Author Topic: Thinking about setting up a dedicated "secure PC" in my house.. Thoughts? (Read 18204 times)

mouser · « **on:** September 27, 2009, 02:46 AM »

Lately I've been thinking that the price of laptop/netbook PCs is cheap enough to warrant a dedicated "secure PC" in my house, and wanted to get some feedback and exchange ideas with others about this concept.

Essentially what i'm thinking is this:

The purpose of this PC would be to connect to my financial accounts (bank, creditcard, paypal), and to do logins on the servers (and websites) i work on that i have a dangerously high level of access to (ie root access, etc.)
It would be a PC for which security is the top most priority - with the absolute bare bones software installed on it, always kept fully updated religiously, left OFF most of the time, only connected to the web when needed.
No plain text passwords stored on it -- but instead a good encrypted password manager.
Might use full drive encryption so that even if stolen, the data would not be accessible.
This PC would not be used for general surfing, houseguest use, etc.

In summary, what i'm thinking is splitting off all of the things i do on my main PC that require a sensitive login, and putting those on a separate laptop PC which is used for no other purpose and would thus be much less likely to be vulnerable.

Thoughts? Anyone else already do this?

mouser · « **Reply #1 on:** September 27, 2009, 02:47 AM »

One way to do this that would not require a separate laptop, would be to set this up as a virtual machine instead of on a physical device.

stitched · « **Reply #2 on:** September 27, 2009, 03:05 AM »

I have found some amazing deals with off-lease computers. Ubuntu, Linux Mint or another easy *nix might be suitable for you for these purposes.

mouser · « **Reply #3 on:** September 27, 2009, 03:10 AM »

what is "off-lease" ?

stitched · « **Reply #4 on:** September 27, 2009, 03:16 AM »

When the IT Dept gets rid of computers they either trash the hard drive and throw them away or give them to a recycling computer company to hipe the HD and resell them. You should look into it.

housetier · « **Reply #5 on:** September 27, 2009, 07:38 AM »

There is a dedicated linux distribution for home banking and similar sensitive tasks. Bankix is supposed to boot from CDROM and won't write to hard disks. The instructions are in German though...

40hz · « **Reply #6 on:** September 27, 2009, 07:41 AM »

Do it. I do.

If you have your system set up with swappable hard drives drives, you could also give your financial and other hyper-personal stuff its own drive and not need a separate box. If you're like most people, you're probably not accessing your financial info so often that doing a drive swap would be all that inconvenient.

While you're at it, why not also set up second a machine (real or virtual) and use that exclusively for all your other web browsing and email. That way you confine all your major online risks to that one machine.

And for absolute overkill, you could also use one of the secure 'live' NIX distros. Just boot from that for general purpose web use. Just like a virtual machine - only geekier!

Ahhh...options! Gotta love it.

<EDIT: whoops! houstier beat me to it!

>

f0dder · « **Reply #7 on:** September 27, 2009, 11:54 AM »

Sounds like a good idea, mouse-man.

Get a netbook, set up a non-admin account on it, and indeed go for TrueCrypt FDE in case the machine is stolen.

basementjack · « **Reply #8 on:** September 27, 2009, 05:40 PM »

I like the idea!
I had been thinking of doing something similar.
I planned to use some form of linux that was bootable from CD.
My dlink router shows all open connections to the network, so it would be easy enough to see if it opened any back doors.
For the ultra paranoid, you could plug it into a hub then sniff the traffic on a second PC and watch what was happening.

OldElmerFudd · « **Reply #9 on:** September 27, 2009, 07:33 PM »

When the IT Dept gets rid of computers they either trash the hard drive and throw them away or give them to a recycling computer company to hipe the HD and resell them. You should look into it.
-stitched (September 27, 2009, 03:16 AM)

Check Tiger Direct for off-lease deals. Best I've found.
http://www.tigerdirect.com/

SchoolDaGeek · « **Reply #10 on:** September 28, 2009, 08:20 AM »

I have found www.gearxs.com to have really low prices on everything. You can get a computer for $57.88 there.

mouser · « **Reply #11 on:** September 28, 2009, 10:13 AM »

I have a question for those who use whole-disk encryption: Do the whole-disk encryption schemes only do their thing at boot time -- so if the system were to go into standby or hibernation, and wake up, would everything be decrypted and stay decrypted until next boot? or do you have an option to have a timeout period after a few hours when the encryption can kick in again, etc.

