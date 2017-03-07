Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking? 42
dryriver writes: A client has given you confidential digital files containing a design for a not-yet-public consumer product. You need to work on those files on a Windows 10 PC that has a wireless chipset built into it. What can you do, assuming that you have to work under Windows 10, that would make 3rd party wireless access to this PC difficult or impossible? I can imagine that under a more transparent, open-source, power-user OS like Linux, it would be a piece of cake to kill all wireless access completely and reliably even if the system contains wireless hardware. But what about a I-like-to-phone-home-sometimes, non open-source OS like Windows 10 that is nowhere near as open and transparent? Is there a good strategy for making outside wireless access to a Windows 10 machine difficult or impossible?
Don't use wireless (Score:1)
First post
move the PC (Score:2)
Virtualization (Score:2)
Re: (Score:2)
I was thinking about recommending something like this but realized that Windows 10 might be a prerequisite because of some application needed to work with the files. That would then mean finding a way to provide the host OS access to the guest OS's filesystem in order to access those files.
I would be much more inclined to run Windows as a VM on a Linux box as the host OS, and to restrict stuff before Windows ever boots up.
Re: (Score:2)
Two options immediately suggest themselves: (Score:3)
1) Don't set up an access point. If you still need an access point, set up a encrypted one (which you should do anyways) and don't give the isolated PC the keys. WiFi isn't magic; if there's no place for it to go, it's not going to go anywhere.
2) Put a Faraday cage around the antenna. This could be as simple as wrapping it in foil.
Re: (Score:2)
Shielding the WiFi antenna (or the whole device) is the only way to be sure its secure.
You cant trust any software solutions or any hardware on-off switches installed by the manufacturer.
Re: (Score:1)
You cant trust any software solutions or any hardware on-off switches installed by the manufacturer.
Especially if today's Wikileaks dump is true.
Bios settings (Score:3, Insightful)
Most (all excluding Apple?) laptops wil allow you to turn off / disable the wireless chipset in the bios. Many also have a physical kill switch on the side of the case.
Barring some wikileaks sort of tomfoolery from the CIA, this should stop any network access (assuming you also don't plug in a network cable).
Disable the interface (Score:2)
Disable the wireless interface in the device manager. Or, look for the switch on the side of the computer that turns of the wireless, if it still has such a thing.
Re: (Score:2)
Re: (Score:2)
It might also be possible to disable it in the BIOS.
Or if you're going through the effort to remove it, you might just unhook the tiny little connectors that connect the antennas to it.
Re: (Score:2)
Okay, I'll take a shot...
Maybe that orange mass on his head isn't hair. Maybe it's a finely woven copper Faraday cage.
Air gap it when data is connected (Score:2)
Put all the critical files on an external drive that is only plugged in when the system is isolated. Not perfect, but with good higene and an innocuous configuration on the base it should be fine.
Re: (Score:2)
Sounds like this is a developer. Good hygiene may be a problem.
If you're that paranoid.. (Score:3)
Re: (Score:2)
Re: (Score:2)
I donno, there has to be a twist...
Probelm identifaction (Score:2)
on a Windows 10 PC First problem
that has a wireless chipset built into it Second problem.
1. Don't work on sensitive issues using Windows of any version. Explore a windows VM under a more secure hypervisor where the guest cannot override the host on hardware or network issues.
2.Don't work on sensitive issues using a system with communications ability that does not use a verified hardware kill switch. EG: Avoid systems that use software to check the hardware switch to disable. Use hardware that uses a hardwar
Not enough info (Score:1)
1) Disable NIC in Windows
2) Disable NIC using the hardware switch
3) Disable NIC via BIOS
4) Remove NIC from PC
5) Use WPA2-Enterprise
6) Turn off PC
IDK, what are your constraints?
Relax and disable the wireless (Score:2)
Use more ethernet (Score:2)
Use ethernet for internal networks.
Ethernet for any internet connected computer.
Buy laptops or desktops with ethernet. If you need wifi for some new device, use it with caution and limit any files that get moved by wifi.
If you need "I-like-to-phone-home-sometimes" turn on wifi for that, let a device do its connection. No need to connect all your file
airplane mode (Score:2)
turn on airplane mode.
Some PCs have a physical switch that turns off all the wireless. If you have one of those, switch it off. Files can be transferred over bluetooth, as well.
unplug the antenna (Score:2)
Disconnect the antenna, disable the interface (Score:2)
Just Google the model of the laptop in question and teardown, example, "thinkpad yoga teardown"
Many laptops still use WIFI+Bluetooth cards [myfixguide.com] which can be physically removed. The antenna wire runs directly to the module and can be removed disabling the antenna if you don't want to pull the module.
Even the newer Yoga's have WIFI modules [myfixguide.com] which can be physically removed.
So if you want to make outside WIFI access difficult or impossible, remove the module and it will be impossible. Plug the laptop into physical
access control (Score:1)
First make sure the windows firewall is enabled, and the inbound is set to block. you can also use device manager to disable the wireless devices if you want. but
that wont stop malware from doing an outbound connection.
but here the short list:
1 use ciscos opendns and configure the web security rules.
2 decent AV/security software
3 malwarebytes
4 chrome
5 block flash and ads, use WOT plugin
6 UAC set to full do not run as admin
-Nex6