more secure hypervisor where the guest cannot override the host on hardware or network issues.

    2.Don't work on sensitive issues using a system with communications ability that does not use a verified hardware kill switch. EG: Avoid systems that use software to check the hardware switch to disable. Use hardware that uses a hardware switch to either kill power to that subsystem or uses an NMI to prevent function.

    3. Build a Faraday cage room for sensitive work stations. There are government manuals on how to create TEMPEST spaces.

    Sound hard? Somewhat. But then again, security, real security, isn't trivial.

  • 1) Disable NIC in Windows
    2) Disable NIC using the hardware switch
    3) Disable NIC via BIOS
    4) Remove NIC from PC
    5) Use WPA2-Enterprise
    6) Turn off PC

    IDK, what are your constraints?

  • If you believe Windows 10 is going to spy on you via wireless after you disable it, then you likely don't really understand how to practice good security under any OS.
  • Stop trusting wifi on any network or device. Its not just the CIA, NSA but also local governments, competitors, random people that are looking for files.
    Use ethernet for internal networks.
    Ethernet for any internet connected computer.
    Buy laptops or desktops with ethernet. If you need wifi for some new device, use it with caution and limit any files that get moved by wifi.
    If you need "I-like-to-phone-home-sometimes" turn on wifi for that, let a device do its connection. No need to connect all your file
  • by lophophore ( 4087 ) on Tuesday March 07, 2017 @08:38PM (#53996417) Homepage

    turn on airplane mode.

    Some PCs have a physical switch that turns off all the wireless. If you have one of those, switch it off. Files can be transferred over bluetooth, as well.

  • by Doke ( 23992 ) on Tuesday March 07, 2017 @08:40PM (#53996433) Homepage
    Most PCs with built in wifi have a couple antennas in the top of the case, connected by wires to a wireless card in a pci-e slot. That's so the antennas get better signal than they could deep inside on the card. It's usually on a card, because wifi standards vary across countries, so it's easier to put in the right card, than to make a new motherboard per region. Open it up, unplug the antenna, and remove the card. If the wireless is actually built in to the motherboard, then unplug the antennas, and wrap insulated tin foil around the card.
  • by Proudrooster ( 580120 ) on Tuesday March 07, 2017 @08:41PM (#53996435) Homepage

    Just Google the model of the laptop in question and teardown, example, "thinkpad yoga teardown"

    Many laptops still use WIFI+Bluetooth cards [myfixguide.com] which can be physically removed. The antenna wire runs directly to the module and can be removed disabling the antenna if you don't want to pull the module.

    Even the newer Yoga's have WIFI modules [myfixguide.com] which can be physically removed.

    So if you want to make outside WIFI access difficult or impossible, remove the module and it will be impossible. Plug the laptop into physical wiring only and secure your network.

    As for running Windows 10, that OS has a mind of it's own and the only way you can stop the madness is at the network level.

  • First make sure the windows firewall is enabled, and the inbound is set to block. you can also use device manager to disable the wireless devices if you want. but
    that wont stop malware from doing an outbound connection.

    but here the short list:
    1 use ciscos opendns and configure the web security rules.
    2 decent AV/security software
    3 malwarebytes
    4 chrome
    5 block flash and ads, use WOT plugin
    6 UAC set to full do not run as admin

    -Nex6

  • by Anonymous Coward

    Fully disable the onboard chip: Remove the PCI-E Wifi card or remove the antenna's from the card. If the WIFI chip and\or antenna's lead wires are soldered in, cut them in such a way they can be re-soldered later and ensure the metal contacts are electrical taped over so they cannot come into contact with anything inside. Same goes for blue tooth. If the antenna is built into the laptop, find a new laptop. From there, Go into device manager and disable the wifi card, then turn it off via a function ke

  • 1. Don't turn on wireless when your sensitive data files are laying around on your device...Simple, effective, but not likely what the user wants. You can augment this a bit by encrypting the data when at rest and trying to have a policy that users are NOT allowed to have their wireless on when the data is unencrypted. (I.E. Do individual file/directory encryption and only decrypt when the network is turned off).

    2. Only do you work on VM's which are NOT run locally on the portable device but in a secure

  • by mysidia ( 191772 ) on Tuesday March 07, 2017 @09:25PM (#53996691)

    As bad as it seems.... turn on Windows Firewall with Advanced security, and make sure the computer is not joined to a domain, And None of the firewall exceptions are turned on. Open Computer Management, make sure the only enabled users have strong passwords, and set a Setup Password, User Password, and Hard Drive Unlock password in the BIOS/CMOS,
    turn on the computer's TPM Function, and setup BitLocker drive encryption. Shutdown the PC fully when you are not physically present at the keyboard.