I ask because I thought it might be a nice coding snack to request if not -- something that for example forced a laptop to reboot after waking from standby if some action wasn't taken immediately afterwards.

f0dder · « **Reply #12 on:** September 28, 2009, 04:31 PM »

mouser: with FDE, everything is encrypted all the time - that's the beauty of it. There's no time when decrypted data is available on disk, only in RAM.

TrueCrypt has options to dismount volumes on user log-off and power-saving modes. That obviously won't work for your system partition, but that's protected by your regular windows user logon password (as far as I understand, you want to protect against burglars, not NSA and other people who can launch cold attacks against your RAM blocks to extract your decryption keys

).

mouser · « **Reply #13 on:** September 28, 2009, 04:41 PM »

well what i was thinking in general is, if you have a laptop that you essentially never reboot -- ie you always close to standby and wake from standby (for quick access), then essentially any hard drive encryption that is unlocked at boot time is going to be mostly useless if your laptop is stolen and they dont reboot it, but merely resume from standby.

f0dder · « **Reply #14 on:** September 28, 2009, 04:42 PM »

Useless, why? You'll obviously want to not change the Windows default of "prompt for password when resuming from standby"

longrun · « **Reply #15 on:** September 28, 2009, 09:57 PM »

As one of the foremost experts on unnecessarily complicating one's life I would like to offer a slightly different perspective.

Setting up such a PC has non-monetary costs. You'll have another PC to maintain, and the more complicated the system the more likely you are to make mistakes and the less time you'll have for other pursuits. If you use PayPal or banking fairly often, do you really want to have to go to another PC? When do the small risks justify extraordinary measures? For example, the consequences of having the websites you maintain hacked would be far greater than those of a fraudulent credit card transaction for which you wouldn't be liable.

Have you taken all the simpler steps first? Do you already use non-text, maximum-length, encrypted passwords? That doesn't require another PC.

If you're worried about banking and credit cards, have you taken all the steps you should take whether or not you set up a security PC, such as:

-setting up alerts on your accounts for transactions exceeding a certain amount
-monitoring your credit reports up to 3x a year for free
-setting up fraud alerts with the credit reporting agencies
-using virtual credit card numbers if you have any doubt about the vendor

If you're worried about the consequences of burglary, have you properly secured your house? Your data may be safe with FDE, but it's still a hassle to lose your stuff.

Have you thought about where the greatest risks actually lie? For example, I've used PayPal, eBay, and online banking extensively for years and have never had a problem, but I've had a couple of fraudulent transactions on a credit card I don't use online. Also, someone tried to open a Capital One account using my mother's information, and she's never touched a computer.

How often has your computer actually been infected with malware? I used to obsess about security software, etc. until I finally realized this just hasn't been a problem for me.

If you do decide to go ahead, I like the idea of a virtual machine (a cheap, simple, and convenient option). I dislike the idea of off-lease equipment (that is, equipment that was leased rather than bought, used for the lease period (often 3 years), and returned). Security and reliability are inextricably linked.

I don't mean to disparage your idea. Those of us who like to tinker with computers are inclined to think of adding new equipment as a solution. Setting up a security PC isn't a bad idea; it's just not the first idea one should consider.

app103 · « **Reply #16 on:** September 28, 2009, 10:14 PM »

Why a dedicated PC? Why not keep everything (OS included) on a bootable USB thumb drive? Then you can keep the drive locked away securely in a safe or something.

Pop it into whatever computer you want to use it with & boot it up.

