Isolation & Compartmentalisation

Question 1

How can hardware be linked to the owner

Answer 1

Hardware has unique serial numbers that can lead back to the buyer if not purchased anonymously

Question 2

Where can MAC address be found Hardware wise

Answer 2

In your Network Card
Can be used to De-anonymise

Question 3

What do the first 3 bytes refer to in 08:00:27:5b:2e:59

Answer 3

Unique to the manufacturer

Question 4

What do the last 3 bytes refer to in 08:00:27:5b:2e:59

Answer 4

Specific to network card, Wi-Fi card, Ethernet Crad etc.
Unique to your device

Question 5

What are two sites/apps that can be used on windows and Linux to change MAC addr

Answer 5

Technitium.com/tmac
MACchanger

Question 6

True or False:
Anonymous Hardware & MAC addr changes are a good combination for anonymity

Answer 6

True

Question 7

Are CPUs Identifiable

Answer 7

No modern CPU should have software readable serial numbers

Question 8

Are Motherboards Identifiable

Answer 8

• Often carry unique serials in the SMBIOS memory which OEMs will have stored
• Even when using Tails on a paid OS, the hardware ID will be shared so anonymity wont be achieved

Question 9

Name some ways to mitigate Hardware IDs

Answer 9

1) Buy anonymously, no trail
2) Change them
3) Use VMs, have their own physical ID

Question 10

Name some ways to enforce virtual isolation

Answer 10

1) Separating your assets into different encrypted folders or volumes (NAS)
2) Hidden encrypted volumes
3) Use of separate session keys when transporting data
4) Using portable apps (over encrypted USBs)

Question 11

Why is using a portable version of Firefox on an encrypted USB with cloud file sharing services a good combination for isolation

Answer 11

• Portable apps don’t leave install traces
• All recorded data stored locally in the one file (easy to move or delete)
• Encrypted USB with separate keys ensures more security of data
• Cloud services allow files to not even be stored locally to allow remote access and avoid physical interception

Question 12

How does using portable apps facilitate plausible deniability

Answer 12

• Use a regular version of Firefox for regular browsing
• Portable version for private browsing
• Can give up ‘normal’ Firefox data if forced

Question 13

Why is a dual boot good for use on one machine

Answer 13

Allows for multiple security domains
MacOS for everyday and Linux for Security and Privacy

Question 14

What is the downfall of a dual boot

Answer 14

• Can’t access multiple OS simultaneously like with VMs
• Due to being virtual, file systems between OSs aren’t physically separated so one OS could be used to exploit the other

Question 15

What is a sandbox

Answer 15

A virtual container or isolated environment used to keep contents confined within it

Question 16

What are sandboxes used for

Answer 16

Running high-risk applications or for running code and tests

Question 17

True or False:
Sandboxes are full proof

Answer 17

False:
everything has exploits so it’s imperative to optimise your sandbox

Question 18

What are some available sandboxes

Answer 18

VMs
BufferZone
Shadow Defender
Deep Freeze
Returnil
BitDefender

Question 19

What are some optimisations that can be done for VM security

Answer 19

1) Remove all comms between host and guest
2) Dedicated seccure device for VM use incase of leak
3) Use separate USB network dongle and place VM on separate network
- or use VLAN (physical)

Question 20

What can be done to protect leaks from VMs

Answer 20

1) Use full disk encryption as its hard to know what files are left by VM
2) Create hidden or encrypted OS where hypervisor is installed
- only provides security when physical machine is off
3) Use live OS
4) Use VM snapshots