    What reason in particular do you have to be concerned with 'Hacking over the wireless' again?

    How about you Disable all Wireless NICs, then open Services.msc and set all Wireless-related services to Disabled, then reboot.

  • First ask yourself, what are you guarding against?

    What guidelines has the client given you, what expectations do they have?
    There's no point in you being so secure that the machine is virtually useless if the client happily stores these files on Dropbox/Google Drive etc.

    Are you guarding against random drive-by hacking, script kiddies and the like, or are you guarding against an advanced persistent threat?
    If you're guarding against the US Govt then your threat model is very different to if you're simply protecting yourself against casual hacking.

    If you're concerned about an APT, then what level of threat do you expect to face? Is this a competitors company that has some guy who knows computers? Is it a multinational corporation with a large budget and a cybersecurity team? Is it a nation state? Is it the US Government?

    The answers to those questions will heavily influence the appropriate course of action to take. If you're worried about casual hacking and the client has provided the files to you via Dropbox, then simply don't connect to any open wifi networks and don't connect to any wifi networks you don't know are secure. Make sure the wifi networks use WPA2.
    If however you are concerned that the Govt. is likely out to get to your secrets, and they're specifically targeting you (as opposed to you being caught in a drift net) then you will want to physically disable the wifi, probably by taking the wifi card out of the laptop - it's likely on a small mezzanine card that is usually easily removed with a small Philips head screwdriver.

  • 1. disable with physical switch on side of machine if possible.
    2. disable in bios if possible
    3. go to device manager and remove the device. remove driver from driver store. go to \windows\system32\drivers and delete any remaining relevant .sys files.
    4. go to device manager/network manager. Right click wireless adapter, hit disable.
    5. remove all entries in windows firewall, set it to block in/out by default, and whitelist required applications. This is the least secure but most convenient of the options be

  • by nns6561 ( 559085 ) on Tuesday March 07, 2017 @10:03PM (#53996887)
    Use a virtual machine to contain Windows 10. Install an operating system and virtual machine software you trust. Disable any wireless interface for that operating system. Put the files in a Windows 10 virtual machine. Do not give the virtual machine access to any wireless interfaces.
  • By using a wire.

    I know this sounds redundant and trite but I'm serious. The question asks about how to not use wireless on Windows 10, yet few people seem to be giving the stunningly obvious advice of not using wireless on Windows 10. Disable the wireless NIC. Don't use wireless. Don't join a wireless network. Tada! You're not using wireless!
  • Either get a laptop with a physical RF-off switch, or remove the wireless card. If you bought a really crappy one, you can still almost always disconnect the antenna.

  • "You need to work on those files on a Windows 10 PC that has a wireless chipset built into it."

    Why must it be on a system with wireless circuitry? Can't be away from your laptop for 5 minutes?
  • When working, unplug the router, Airport your phones, and turn off your Bluetooth on the computer. Turn off any IoT devices. Do not use wireless keyboards or mouse. Buy a faraday phone bag on Amazon because iPhones never fully turn off. Some refrigerators work too if you don't want a paper trail. They make software that you can use to scan for radio signals, which is what wifi and Bluetooth are, just to be sure. Keep one original copy (for emergencies) of the file on one flash drive and the modified, edited
  • I like the position of this article directly below the exposition of the CIA hacks...

    Paai

  • Are you assuming some exploit that allows someone to connect to your computer and start downloading files just because you have a wireless chipset?

    Are you assuming someone snooping sensitive information while you are using a wireless connection?

    The way the article is worded I'm going to say it's the former. Ignore it. Focus on actual risks which will come from the other end of your network connection. Don't assume someone can magically and silently convince your computer to act as an access point, connect t

  • You need to work on those files on a Windows 10 PC that has a wireless chipset built into it.

    You have already lost. You have an NSA/CIA-controlled operating system with wireless communications. The NSA/CIA most likely already have your client files.

  • If turning off wifi in the system is not secure enough for you (that is, if you are afraid of a targetted attack), don't ask here, but go to some security consultant. There are other attack vectors that you might forget, like a good telescope and a camera in the building over the street. Hint: goverment contracts in one company I know are handled in a windowless, steel lined room without any network access on a certified HW.
    • for a copy of their IT Security and Risk Management Plans, and do what those say
    • If they don't have them, offer to develop those products for them (with appropriate cost and schedule impacts)
    • Profit!
  • 1 - Format PC disk

    2 - Install real OS

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins

Working...