LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   Need some hardware and security advice (https://www.linuxquestions.org/questions/general-10/need-some-hardware-and-security-advice-4175443579/)

clifford227 12-31-2012 08:57 AM

Need some hardware and security advice
 
I want to buy a Raspberry Pi, but keep it offline and entirely isolated.

I already have an internet desktop system, including a HDMI capable monitor.

I'd like to use the monitor for both RP and internet desktop system, but Im worried that somehow, information from my RP could be retrived onto the internet connected desktop via the monitor.

Is this even possible?

There is a usb hub in the monitor (model is a Dell 2209wa http://accessories.dell.com/sna/prod...p&sku=320-7825).

This worries me too, my monitor: 'Supports Asset Management through DellTM Client Manager'.

Then there is the DVI cable that runs from the monitor to an Nvidia graphics card on the internet desktop.

acid_kewpie 12-31-2012 06:32 PM

"information"?? what does that even mean? If you're firewalled from the net, no one can get into it without you initiating something from your end (albeit potentially unwittingly)

clifford227 12-31-2012 08:13 PM

Quote:

Originally Posted by acid_kewpie (Post 4860356)
"information"?? what does that even mean?

It means the work Im doing on the Raspberry Pi...

michaelk 01-01-2013 12:41 AM

Yes. Not necessarily from the internet but from other forms of eavesdropping devices.

http://en.wikipedia.org/wiki/Tempest_%28codename%29

/dev/random 01-01-2013 01:49 AM

Quote:

Originally Posted by michaelk (Post 4860466)
Yes. Not necessarily from the internet but from other forms of eavesdropping devices.

http://en.wikipedia.org/wiki/Tempest_%28codename%29

If you are really worried about tempest, lead line everything! If the radiation can't escape it can't be read now can it?
Put all wires in lead pipes, with lead cap tops and seal it with soder with the highest lead content you can find.
Hell just lead line the entire room too while your at it... lets see TEMPEST work then.

A KVM switch in a secure place is all you really need for the setup, unless there is a physical keylogger on the KVM switch (assuming its not a crappy software based KVM switch) your fine.

NyteOwl 01-01-2013 02:10 PM

Lead isn't needed. the "radiation" TEMPEST (Van Eck interception) uses in electromagnetic radiation, ie radio waves, not particulate, ir "radioactivity". TEMPEST proofing is an extensive process and can get very expensive. It really isn't worth the trouble unless you are doing something that certain specialized government agencies would be especially interested in - in such case you have bigger problems.

To block such eavesdropping, you have to start by securing all EM fields inside the computer case, the keyboard, the monitor, mouse, KVM and all connected peripherals. You then need to securely shield all cables said equipment is connected to and interconnected with - this includes securing and filtering the power mains. This must be done for every machine on the network. Moving outward, the rooms for such systems are configured as Faraday cages to prevent signal leakage out of, or into, the room.

Oh, and the secured network does not connect to the Internet, except through several more secure layers.

After that you move to physical security ... :)

For some more info along these lines do a search for "Sensitive Compartmented Information Facility" (SCIF).

acid_kewpie 01-01-2013 04:16 PM

Quote:

Originally Posted by clifford227 (Post 4860384)
It means the work Im doing on the Raspberry Pi...

so you've a computer, on a network. Just like millions and millions of other people around the world. that's all. the fact that it's a pi is irrelevant.

clifford227 01-01-2013 07:16 PM

Can a moderator delete this post please.


All times are GMT -5. The time now is 06:09 AM.