Protecting sensitive data when giving the laptop to a technician [duplicate]
Clash Royale CLAN TAG#URR8PPP
up vote
4
down vote
favorite
This question already has an answer here:
Encrypt home drive after installation
2 answers
Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.
I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
boot security encryption
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |Â
up vote
4
down vote
favorite
This question already has an answer here:
Encrypt home drive after installation
2 answers
Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.
I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
boot security encryption
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
2
Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58
1
get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
This question already has an answer here:
Encrypt home drive after installation
2 answers
Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.
I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
boot security encryption
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
This question already has an answer here:
Encrypt home drive after installation
2 answers
Suppose that my laptop does not boot and I have to give it to a technician for repair. This gives the technician access to my hard-drive and all the material in it.
I can take out or encrypt the hard-drive, but then the technician will not be able to boot in order to validate the problem or verify that the problem was solved.
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
This question already has an answer here:
Encrypt home drive after installation
2 answers
boot security encryption
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
asked Aug 16 at 5:42
Erel Segal-Halevi
84931732
84931732
marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by David Foerster, karel, user68186, Fabby, Thomas Aug 17 at 10:33
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
2
Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58
1
get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06
add a comment |Â
2
Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58
1
get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06
2
2
Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58
Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58
1
1
get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06
get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
4
down vote
Important to note:
- If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.
Short answer to:
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
- Encrypt your HOME directory (Can't protect you against all possibilities)
What you have to do?
- Don't give it to anyone you don't trust
- If you have to:
- Remove the important parts (like hard disk).
- Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )
If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.
- As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.
- Change the programs on your root to find the passphrase of encrypted home directory.
- Or real attacks like investigating your memory, cloning your hard disk.
In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.
After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.
And remember as my explanations suggests, the device could be physically compromised too.
- So... Don't give it to a bad guy.
answered Aug 16 at 5:58
Ravexina
25.8k136288
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
1
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
1
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
Important to note:
- If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.
Short answer to:
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
- Encrypt your HOME directory (Can't protect you against all possibilities)
What you have to do?
- Don't give it to anyone you don't trust
- If you have to:
- Remove the important parts (like hard disk).
- Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )
If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.
- As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.
- Change the programs on your root to find the passphrase of encrypted home directory.
- Or real attacks like investigating your memory, cloning your hard disk.
In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.
After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.
And remember as my explanations suggests, the device could be physically compromised too.
- So... Don't give it to a bad guy.
answered Aug 16 at 5:58
Ravexina
25.8k136288
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
1
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
1
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
add a comment |Â
up vote
4
down vote
Important to note:
- If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.
Short answer to:
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
- Encrypt your HOME directory (Can't protect you against all possibilities)
What you have to do?
- Don't give it to anyone you don't trust
- If you have to:
- Remove the important parts (like hard disk).
- Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )
If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.
- As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.
- Change the programs on your root to find the passphrase of encrypted home directory.
- Or real attacks like investigating your memory, cloning your hard disk.
In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.
After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.
And remember as my explanations suggests, the device could be physically compromised too.
- So... Don't give it to a bad guy.
answered Aug 16 at 5:58
Ravexina
25.8k136288
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
1
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
1
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
add a comment |Â
up vote
4
down vote
up vote
4
down vote
Important to note:
- If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.
Short answer to:
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
- Encrypt your HOME directory (Can't protect you against all possibilities)
What you have to do?
- Don't give it to anyone you don't trust
- If you have to:
- Remove the important parts (like hard disk).
- Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )
If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.
- As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.
- Change the programs on your root to find the passphrase of encrypted home directory.
- Or real attacks like investigating your memory, cloning your hard disk.
In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.
After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.
And remember as my explanations suggests, the device could be physically compromised too.
- So... Don't give it to a bad guy.
answered Aug 16 at 5:58
Ravexina
25.8k136288
Important to note:
- If you give your system to a bad guy you should consider it as compromised and it could not be trusted any more.
Short answer to:
Is there a way to let the technician freely boot into my machine (using a guest account), and at the same time, prevent the technician from viewing personal data on my computer?
- Encrypt your HOME directory (Can't protect you against all possibilities)
What you have to do?
- Don't give it to anyone you don't trust
- If you have to:
- Remove the important parts (like hard disk).
- Keep track of device's frameware information if it's possible (ex: BIOS details [which can be faked anyway] )
If you can't remove the hard disk, then encryption is the best you have. However remember that even encryption can be attacked using different methods.
- As a simple example they can compromise the boot partition on your full encrypted hard disk to find your passphrase.
- Change the programs on your root to find the passphrase of encrypted home directory.
- Or real attacks like investigating your memory, cloning your hard disk.
In your situation the best way that I can consider is encrypting your HOME directory. So they can boot into your system and fix the issue but can't access your data.
After you get your laptop back consider re-installing your operating system, and checking what you keep track of to make sure nothing has been changed.
And remember as my explanations suggests, the device could be physically compromised too.
- So... Don't give it to a bad guy.
answered Aug 16 at 5:58
Ravexina
25.8k136288
edited Aug 16 at 14:00
answered Aug 16 at 5:58
Ravexina
25.8k136288
answered Aug 16 at 5:58
Ravexina
25.8k136288
answered Aug 16 at 5:58
Ravexina
25.8k136288
25.8k136288
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
1
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
1
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
add a comment |Â
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
1
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
1
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
how can a device be physically compromised???
– BÈþòøћ
Aug 16 at 8:33
1
1
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ One could install a hardware keylogger into the device to log any decryption passhprase or other credentials that are being entered. The hard drive could even be cloned to attempt a offline bruteforcing the passphrase
– GroundZero
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
@BÈþòøћ stick in a keylogger inside the laptop
– muru
Aug 16 at 8:52
1
1
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
they could have installed a BIOS Rootkit too, so reinstall the BIOS. Then take it all apart to make sure there is no hardware keylogger... maybe don't give it to the bad guy.
– Matt
Aug 16 at 10:40
add a comment |Â
2
Encrypting just your home folder is a common solution.
– muru
Aug 16 at 5:58
1
get a cheap hard drive, install Ubuntu on it, swap with existing hard drive.
– Sergiy Kolodyazhnyy
Aug 16 at 14:06