Need some hardware and security advice
I want to buy a Raspberry Pi, but keep it offline and entirely isolated.
I already have an internet desktop system, including a HDMI capable monitor. I'd like to use the monitor for both RP and internet desktop system, but Im worried that somehow, information from my RP could be retrived onto the internet connected desktop via the monitor. Is this even possible? There is a usb hub in the monitor (model is a Dell 2209wa http://accessories.dell.com/sna/prod...p&sku=320-7825). This worries me too, my monitor: 'Supports Asset Management through DellTM Client Manager'. Then there is the DVI cable that runs from the monitor to an Nvidia graphics card on the internet desktop. |
"information"?? what does that even mean? If you're firewalled from the net, no one can get into it without you initiating something from your end (albeit potentially unwittingly)
|
Quote:
|
Yes. Not necessarily from the internet but from other forms of eavesdropping devices.
http://en.wikipedia.org/wiki/Tempest_%28codename%29 |
Quote:
Put all wires in lead pipes, with lead cap tops and seal it with soder with the highest lead content you can find. Hell just lead line the entire room too while your at it... lets see TEMPEST work then. A KVM switch in a secure place is all you really need for the setup, unless there is a physical keylogger on the KVM switch (assuming its not a crappy software based KVM switch) your fine. |
Lead isn't needed. the "radiation" TEMPEST (Van Eck interception) uses in electromagnetic radiation, ie radio waves, not particulate, ir "radioactivity". TEMPEST proofing is an extensive process and can get very expensive. It really isn't worth the trouble unless you are doing something that certain specialized government agencies would be especially interested in - in such case you have bigger problems.
To block such eavesdropping, you have to start by securing all EM fields inside the computer case, the keyboard, the monitor, mouse, KVM and all connected peripherals. You then need to securely shield all cables said equipment is connected to and interconnected with - this includes securing and filtering the power mains. This must be done for every machine on the network. Moving outward, the rooms for such systems are configured as Faraday cages to prevent signal leakage out of, or into, the room. Oh, and the secured network does not connect to the Internet, except through several more secure layers. After that you move to physical security ... :) For some more info along these lines do a search for "Sensitive Compartmented Information Facility" (SCIF). |
Quote:
|
Can a moderator delete this post please.
|
All times are GMT -5. The time now is 06:09 AM. |