Recovery Media in a CyberSecurity Emergency

Disclaimer: This content is the result of my having survived several emergencies of varying effect sizes. Most of these ideas are rules of thumb, and not canned answers. As in any emergency your best outcome will be if you keep calm, consider many options, and flow from plan to backup plan as required.



CD-ROM or DVD-ROM is the cleanest source of install media. This is because there are read-only and can be certified free of infection. Every effort should be made to prefer read-only memory media for installation.

Many modern IT departments use remote installers via network install. If you have an IT department, please consider a secure install server. Make sure that your secure install server is not subject to DNS spoofing.

Creating a clean USB thumb-drive installer is difficult. This can be done as follows:

  1. Download the installer binary image from the web.
  2. Verify the md5sum for the installer image.
  3. Insert a USB drive, and do not mount it.
  4. Format the USB drive.
  5. Use dd to write the installer image to the USB device.
Variants on these steps will be necessary for various operating systems. Obtaining the image of Mac OS installer is a bit harder than obtaining the image of a Linux installer.

Once you succeed in creating clean USB install media, isolate and secure this USB device for the future. The simplest method is to grab an envelope, put the drive in the envelop, seal it, and sign your initials across the line of the seal.

Install the OS

  1. Make sure that the computer is not connected to the internet, unless you are using a network installer.
  2. Boot the install media.
  3. Step through the install procedure, formatting the hard disk, choosing encryption options, etc.
  4. Immediately proceed to configure the machine without connecting it to the internet.


Homework

  1. Practice downloading and creating install media.
  2. Practice creating USB install media with some other tool besides dd and see how many trojans you can collect on your install media.
  3. If you are considering becoming a black-hat hacker, make sure you know how to recover your operating system without IT support.
  4. If you are considering being the manager of a cyber-warfare division for any government organization, you should know how to recover your operating system without IT support, as this is what you will be doing to your targets.
  5. If you are considering running penetration testing without the permission of the local network administrator, then make sure that you know how to recover your operating system without IT support, as this is what you will be doing to your targets.
  6. If you are a minority academic computer scientist, then make sure that you know how to recover your operating system as you will likely be denied necessary IT and security support.


© 2015-2021 Intrepid Net Computing. All rights reserved.