Air Gaps......Faraday cages......can a computer be secured?

https://techxplore.com/news/2018-02-air-gaps-impermeable-dont-ben-gurion.html

https://cyber.bgu.ac.il/advanced-cyber/system/files/ODINI_1.pdf

https://cyber.bgu.ac.il/advanced-cyber/system/files/MAGNETO_0.pdf

 

Air Gaps......Faraday cages......can a computer be secured?

Good docs.

But It depends...

eT..

 

Air Gaps......Faraday cages......can a computer be secured?

https://techxplore.com/news/2018-02-air-gaps-impermeable-dont-ben-gurion.html

https://cyber.bgu.ac.il/advanced-cyber/system/files/ODINI_1.pdf

https://cyber.bgu.ac.il/advanced-cyber/system/files/MAGNETO_0.pdf

From electromagnetic snooping, absolutely they can. The TEMPEST teams checked our installations often from DC to light.
https://en.wikipedia.org/wiki/Tempest_(codename)

 

Air Gaps......Faraday cages......can a computer be secured?

Depends on what you define as "secured" and how much you are willing to spend to achieve it.

But at the end of the day a computer has to be interacted with in order to be useful.

So you might put your computer in a mile-deep hole on the far side of the moon with twenty layers of guards and twelve-factor authentication, MRI and CAT scans, plus full-body cavity searches both on the way in and the way out in order to gain access, and you still have the potential for someone with access to simply remember enough highly-sensitive information in order to sell/disclose it and cause a compromise.

 

Would they admit it if they couldn't?

 

Would they admit it if they couldn't?

Would they admit what if they couldn't what?

 

Would they admit what if they couldn't what?

Definitely interested in the answer.

 

Would they admit that they could not secure a machine? If my system had an unshieldable flaw/weakness that no one had noticed...I wouldn't want to admit it.

 

Would they admit that they could not secure a machine? If my system had an unshieldable flaw/weakness that no one had noticed...I wouldn't want to admit it.

The low frequency magnetic fields can be easily stopped with magnetic shielding that's required in the TEMPEST spec. You use very high permeability metals ( MuMETAL) to shunt magnetic field in the ranges that a Faraday cage is ineffective.
http://www.magnetic-shield.com/faqs-all-about-shielding.html

Almost every catastrophic security breach has been caused by a AN/Human MK-1. Hardware security is only part of a total solution.

 

Would they admit that they could not secure a machine? If my system had an unshieldable flaw/weakness that no one had noticed...I wouldn't want to admit it.

That's a completely different question from what you asked originally. And now we need to know whose "they" is.

All kinds of weaknesses and flaws have been disclosed by all kinds of "theys".

 

My questioned asked if a computer could be secured. "They" would be the people responsible for securing it. Not being of a network background or involvement...I have only heard of discovering fault by successful attacks or breaches.

I would assume that contracted analytic security results would be kept private.....even tho corrected. That does not infer that it would not be libraried for others.

Written secure files had breaches of course...but I don't think it compares to the electronic level of breach.

 

It just occurred to me that some of these attacks probably have given programmers new algorithms for other problems....no?

I especially liked the idea of using the accelerometer for keystrokes.

 

My questioned asked if a computer could be secured. "They" would be the people responsible for securing it. Not being of a network background or involvement...I have only heard of discovering fault by successful attacks or breaches.

To some degree this is true by definition. But the attacks are often discovered by non-malicious actors, frequently the people that designed the system in the first place. Often the existence of attack strategies are known long before anyone, on either side, figures out a way to implement a practical attack using that strategy.

I would assume that contracted analytic security results would be kept private.....even tho corrected. That does not infer that it would not be libraried for others.

Written secure files had breaches of course...but I don't think it compares to the electronic level of breach.

While security analyses could be kept private, they often (usually?) aren't. Most things WILL get out, if only because a third party discovers/reinvents the attack and publishes it. Then the original company gets caught with egg on their face when, invariably, it becomes known that they knew about the risk and did not inform their customers in a reasonable amount of time.