Hacker News new | past | comments | ask | show | jobs | submit login

Maybe for military bases and such, but I was thinking more in the world of finance, where computers are pretty locked down to prevent people from taking valuable code for predicting stock prices or high frequency trading. In those cases, people most certainly have their phones with them, but the workstations have USB disabled, the network is closely monitored (with nearly all file sharing sites blocked completely), and anything suspicious will show up in logs.



Friends of mine who work in high-security finance have told me about some fairly exotic things. Desoldering USB ports. Epoxying cable connectors into their sockets (to prevent easy removal - without chance of significant cable/device damage leading to investigation of issue).

I can only imagine the stuff that goes on at places like the NSA and CIA where the stakes are extremely high.


Isn't it easier to store all the computers in a secure room and then just have cable runs to the peripherals?

This gets rid of most physical tampering attempts. The only one left is that the employee could cut the cord of the mouse and jerry-rig a small USB port. You could get around this by forcing the use of PS/2 connectors.


And then people would ex-filtrate data by toggling the numlock light programmatically.


Imagine being the guy who has to fix those computers when they break and finding only solutions like "just plug in this USB stick and boot from it to run this fix utility..." or the everpresent assumption that the machine is connected to the Internet 24/7.


You don't fix them.

You bring in an entirely new machine, and the old one is securely destroyed.


Oh yeah, like getting a new machine through purchasing and certified for the SCIF is a walk in the park...


You have a stock of prepared, vetted replacement machines.

You can replenish it slowly after you have just handed over a replacement.





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: