doubt that
How to build a secure computer for storing digital crypto assets
- Thread starter johnarb
- Start date
The way to break in there would involve human mistakes, and they would have to be exploited by someone that is familiar with the infrastructure, which is what normally happens when there is an attack, someone from the inside gives away information. But that is easily handled by removing the privileges to that account that is compromised. All access and actions are recorded in an internal database. In order to be successful with an attack you have to be quick and precise on your target, something really really difficult to do. This is all internal infrastructure.
Every single time servers are compromised - external infrastructure - is because there is misconfiguration that can be exploited. Every single time. And that happens to all OS, regardless of the type.
You don't gain any extra security just by choosing a specific OS, you have to configure that OS in order to make it secure. IT security is very hard to achieve, and very expensive.
The ones that say "Windows is insecure" they just don't know how to configure it.
On the other side the ones that say "Linux is secure by default" have no idea of what they are talking about.
I worked in an office building (we had many) of over 2,000 employees, we had 5 "virus scanner stations" we had dedicated to the task of cleaning out viruses and malware
We had strict AD policies, IT team had full admin access to all the PC's as we're part of the software deployment,upgrade and maintenance team, Users are not allowed to install anything
What you fail to understand is that viruses can be introduced from USB flash and other files brought from outside. Disable all the USB ports? it was considered but upper management never approved it and people email from home files they are not supposed to, because they want to work on nights and weekends, dedicated hard working employees, bravo
I quit over 2.5 years ago, I heard from friends it's a ghost town in the offices, everyone works from home come in 1-2 days a week only, so the problem with Windows viruses probably not as bad anymore, only C19 viruses now
And banks have been hacked, I seem to remember $1B wire transferred out Bangladesh and other remote offices a few years back
All these security systems hardening are no better than Viagra, the real problem is social hackers
We had many campaigns never to share passwords... We work OT after hours and weekends and even though I can login with full admin access, I need to sometimes login as the user for their Windows profile configurations and testing, so I show up at the office right before 5pm, boss already left early, secretary hands me an envelope with not just windows login password and other passwords to other systems including payroll and financial systems, no different if we're working in HR, employees would leave all kinds of passwords under the keyboard
If you call Karen in Accounting, hey Ms. Karen, how you doing? and say you're from IT and need the person's account to so and so system is part of corrupted database and you ask them for their previous password and current password, you'll most likely get it
Talk to your IT team and ask them if they run into Windows viruses at your highly secure Windows domain
Johnny promoted from being a good Samaritan IT guy that resolved problems for free to someone that was part of a 2000 employee firm, in two posts. I smell rubbish here.
Re-read my post, I worked as a computer technician for a living and was the go-to guy for cleaning out viruses for families and friends at no charge
You're clearly not a tech, all you do is speak on high level, we're out in the trenches, dude, we see the battles first hand
PS: Viruses were way down after we switched to corporate version of Sophos about 4 years ago. Prior to that we had McAfee which was shit. We still had the stations but it was dual-purpose for cloning hard drives, you would not understand
Msc Software Engineer, FYI. Not bragging, just saying. I hate my job.
I believe you
All the Engineers at my place of work dismissed bitcoin in 2013... but started getting interested in crypto in 2017, all got rekt
The difference is that they are still working and I'm not and could afford to move to Asia with my family, "living the good life"
It takes certain type of person to have the mental and emotional fortitude to buy and hold bitcoin
Take a look
https://www.citadel21.com/why-the-yuppie-elite-dismiss-bitcoin
We don't believe on Bitcoin for many reasons, but one of the very simple reasons is that it is easily replicated.
Things that have value around the world are unique, there are like 3K copies of Bitcoin. It is too easy to copy.
You are right, Soft Engs don't like Bitcoin, it is a glorified database with a penalty on newly created items. Who would pay money for that? It is like I create a MySQL database and I ask you to pay me money every time you insert a record, hilarious.
It had value when it was unique and was part of a group of people that used it to bypass regulations, or buy items in underground markets, nowadays is just another asset that you can buy with dollars. With many many flaws.
If you look at all big names around Bitcoin they have the same personality, none of them have an engineering background, the ones they understand sofware forked the coin and made something better, like Ethereum, for example.
I wonder if David Kielman was alive and saw what his coin has become to, if he would actually try to exploit it.
Pretty much like Craig has been saying all along, someone with several PHDs, one of them in Security, an eminence in many fields is throwing up every time people talk about their coin. It was never intended to be the most bizarre representation of greed in the markets. It was supposed to be something to create an equal economic system to get rid of the actual rooted one, and it became so much a part of it that it sucks.
So yeah, we don't like shitcoins, because we understand them.
I really like this post of yours. I wish ET had a heart-symbol, instead of a plain liked, I'd smash that heart-symbol in a heart-beat
The notion that any OS can be fully secured by following simple checklists is just wishful thinking.
You need to look at your application and cut the system down to it's bare minimum essentials.
Something like a web browser has an attack surface the size of the moon.
Go through the remaining portions with a fine toothed comb. Then plan for continuous updates. You need to actively screen those updates.
Even then a zero day exploit is possible.
So you need intrusion detection. Distribution of functions to different code bases and systems to limit the effects of a potential zero day, etc.
I don't see how you can realistically do it without a full-time team of multiple people.
Then you have to potential for "spiked" hardware (Snowden) so you probably need to buy many more computers than you actually need and X-ray the boards and de-package the ICs.
Plus you need serious training and vetting for everyone involved.
Physical security and burglar alarms for the facility where to computers are located
If I was handling large amounts of crypto I would start with requirements for classified data processing and then beef up from there.
Read "Harpon" for some examples of how the Israelis used to get access to the records of banks involved with terrorist financing.
Trying maintain a fully secure system as a single individual is not going to happen. Over a 10 year period, with the benefit of 20/20 hindsight you're virtually guaranteed to find out that at some point there was a zero day exploit that applied to your system.
My best suggestion would be keys on a laptop with no networking he that lives it's life in a safe and is only used to sign messages after manually typing in the hash of the message to sign. Make that a safe deposit box if you don't want to be a target for a home invasion.
You need to look at your application and cut the system down to it's bare minimum essentials.
Something like a web browser has an attack surface the size of the moon.
Go through the remaining portions with a fine toothed comb. Then plan for continuous updates. You need to actively screen those updates.
Even then a zero day exploit is possible.
So you need intrusion detection. Distribution of functions to different code bases and systems to limit the effects of a potential zero day, etc.
I don't see how you can realistically do it without a full-time team of multiple people.
Then you have to potential for "spiked" hardware (Snowden) so you probably need to buy many more computers than you actually need and X-ray the boards and de-package the ICs.
Plus you need serious training and vetting for everyone involved.
Physical security and burglar alarms for the facility where to computers are located
If I was handling large amounts of crypto I would start with requirements for classified data processing and then beef up from there.
Read "Harpon" for some examples of how the Israelis used to get access to the records of banks involved with terrorist financing.
Trying maintain a fully secure system as a single individual is not going to happen. Over a 10 year period, with the benefit of 20/20 hindsight you're virtually guaranteed to find out that at some point there was a zero day exploit that applied to your system.
My best suggestion would be keys on a laptop with no networking he that lives it's life in a safe and is only used to sign messages after manually typing in the hash of the message to sign. Make that a safe deposit box if you don't want to be a target for a home invasion.