Forwarded from: matthew patton <pattonme@private> wow, nobody mentioned using VMWARE? Granted it's less desirable and clean cut (think KISS) than 2 hard drives but the "classified" VM can be stripped of it's ability to cut/paste and share network/devices with the host OS. All files could be saved on an AES/3DES encrypted disk "image". Even better to require a fingerprint and/or say the CAC card to unlock the filesystem. Let's see, slim-line 80GB USB hard drives cost what, $160 from CompUSA et. al? USB hard drives are bootable now from moderately recent BIOS ROMs and even if they weren't, it would not be very hard to create one of those credit-card CDROM images that will bootstrap enough of a kernel to get access to the USB subsystem and then invoke the bootloader of the red or green disk that's plugged in. Along the lines of "specialized" hardware, there's the ol' KVM trick applied to hard drives. Say the onboard HD is UNCLASS and there is a little toggle switch that electrically activates the inside or slotted one. I think I've seen 2" HD slots in place of (or in addition to) PCMCIA slots in some laptops. Even if not, I'm sure at least one big player would jump at the opportunity to offer a product to the US Govt. The easiest circuit to turn on/off would be the power feed. So even if both HDs were plugged into their bays only one would have electricity. Pin them both "master" and there'd be no way for them to coexist even if both managed to get power. But the article makes a vital point throughout - it ALL depends on a userbase that doesn't screw it up. Something tells me not to ever underestimate the creativity of the stupid. _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Oct 11 2005 - 21:25:08 PDT