› Forums › Operating Systems › Windows Server 2008 R2 › Miscellaneous › Using Two-Factor Authentication To Further Harden Your PC
- This topic has 3 replies, 2 voices, and was last updated 13 years, 7 months ago by halladayrules.
- AuthorPosts
-
- 5th April 2011 at 09:23 #44246
Hey guys,
I stumbled upon this great 3rd party tool called Rohos Logon Key which implements a two-factor authentication method that is used to further enhance the security on your computer. It works by requiring you to use two different verifiable forms of identification such as Windows password and a USB key for example.
A few things I love about this software is not only is this NIST-approved by encrypting your logon credential with a 256-bit length AES key, but it also available in safe mode which is great because anybody who has physical access to your machine would not be able to “backdoor” their way into your machine and remove the software.
Of course, this software also has the ability to protect the most important aspect involved… the USB itself! You can further protect the USB drive by requiring that a PIN be used to unlock the computer, despite the USB key being inserted. This will protect your machine if you accidently left your USB key on top of the computer (like an idiot haha) and still don’t want anybody to access your computer. It also protects you if your USB device was lost or stolen.
Another great feature that is implemented in this software is a disaster recovery feature called “Emergency Logon” which allows you to access your system via a “question-based password recovery tool (sort of like recovering your yahoo email password)” just in case the vacuum sweeper accidently ate your USB stick! (or if it was stolen/lost).
Finally, for the USB key option you have the ability to enforce a particular action that happens as a result of removal of the USB device. For example when you remove the device you can set the computer to log off, lock the computer, shutdown, or hibernate. You can also specify it to do nothing if you only intend to you the system for logon credentials only.
Most importantly I have tested this piece of software on the Windows Server 2008 R2 platform and it works like a charm. It is absolutely worth the $32.00 asking price on the site. I personally recommend at a bare minimum you try out the 15-day trial and see what this wonderful piece of software is all about. Oh yeah and for some strange reason when I use this software my boot time has decreased by 5 seconds, despite logging in automatically into Windows beforehand!
- 7th April 2011 at 18:35 #51740
Interesting! 🙂 However, with only logon protection it is still possible to boot from a CD/DVD and access the data on the harddrive. If you really want to be secure, you should use BitLocker/TrueCrypt or an other disk encryption tool besides Rohos Logon Key. You could also buy the Bundle edition of Rohos Logon Key which also includes disk encryption (see comparison matrix).
Also, at the moment I saw your topic I remembered seeing a similar (free) tool come by in my RSS feeds some time ago. After some searching I found it again: Predator. Didn’t test it on Windows Server 2008 [R2] but looking at the requirements page I’m almost sure it will work fine. Could be an interesting free alternative.
@halladayrules wrote:
Oh yeah and for some strange reason when I use this software my boot time has decreased by 5 seconds, despite logging in automatically into Windows beforehand!
Haha, for that reason alone you ‘d start using it! 😆
- 8th April 2011 at 09:16 #51741
@Arris wrote:
Interesting! 🙂 However, with only logon protection it is still possible to boot from a CD/DVD and access the data on the harddrive. If you really want to be secure, you should use BitLocker/TrueCrypt or an other disk encryption tool besides Rohos Logon Key. You could also buy the Bundle edition of Rohos Logon Key which also includes disk encryption (see comparison matrix).
For the most part, BitLocker is a secure method at protecting data on your hard disk, however it has been exploited in the past. There is a vulnerability in the hibernation feature of Windows, which creates a snapshot of all the contents of your memory… unfortunately this snapshot also contains your vital BitLocker key as well. You can simply use a Linux Live CD to examine the contents of the hiberfil.sys file or use the digital forensics tool called “Passware Kit Forensic” to examine the contents of this image file. Provided the user did not restart their computer (which would wipe the existing hiberfil.sys image containing the key), it would be possible to retrieve the key. It is possible to mitigate this vulnerability by disabling hiberation by typing powercfg -h off in command prompt. By default, hibernation mode is disabled in Windows Server 2008 R2/7.
The TPM (Trusted Platform Module) cryptography chip which holds the encrypted data to your BitLocker data was exploited during Black Hat 2010 demonstrated by a VERY smart hacker named Christopher Tarnovsky. The hacking process involved extracting the key through means of tapping into the data bus of the TPM chip itself by stripping away the chip’s case and top layer. This is a very delicate process which requires extensive knowledge of semiconductors in general and the TPM chip itself. The reason I say this is the manufactures of the TPM chip itself has implemented safeguards that includes firmware which monitor the status of the chip itself. If in the event a pathway is tampered with the machine will power off as a result. The success rate of this method is very low due to the great amount of skill required. Not only on top of that but you need to have physical access to the machine. Doh.
Check out one off Christopher’s demonstrations here: http://bcove.me/r038zraz
Very intense and cool stuff.
- 13th April 2011 at 17:50 #51739
Thanks for your explanation; I didn’t know these attacks, however the second attack is not really feasible for most people 😉
I would expect the hiberfil.sys file is also encrypted and only accessible after you have unlocked the filesystem using the BitLocker USB key, but apparently it isn’t…
Read somewhere that while powered on, the encryption/decryption key is stored in plain text (or reversible encryption) in memory. If you turn off the PC, physically freeze the memory with some spray to slowdown the fadeout process of the contents of the memory, boot from an external medium and dump the contents of the memory, it is possible to find the key to decrypt the data on the hard drive. This is only possible if no TPM chip is used.
Besides that there is also the Evil Maid Attack developed by the hacker Joanna Rutkowska which replaces the boot loader and sniffs the password entered.
Cool stuff indeed! 😎
- AuthorPosts
- You must be logged in to reply to this topic.