November 15, 2024

Skylight Webzine

Online since 2000

NSA and potential client security


The scope of this article is to create a strategy about a security mechanism for the staff of NSA that will use several features of Windows Embedded 8.1 and Bitlocker. The detailed analysis of these features will provide us a framework for a recommended strategy.

Main discussion

The security plan that we have to implement regarding the security of the staff’s notebooks requires a study of the available solutions.  The first measure is related to the prevention of any USB device. The USB filter in the Windows Embedded 8.1 is a feature that  will help NSA to protect the USB input of their machines. This feature enables the connection of only trusted USBs to the system, so it can prevent from the use of any other USB devices.  The characteristics of USB include class, vendor, product IDs and these IDs could define if the USB is going to be allowed to use or not.

 

The second security measure that we have to take, considers the remote management which is very important for the NSA staff. The remote management is implemented with the use of the Embedded Lockdown Manager which enables to manage your device remotely.  If any problem occurs with the ELM then several  Group policy settings have to take place; such as working as an administrator and setting a registry key to configure the remote management.

Another security measure that we have to take, is the remote management. Windows Embedded 8.1 includes the feature of the keyboard filter element which blocks the keyboard stroke combinations such as « Ctrl+Alt+Delete». This security element can block physical hardware keys and prevent unauthorized activity on a device.

At last but not least, Bitlocker is going to be used for some additional encryption. If the notebooks are equipped with a Trusted Platform Module (TPM), then Bitlocker will use the TPM to lock the encryption keys which protect the data. In this case, Bitlocker will prevent the access to the keyboard unless TPM verifies the state of the computer.

Conclusions

In general the protection of the NSA machines through the use of  Bitlocker and Windows Embedded 8.1, seem to be a wise solution because they offer a variety of security mechanisms for the NSA staff. Of course, since always the human factor is a critical one for security, what remains to be taken into account is how the NSA staff will be trained to be  aware for new security risks and of course to maintain the security of the system with possible patches and updates for  these two key elements.

 

Bibliography
Description of the BitLocker Drive Preparation Tool”. Microsoft. September 7, 2007. Archived from the original on 2008-02-19. Retrieved 2014-10-24.
Kanthak, Stefan (21 August 2013). “Windows Embedded POSReady 2009: cruft, not craft”. Full disclosure (mailing list). Retrieved 2014-10-24.

 

Author: Vasileios Yfantis