Securing Privacy Part 1: Hardware Issues
by Scott Granneman
|Securing Privacy, Part One: Hardware Issues
last updated April 11, 2002
When asked about efforts to combat the tracking of Internet users, Scott McNealy of Sun famously replied, "You have zero privacy anyway. Get over it." Despite McNealy’s flippant attitude towards privacy, it remains a highly contentious issue, with the potential to affect many aspects of individuals' personal and professional lives. Furthermore, the ability to protect their own proprietary information, and to ensure the protection of their customers' crucial data, may mean the difference between success and failure for many organizations.
While Internet users may not be able or entitled to control information about them that is held by third parties, they can still take steps to ensure the protection of their privacy. It's never too late to begin safeguarding your privacy. This is the first of a series of three articles that will examine privacy concerns regarding hardware, then software, and then finally the Internet in general. This installment will examine hardware-based privacy issues, specifically: hardware solutions for small networks and wireless devices, hardware-based spyware, and some attempts by hardware vendors to infringe upon users' privacy.
Hardware-Based Protection – Firewalls and Routers
The point at which the Internet and a computer network meet form the perimeter, the key point of network defence. Even if there is only one computer in a SOHO (Small Office/Home Office) environment, that constitutes a network. In the military, sentries secure a perimeter by making sure anyone who wants to enter the area is supposed to be there. Networks require a sentry at their perimeter as well.
That's where a combination router-firewall comes in. Just as a firewall in a car protects the driver from any flames in the engine area, a firewall on a network protects the internal network from any unsolicited attempts to get inside. It's the sentry on the perimeter that won't let allow unauthorized traffic to pass. (For a more in-depth look at firewalls, please see the SecurityFocus article Firewalls for Beginners.)
A router is more difficult to explain. Let's say there are three separate computer users on a network. Each, working from his own computer, requests a different Web page. All three requests go out through the router at the same time and, a few seconds later, replies pour back in. Since information must be broken down into individual packets of data to travel over the Internet, and since those individual packets - hundreds or even thousands of them - can each take different paths, the packets from the three Web pages are all jumbled together as they stream back into your network. (For a more in-depth look at the way e-mail and Web pages work, please see the SecurityFocus article A Beginner’s Guide to the Internet.). In the case of a network, a device called a router is responsible for guiding the packets to their destination: as it receives the flood of packets that the three users requested, it sends each packet to the appropriate computer.
Router-firewalls protect the privacy of small network users because they help to secure the network using a protocol called NAT (Network Address Translation). Basically, NAT hides the computers from the rest of the Internet and uses the router-firewall as a mediator for all communication to and from the Internet. If a cracker can't break into a the network, he can't rifle through the personal documents, financial records, or other vital information that resides on that network. Thus the confidentiality of the data stored on the computers on that network is secured.
The nice thing about router-firewalls is that they are operating system-independent. It doesn't matter if the network consists of Windows, Mac OS, & Linux computers - all will be protected by an efficiently guarded perimeter. Best of all, most SOHO devices can be bought for less than $100. Better yet, users can build their own router-firewall using an old computer, two Ethernet cards, and some software. There are a number of commercial solutions available for Windows users. Linux users, however, have a wealth of free options available to them. Check out the Linux Router Project, a version of Linux designed to fit on a floppy and turn an old computer into a fast, efficient router-firewall.
The wonderful new world of wireless is taking the networking world by storm. It's not surprising - the combination of a popular standard (802.11x), affordable prices, and the undeniable convenience of wireless networking has come together to produce phenomenal growth.
Unfortunately, there's a downside as well. The built-in security standard for 802.11x - WEP (Wired Equivalent Privacy) - has been criticized for poor effectiveness. Worse, 802.11x networks are being put into place that lack even basic security. There's even a popular and easy-to-use software tool for Windows called NetStumbler that searches for open wireless networks. In fact, the latest rage for crackers is war driving: cruising around in a car armed with a laptop, NetStumbler, and an antenna in order to look for unsecured wireless networks.
Should you be concerned? Well, if you live in the woods and no one comes near your house, you're probably safe. But the rest of us should be careful. Fortunately, there are several things you can do to batten down the hatches.
Wireless Security Solutions
Enable 128-bit WEP. It's not that effective, but it is something. Change the default password that comes with wireless router-firewalls (the "Access Point" in wireless-speak). Install software firewalls on all machines to help detect possible intrusions (more about this in the next article in this series). Audit your Access Point logs frequently to see who's using the network. Finally, and safest of all, consider requiring authentication to access and use the wireless network. (For a more in-depth discussion on securing wireless LANs, see Paul Sholtz's article in New Architect magazine.)
Wireless may have security problems now, but it's definitely the future, and wireless vendors now have an even more urgent economic interest in securing their products.
So far we've looked at hardware that protects users’ security and privacy. But what about hardware that is deliberately designed to violate their privacy?
The next article in this series will look at software-based spyware, software that watches what users do and reports their actions back to its creators. However, hardware can act as spyware too. In fact, hardware-based spyware is even worse than the typical downloadable spyware. If a user finds out that a favorite file-sharing program has spyware built into it, he or she can just remove the software, remove the spyware (often after a protracted struggle with the Windows registry), and switch to another program that is spyware-free.
