Device Integrity Protection - Protecting unattended devices against attack
While SecureDoc performs an invaluable service ensuring that data is protected by encryption, and that user access to SecureDoc-protected devices is locked down and governed by permitting only specific users to authenticate at Pre-Boot, there are other risks that any security-conscious organization should be aware of and include in its overall security design.
Risks of Attack against unattended devices while powered on
There exist methods that can permit attacks against devices while the Operating System is in an active state, typically using a device bus. To guard against such threats, WinMagic recommends:
a) Shut down or place in hibernation state any devices that will be left unattended while powered up, in preference over leaving the device in "sleep" mode, since the encryption key remains in active memory while the machine is active or in "sleep" mode. When powered down or in hibernation state, the encryption key is not retained in machine memory after the approximately 30 seconds it takes for RAM memory to lose its contents.
b) For additional security, when shutting down or placing a machine in hibernation state, ensure the device is not left unattended during the above 30 seconds, if possible, to guard against the possibility of "chilled RAM attack" where the decay of memory contents can be postponed by super-cooling the memory chips, after which the memory could be attacked directly.
Note: If using Self-Encrypting Drives (SEDs), such as TCG Opal drives, the consideration in point b) above does not apply since the PIN that unlocks a Self-Encrypting Drive during user authentication is not retained in memory once it has been applied to unlock the SED, and the SED will re-lock as soon as power to the drive is lost.
For SEDs, WinMagic recommends the use of Hibernation or full power down. Ideally, users should be encouraged to not leave the device unattended until power to the drive has been lost (e.g. when the computer shuts down completely). After powering down, one can normally hear the drive park its heads with a faint click, and its drive motor will produce a tone that descends in pitch, indicating it is "spinning down" to zero RPM.
c) Using options within the BIOS (or EFI or UEFI as appropriate), disable any ports that are not regularly and consistently used by the device user(s) (e.g. SD card reader, FireWire, Serial/Parallel ports,etc.) and then lock down access to the BIOS/EFI/UEFI to prevent unauthorized re-enabling of said ports.