I recommend using full disk encryption and fully powering down at minimum. You should set a BIOS password, disable booting from network or removable media, and enable IOMMU.
I would also use a verifiable boot sequence, but that's not easy to generalize. Keep in mind there are still many attack vectors if someone gets physical access to your machine. Someone can always force you to log in as well. It is safer to have nothing incriminating in your possession at all. If connectivity allowed, I'd run a remote VM and use the laptop as a dumb, stateless terminal. (Disclaimer: I'm working on a commercial solution to the physical attack problem.) On Dec 27, 2012 1:59 PM, "Jerzy Łogiewa" <[email protected]> wrote: > I am just reading this, > http://www.schneier.com/blog/archives/2012/12/breaking_hard-d.html > > Can we start some discussion about good notebook travel habit? I have read > Jacob Appelbaum say he does not travel with _ANY_ drive in notebook, and > this seem to be extreme. > > Without removing drive, what is the best habit for FDE for prevent attacks > as Schneier describe? Full power-down? No hibernate file? Any other things? > > -- > Jerzy Łogiewa -- [email protected] > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
