LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 12-31-2012, 08:57 AM   #1
clifford227
Member
 
Registered: Dec 2009
Distribution: Slackware 14
Posts: 282

Rep: Reputation: 64
Need some hardware and security advice


I want to buy a Raspberry Pi, but keep it offline and entirely isolated.

I already have an internet desktop system, including a HDMI capable monitor.

I'd like to use the monitor for both RP and internet desktop system, but Im worried that somehow, information from my RP could be retrived onto the internet connected desktop via the monitor.

Is this even possible?

There is a usb hub in the monitor (model is a Dell 2209wa http://accessories.dell.com/sna/prod...p&sku=320-7825).

This worries me too, my monitor: 'Supports Asset Management through DellTM Client Manager'.

Then there is the DVI cable that runs from the monitor to an Nvidia graphics card on the internet desktop.

Last edited by clifford227; 12-31-2012 at 09:03 AM.
 
Old 12-31-2012, 06:32 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
"information"?? what does that even mean? If you're firewalled from the net, no one can get into it without you initiating something from your end (albeit potentially unwittingly)
 
Old 12-31-2012, 08:13 PM   #3
clifford227
Member
 
Registered: Dec 2009
Distribution: Slackware 14
Posts: 282

Original Poster
Rep: Reputation: 64
Quote:
Originally Posted by acid_kewpie View Post
"information"?? what does that even mean?
It means the work Im doing on the Raspberry Pi...
 
Old 01-01-2013, 12:41 AM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 11,851

Rep: Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737Reputation: 737
Yes. Not necessarily from the internet but from other forms of eavesdropping devices.

http://en.wikipedia.org/wiki/Tempest_%28codename%29
 
Old 01-01-2013, 01:49 AM   #5
/dev/random
Member
 
Registered: Aug 2012
Location: Ontario, Canada
Distribution: Slackware 14.1, LFS-current, NetBSD 6.1.3
Posts: 119

Rep: Reputation: 38
Quote:
Originally Posted by michaelk View Post
Yes. Not necessarily from the internet but from other forms of eavesdropping devices.

http://en.wikipedia.org/wiki/Tempest_%28codename%29
If you are really worried about tempest, lead line everything! If the radiation can't escape it can't be read now can it?
Put all wires in lead pipes, with lead cap tops and seal it with soder with the highest lead content you can find.
Hell just lead line the entire room too while your at it... lets see TEMPEST work then.

A KVM switch in a secure place is all you really need for the setup, unless there is a physical keylogger on the KVM switch (assuming its not a crappy software based KVM switch) your fine.
 
Old 01-01-2013, 02:10 PM   #6
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
Lead isn't needed. the "radiation" TEMPEST (Van Eck interception) uses in electromagnetic radiation, ie radio waves, not particulate, ir "radioactivity". TEMPEST proofing is an extensive process and can get very expensive. It really isn't worth the trouble unless you are doing something that certain specialized government agencies would be especially interested in - in such case you have bigger problems.

To block such eavesdropping, you have to start by securing all EM fields inside the computer case, the keyboard, the monitor, mouse, KVM and all connected peripherals. You then need to securely shield all cables said equipment is connected to and interconnected with - this includes securing and filtering the power mains. This must be done for every machine on the network. Moving outward, the rooms for such systems are configured as Faraday cages to prevent signal leakage out of, or into, the room.

Oh, and the secured network does not connect to the Internet, except through several more secure layers.

After that you move to physical security ...

For some more info along these lines do a search for "Sensitive Compartmented Information Facility" (SCIF).

Last edited by NyteOwl; 01-01-2013 at 02:16 PM. Reason: Fixd typos
 
Old 01-01-2013, 04:16 PM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Quote:
Originally Posted by clifford227 View Post
It means the work Im doing on the Raspberry Pi...
so you've a computer, on a network. Just like millions and millions of other people around the world. that's all. the fact that it's a pi is irrelevant.
 
Old 01-01-2013, 07:16 PM   #8
clifford227
Member
 
Registered: Dec 2009
Distribution: Slackware 14
Posts: 282

Original Poster
Rep: Reputation: 64
Can a moderator delete this post please.

Last edited by clifford227; 01-01-2013 at 07:26 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Need advice regarding security on Fedora 15 species3618 Linux - Security 10 05-09-2012 07:38 AM
Hardware advice. YellowSnowIsBad Linux - Virtualization and Cloud 2 01-21-2011 04:45 PM
Looking for some security advice! Alnitak Slackware 6 09-22-2010 10:36 PM
Going for my CompTIA Security+ . Any advice? Micro420 Linux - Certification 6 02-12-2007 12:32 AM
Noob security advice Fiend Linux - Security 3 08-28-2004 08:46 PM


All times are GMT -5. The time now is 11:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration