I was wondering what the people of Valhalla do to keep their hardware safe because you could have the most secure OS in the world but if people get to the hardware you are screwed for example i keep medium sized deadbolts on my desktops so no one can take a peek what is inside and also so no one can say sneak in and carry it out(even though my desktop ways like a ton) while for my laptops i always keep the T-lock handy. I actually plan to invest in a good lock for my room door for when im out of the house.
I just don't let people into my apartment .
But if I had a nice desktop computer, I'd consider finding a big, old, shitty ugly box for it. That way if someone breaks into your place they take a quick look at it and think "not worth stealing" because they'd never boot it up and check the specs.
You let me in your apartment Ynori7
The Idea with the box in the box is great.
There are some steps that users can take to secure or otherwise protect their data - not necessarily protect their hardware but hey... Better than just securing their machine to the desk. Some of my following suggestions will be blindingly obvious, others more complicated.
The first thing to do is apply BIOS, boot and hard disc passwords for booting, and change the boot order such that no booting from external media or network is possible. A desktop machine some BIOS chips can be swapped out or even reprogrammed with minimal extra effort or hardware. Most Laptop BIOS's are more difficult to overwrite or change anyway.
The second is to have encrypted filesystems or completely encrypted discs (There is a difference).
The third thing you can do, for the super-paranoid amongst you, in the case of a desktop machine is actually install a break-to-make switch on the case, such that when removed you can automatically wipe the magnetic discs (Think big electro-magnetic pulse, physically a large flat inductor and a large capacitor should do). Some have even used small explosives to destroy their discs in such an event, where data is super sensitive. Obviously some scheme for disabling it is a nice for any hardware changes/clean outs but this introduces another flaw in the principle of hardware/data protection.
If you have an SSD, well, you could hook up a 32bit micro controller with some form of disc interface and just overwrite the entire thing once and it's gone - which shouldn't take too long anyway. For a continuous magnetic disc surface is a continuum thus to remove all traces of data the whole disc surface needs to have been overwritten, several olverwrites are necessary and they're typically slower.
This is because, simply overwriting with one pass may only demagnetise a small portion of the written data region on the disc. Whilst the data may not be easily read, it can be recovered with more careful control and changed alignment of the read/write head that data forensics would be equipped to recover the data.
I have read of some who encrypt their drives and keep a custom boot loader on removable media. A good idea at first glance, but facilitates booting of other operating systems which doesn't prevent data from being copied or drives being cloned, thus I feel it worse from a general data security point of view.
Just my two cents.
awesome post Jim. thumbs up!