But what about spyware that's built into the computer’s processor? The network peripherals? Or the hard drive? "That's easy!" readers might think, "I just won't buy it! I'll use something else!" Unfortunately, things aren't that simple. If powerful interests have their way, privacy-violating hardware will be unavoidable. Worse yet, owning or using hardware that does not violate your privacy will be illegal.
The Pentium III
The modern era of hardware spying began with the Intel Pentium III. When Intel announced the Pentium III, it also announced a new "feature": every new CPU would include a unique ID number. Although Intel justified the number as a great new advance for e-commerce, privacy advocates pointed out the obvious: a unique ID number would make it easy for users to be tracked as they traveled the Internet. After widespread protests from consumers, and even members of Congress, Intel relented. The Pentium III shipped with a unique ID number, but it was turned off by default. Better still, by the time the Pentium IV was released in February 2000, the ID number was completely removed.
One type of spying device getting a lot of attention is the keylogger. These gizmos plug surreptitiously into a computer and track everything the user types. One type of keylogger is a small beige cylinder, just a few inches long, that looks like an extension to the PS/2 keyboard's cable. The person spying on the user unplugs the keyboard from the back of the PC, plugs the keylogger into the PS/2 port, and then plugs the keyboard into the keylogger. No software installation is required. At that point, the device begins logging everything the user types (since the PS/2 port is used, any operating system using PS/2 is vulnerable; USB keyboards, however, are still safe).
To view what you've been typing, the spy sits down at the computer, opens WordPad, and types a password, or he moves the keylogger from the victim's machine to his. It's that easy. These keylogging devices are definitely in use, and right now, the only cure is vigilance: if you suspect that you're a victim, check the back of your PC periodically, and make sure you trust your keyboard.
It should be stated that, in some cases, keystroke loggers have legitimate, legally accepted purposes, such as workplace monitoring (although the ethics and good business sense of this practice are very much open to debate).
Devices like keyloggers can be seen and easily removed. But what if your hard drive is the spy tool? This is the most dangerous scenario of all - your hard drive is absolutely fundamental to your computer, and it's also the main storage center for all of your files. If your hard drive is compromised, you have no recourse.
Unfortunately, this is precisely the scenario we're seeing come to life. In late 2000, the "4C Entity" – a consortium consisting of Intel, IBM, Matsushita and Toshiba - proposed the "CPRM" extension to the ATA (Advanced Technology Attachment) standard that governs how hard drives work. CPRM (Content Protection for Recordable Media) would control how digital files are copied, moved, and deleted. The user’s hard drive would be digitally signed with a set of encrypted keys, and any attempts to manipulate files on the hard drive would require approval by a central server. If the user loses or damages the encrypted keys, he's out of luck. If he wants to view or copy a file that is controlled via CPRM, and his operating system doesn't support CPRM (think Linux), he's out of luck. If the user want to back up their data, but some third party doesn't want them to, he's out of luck.
After a firestorm of protest, the CPRM proposal for hard drives was withdrawn in February 2001. Unfortunately, while CPRM has been temporarily beaten back from hard drives, it continues its relentless march onto DVD media, smartphones, and SD cards. All DVD recordable discs now support CPRM for copy protection. Cell phones based around the Symbian OS are going to rely on CPRM to govern the behavior of removable SD cards. Microsoft has announced support for CPRM on SD cards through what it calls the "Windows Media Device Manager", which transfers Windows Media-encoded music files from your hard drive to your portable device. CPRM has not gone away - it has just moved to portable devices. We must keep an eye on CPRM to make sure that it is not re-introduced for hard drives.
Something even worse than CPRM is waiting in the wings. Senator Ernest Hollings (D-SC) has introduced the Consumer Broadband and Digital Television Promotion Act (CBDTPA) into the Senate (note that prior to its introduction into the Senate, Hollings' bill was known as the Security Systems Standards and Certification Act, or SSSCA, so if have trouble finding information about the CBDTPA, try searching for the SSSCA instead).The CBDTPA would mandate that a copy-protection standard be part of "any interactive digital device". VCRs, TVs, DVD players, stereo equipment, and especially computers - all would fall under the CBDTPA's reach. Users who disable the built-in copy-protections, or buy or sell a non-CBDTPA-covered device, will have broken the law and could face up to five years in jail and a $500,000 fine for a first offense.
With the CBDTPA in place, the big media companies will control how users use their personal computers. Under the rubric of "preventing piracy", the government will make it impossible for users to exercise their fair use rights to copy software they own for backup, tape an episode of "Friends" on their VCR to watch a week from now, or convert their music CDs into MP3's. Open source software will either be compromised by the forced inclusion of proprietary, source-secret copy protection schemes designed to work with CBDTPA-protected hardware, or it will be illegal. For all of this to work, the computers of private citizens will have to constantly monitor what the individual does and compare their actions against "rules" set up by someone else. The privacy implications of the CBDTPA are grave. (For more information on the CBDTPA and the efforts to fight it, please visit The Electronic Frontier Foundation (EFF) or The Electronic Privacy Information Center.)
As computer users, we're in for a long, constant fight to safeguard our privacy. On our networks, we need to guard our perimeters with a router-firewall, especially if we network wirelessly. On our computers, we need to carefully look for any hardware that may be spying on us. And in the political arena, we have to work to protect our rights as consumers - even if the CBDTA goes down in defeat, it's obvious now that the large media companies and their lobbying organizations are determined to control us as stringently as possible. No one said that protecting your privacy was going to be easy ... but it can be done. Don't give up the fight!
Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.