No Security Without Physical Security

Once an attacker has physical access to the computer, he almost certainly has access to the data on it, writes Security Supersite Editor Larry Seltzer. If so, the OS doesn't really matter.

Very often well hear reports about a serious security vulnerability. We look into it, and theres a catch: In order to execute the attack, physical access to the computer is necessary.

You can safely ignore these alleged vulnerabilities: Without physical security, no system is secure.

If I can open the computer, I can remove the hard disk, put it in as the second drive in another computer and read the contents of the disk. Bye-bye, security. But its not usually necessary to open the box. I can boot the system off a floppy disk or CD-ROM and read the hard disk that way. Given such access, there are commercial and free tools available that can reset the Administrator password on the installation of Windows NT, Windows 2000 or Windows XP - gaining access to a Win9x system is even easier. (The existence of these tools is a good thing; administrators need to be able to access systems where the passwords are forgotten or changed for malicious purposes.)

But even thats not necessary; if you can boot off the floppy or CD, you can install a second copy of Windows on the hard disk and run that to analyze data on it.

This point is very important when considering whether attacks represent vulnerabilities in the computers operating system: If I boot the system off the floppy or CD-ROM, the operating system on the hard disk is not running. Its just a bunch of files.

Your only potential protection when physical security is breached is to use an encrypted file system, such as Windows 2000 Pro and Windows XP Pros EFS. (See this article on the SecurityFocus Web site for a good explanation of encrypting file systems.) No operating system (to my knowledge) employs such a file system by default.

The most recent such case of significance was an allegation by a famous writer that one could break into a Windows XP system by booting off a Windows 2000 CD and running the Recovery Console. The Recovery Console is a special console mode OS used to repair Windows 2000 and Windows XP. You run it by installing it to the hard disk and booting into it, or booting it directly off the Windows installation CD. See this Microsoft Knowledge Base article for a description of the Recovery Console, and this one for a description of the Windows XP Recovery Console.