I'd like to know if there's a tool that can Wipe a hard drive if an intruder is detected (for example by entering a wrong password, etc). I searched with no specific results. Appreciate the help…
I'd like to know if there's a tool that can Wipe a hard drive if an intruder is detected (for example by entering a wrong password, etc). I searched with no specific results. Appreciate the help…
Many higher end IDS systems should allow for the execution of an external program when an intrusion is detected - but be aware - IDSs are not perfect, and generate many false positives, which means your data may be wiped by accident.
I would use full hard disk encryption with pre-boot authentication instead. Coupled together with IDS or security policy to shut-down upon a trigger event.
A good free program to do full hard disk encryption with pre-boot authentication is TrueCrypt. Completely free to install and use with many options to keep people out.
I was wondering if there's a software that has some kind of distress password upon when entering it, a wiping routine starts. That was the aim of the post, sorry for the mix up.
"Your mission, Jim, should you decide to accept it, is… As usual, should you or any member of your I.M. Force be captured or killed, the secretary will disavow any knowledge of your existence. This tape will self-destruct in five seconds. Good luck, Jim."
While things that self destruct are cool in the movies, there are plenty of encryption programs that in essence wipe out your data after X number of tries. Not as cool as a melting HDD, but much faster.
As MMachor noted TrueCrypt might be an avenue to explore.
Ummm, sorry if this question seems dumb, but why exactly would one need a wiping routine to be triggered by an IDS, as in an Intrusion Detection System, when the whole purpose of an IDS is to sit back and record the failed (and/or successful) attempts and keep records as (some form of) evidence?
Cheers
DarkSYN
Just curious about the subject
Many higher end IDS systems should allow for the execution of an external program when an intrusion is detected - but be aware - IDSs are not perfect, and generate many false positives, which means your data may be wiped by accident.
I'd have to almost agree -) The open source IDS Snort has the ability to call an external program, write to a listening UNIX socket and so on, you could also just have a background job looking at IDS (or any other) logfiles looking for the signal to activate. In the case of incorrect passwords, I'd suggest that this might be a better method, as the IDS systems that I have come accross tend not to look for this activity directly either being more interested in files being changed ( TripWire type ) or in network activity ( Snort type ). I'm not saying that there aren't IDS that do this, rather that I have no direct experience of dealing with them.
In terms of duress code, which has been mentioned, I'd suggest that TrueCrypt is probably the best solution - you can figure out why yourself if you have a look at their website. Their solution is also considerably less likely to get you strapped to a chair without a seat when they figure out ( fairly easily from the whiring disk and the lack of data ) that you just wiped the disk …
I'd suggest in general though that such action, whilst perfectly technically possible, is largely irrelevant. People who want data from the disk would image it first before doing anything, and people who are dumb enough to try the password wouldn't get past a reasonable level of encryption in any case.
Hope this quenches your curiosity. -)
Just for the record, actually wiping a whole harddisk, even with a single pass of 00's takes at least several minutes or even hours for big drives, I guess that a knowledgeable intruder will cut the power off the drive in a bunch of seconds, before taking with himself the drive, and later recover most if not all the needed info.
The fastest method should be the internal HD Erase Protocol, that anyway is described as taking 30รท45 minutes
http//
http//
Normal Secure Erase
Secure erase is called Security Erase in the ATA disk specification and Secur ity Initialize in SCSI. The
command must cause an overwrite operation that stores random bits in all user accessible blocks on storage
media. The overwriting user data itself need not be random if the device randomizes user bits before media
storage.The current ATA specification for Normal Erase mode states that the SECURITY ERASE UNIT command
shall write binary zeroes to all user accessible data areas. (ATA reassigned blocks are not user accessible
because they have no user address). This level of erasure is excellent for fast erasure, although it does not
precisely follow the three writes called out in DoD 5220. CMRR verification testing (below) showed that the
erasure security is at the level of DoD 5220, because drives having the command also randomize user bits
before storing on magnetic media. In-drive block verify is via internal write fault detection hardware, which
takes no additional time thus increases user willingness to use the command. The three block writes of DoD
5220 plus verify can take far longer than the secure erase command. CMRR test times were up to days but the
drive normal Secure Erase can complete in 30-45 minutes.
If you want something fast and secure, you need a hardware device of some kind, like a high strength magnetizing coil, an extremely intense heat source or both.
jaclaz