Mitigating attacks against FDE (BitLocker, TrueCrypt, etc) via Firewire, Thunderbolt, or DMA
Last Modified: Mon, 26 Jan 2015 17:28:52 +0000 ; Created: Wed, 16 Jan 2013 19:18:35 +0000
|Good Microsoft KB on how to prevent Firewire/Thunderbolt/DMA attacks against a live running system with software FDE.
Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker
Good for versions of Windows including and after Vista and Server 2008.
Windows 8.1 (not 8.0) actually mitigates the attack out of the box now! See Choose the Right BitLocker Countermeasure on technet.microsoft.com (March 26, 2014).
Microsoft's site isn't the most clear since it tries to apply to many versions of Windows. The instructions actually have text that doesn't 100% match what your version of Windows may have.
Windows 7 Quick Start:
- Run the program gpedit.msc
- Local Computer Policy
- Computer Configuration
- Administrative Templates
- Device Installation
- Device Installation Restrictions
- Prevent installation of devices using drivers that match these device setup classes
- Comment: https://support.microsoft.com/kb/2516445/
- Show... (button inside Options: text box)
- Close the Show Contents window with OK
- Scroll the Options: text area down until you see the checkbox option
- Also apply to matching devices that are already installed.