Best practices for physically securing a notebook

This should be sufficient at least for the moderately to quite paranoid:

  • Change BIOS settings to boot only from the harddisk, so you can't boot from other devices. Make sure to disable network boot, which is usually in the same menu.
  • Set up a password for changing BIOS settings and for startup, so nobody can get past the BIOS loading screen without resetting the BIOS.
  • Set up automatic shut down when closing the lid (you should be able to do this in the power saving options). That way, intruders will have to go through the BIOS password prompt to get anywhere.
  • Encrypt the whole disk. That way, you'll have to get to the PC while unlocked or to add keyboard sniffing to access anything.

Some more outlandish suggestions:

  • Install a James Bond-type trigger which will be broken if someone opens up the case. Ideally, this should be detectable only by the owner, and should be easy to see.
  • Glue up the ports which are not used.
  • Fill up the insides of the computer with resin or glue, so nobody can install hardware devices there without seriously messing with it. Of course, you might run quite a risk of hardware failure if the machine contains any moving parts.

Without physical security, you can't have strong protection. So I don't know of any very strong, robust security measure for your situation.

But you can mitigate some of the risks. One possible approach is to have two OS installs. One of them should be Truecrypt encrypted with a strong passphrase. The other, not encrypted at all. Before giving the laptop to someone else, reboot to the unencrypted OS instance. This doesn't protect against physical keyloggers or some other threats, but at least it prevents straightforward ways that a malicious user might use to get at your data.


External parts (usb ports, firewire ports, cd drive) are somehow visible. User should watch them. I couldn't find any device that could be inserted inside an USB port and locked with a key: USB ports weren't designed to afford such screwing, so probably putting some lock inside it (physical lock) could cause damage.

To prevent from opening the notebook case: put some seal in every place that you could open using screws. If the seals are somehow personalized, better, so it's hard to replace one after being damaged. There are some seals that can't be removed without destroying themselves.

And be sure that this will only prevent soft spying. If you have informations that you want to hide from NSA, well.. good luck trying. :)

Tags:

Linux

Hardware

Physical

Recent Posts