A few weeks ago I saw an interesting post on slashdot about the steps someone had taken to harden their laptop. Upon reading the summary on slashdot I made a mental note to read the article later. I expected to find some parts of his setup insufficient, but it turned out to be pretty comprehensive. There are plenty of hardening guides out there, but this blog entry did a really awesome job explaining the specific attack vectors he was trying to counter including:
- Simple Theft
- Evil Maid
- DMA Attacks (like via firewire)
- Browser Attacks
- Using untrusted networks
Summary of the article.
He used some really cool things like TRESOR, OpenVPN, and the OpenPGP card. The only thing I would have done additionally is look into using something like SELinux or AppArmor. Also, all the newer hardware with TPM stuff is really interesting. I'd like to look into that.
Anyway, I just thought it was a good read and wanted to share it.