Another idea is to just get yourself one of these: http://www.thinkgeek...drives-storage/99f1/

paarkhi · « **Reply #17 on:** September 29, 2009, 04:30 AM »

my humble suggestion would be Virtual OS and logging it from there as suggested by some members.
Booting from Linux and surfing is also a good option but little painful (But if you are paranoid about your security then OK)

Nod5 · « **Reply #18 on:** September 29, 2009, 11:47 AM »

This is a very good idea mouser. You mentioned two alternatives: a separate computer or one computer with virtualization software. A third to consider is one computer with a physical SATA switch, like this one http://www.thesataswitch.com/ , to switch between two separate (sets of) harddrives. I have a switch like that but for PATA. Pic above website:

drawbacks:
- you can't flip between host/virtual OS, you must shut down and reboot
- requires tinkering/soldering

advantages:
+ less costly and space consuming than buying an extra computer
+ more complete separation between the two systems compared to virtualization software (First, the software might have bugs that allow things to break out of the guest OS into the host. Second, if malware makes it onto the host then it might be able to keylog, do screenshots etc in the guest OS window too. The risk for that is low I think, but why not remove it if it comes easy.)
+ requires tinkering/soldering

Netbooks are becoming so inexpensive now that getting an extra one might be the overall best option though. You get better portability. With a separate computer you can also use some KVM switch to use the same keyboard, mouse and screen for regular and secure PC.

It sounds like your intended use is mostly online transactions and server stuff, not things that need very specific applications. Then consider using some minimal Linux variety like Xubuntu or an even lighter one. That will cut down boottime compared to XP. The vanilla Ubuntu alternative installer CD has full disk encryption options so chances are the xubuntu one does too.

One more thing to consider: putting both the secure PC and another PC on the same LAN makes the secure PC more vulnerable to possible malware on the regular PC. Is there some easy way to separate them?

mouser · « **Reply #19 on:** September 29, 2009, 12:06 PM »

Thanks for all the great suggestions -- I hoped this thread would be useful to others as well who might be considering a similar idea.

Let me help rule out some of the possible suggestions based on my experiences.

While I love the idea of swappable/switchable hard drives and use them for my external usb backup storage, I don't think this is a viable option for what I want here -- nor is a bootable cd/usb.

The reason is simple -- I don't want to have to turn off my main pc that I am working on -- and I have to be able to quickly turn on this other pc (whether virtual or real).

The virtual machine approach is still very much in consideration -- as it offers a good combination of secure isolation, and quick resume/sleep. It also allows very quick backup/restore.

4wd · « **Reply #20 on:** September 29, 2009, 07:46 PM »

Another idea that could appeal to the geek in you

Install a VIA Artigo a1000 into a spare 5.25 bay and use a KVM to switch.

Thinking about setting up a dedicated "secure PC" in my house.. Thoughts?

mouser · « **Reply #21 on:** September 29, 2009, 10:03 PM »

that is cool.

Stoic Joker · « **Reply #22 on:** September 29, 2009, 10:28 PM »

I actually do the exact opposit; I maintain a secure network (domain), no one touches my primary machine, and anything questionable I need to do is done on a throw-away VM that I always keep running (usually minimized).

While I liked to have many machines to tinker with (at one point), the light bill was getting insane ... So now I'm a huge VPC fan. I've still got one more server (that I'm kinda attached to...) to virtualize then I'll have all 4 in one physical machine.

zridling · « **Reply #23 on:** September 30, 2009, 06:08 AM »

One of the best ideas I've heard in a while. Love the Artico idea, too, 4wd.

mouser · « **Reply #24 on:** September 30, 2009, 01:24 PM »

I actually do the exact opposit; I maintain a secure network (domain), no one touches my primary machine, and anything questionable I need to do is done on a throw-away VM that I always keep running (usually minimized).

this is a reasonable idea too -- and i considered it. but while i am paranoid about what software i install on my main pc, i still do a ton of web browsing from my main pc, so it seems to me that is where i fear the unknown risk factor comes in. so unless i'm prepared to do all web browsing from a virtual pc and not my main OS, i need the sensitive stuff to be elsewhere.